alarm: Per user setting to disable ssl verify

This allows the user to disable ssl verification via a query string parameter in the action url. example of action: https://unstrusted-ssl-host/?ceilometer-alarm-ssl-verify=0 Change-Id: I12294aa191ff4dfa5adaf2e24419bdfca70e8726 Blueprint: alarm-notifier
2013-07-16 13:01:57 +02:00
parent e3131c73ce
commit bc495c3dc9
2 changed files with 44 additions and 1 deletions
--- a/ceilometer/alarm/notifier/rest.py
+++ b/ceilometer/alarm/notifier/rest.py
@@ -19,6 +19,7 @@

 import eventlet
 import requests
+import urlparse

 from oslo.config import cfg

@@ -58,7 +59,11 @@ class RestAlarmNotifier(notifier.AlarmNotifier):
        kwargs = {'data': jsonutils.dumps(body)}

        if action.scheme == 'https':
-            kwargs['verify'] = cfg.CONF.alarm.rest_notifier_ssl_verify
+            default_verify = int(cfg.CONF.alarm.rest_notifier_ssl_verify)
+            options = urlparse.parse_qs(action.query)
+            verify = bool(int(options.get('ceilometer-alarm-ssl-verify',
+                                          [default_verify])[-1]))
+            kwargs['verify'] = verify

            cert = cfg.CONF.alarm.rest_notifier_certificate_file
            key = cfg.CONF.alarm.rest_notifier_certificate_key
--- a/tests/alarm/test_notifier.py
+++ b/tests/alarm/test_notifier.py
@@ -157,6 +157,44 @@ class TestAlarmNotifier(base.TestCase):
                                          'state': 'ALARM',
                                      })

+    def test_notify_alarm_rest_action_with_ssl_verify_disable(self):
+        action = 'https://host/action?ceilometer-alarm-ssl-verify=0'
+        data_json = '{"state": "ALARM", "reason": "what ?"}'
+
+        self.mox.StubOutWithMock(requests, "post")
+        requests.post(action, data=data_json, verify=False)
+        self.mox.ReplayAll()
+
+        with mock.patch('eventlet.spawn_n', self._fake_spawn_n):
+            self.service.notify_alarm(context.get_admin_context(),
+                                      {
+                                          'actions': [action],
+                                          'alarm': {'name': 'foobar'},
+                                          'condition': {'threshold': 42},
+                                          'reason': 'what ?',
+                                          'state': 'ALARM',
+                                      })
+
+    def test_notify_alarm_rest_action_with_ssl_verify_enable_by_user(self):
+        action = 'https://host/action?ceilometer-alarm-ssl-verify=1'
+        data_json = '{"state": "ALARM", "reason": "what ?"}'
+
+        cfg.CONF.set_override("rest_notifier_ssl_verify", False,
+                              group='alarm')
+        self.mox.StubOutWithMock(requests, "post")
+        requests.post(action, data=data_json, verify=True)
+        self.mox.ReplayAll()
+
+        with mock.patch('eventlet.spawn_n', self._fake_spawn_n):
+            self.service.notify_alarm(context.get_admin_context(),
+                                      {
+                                          'actions': [action],
+                                          'alarm': {'name': 'foobar'},
+                                          'condition': {'threshold': 42},
+                                          'reason': 'what ?',
+                                          'state': 'ALARM',
+                                      })
+
    @staticmethod
    def _fake_urlsplit(*args, **kwargs):
        raise Exception("Evil urlsplit!")