Insecure flag added to openstack context

New Insecure flag inroduced for openstack actions. With that mistral
is able to connect to https clouds without verifying server certificate.

Change-Id: If7839ac586ff0b50f3f323a6bd42349eb0c25ca8
This commit is contained in:
Istvan Imre 2016-10-07 13:54:01 +02:00 committed by Dougal Matthews
parent 2852d113b1
commit 600dd47654
3 changed files with 48 additions and 20 deletions

View File

@ -79,7 +79,8 @@ class NovaAction(base.OpenStackAction):
auth_token=ctx.auth_token,
tenant_id=ctx.project_id,
region_name=keystone_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
client.client.management_url = keystone_utils.format_url(
@ -110,7 +111,8 @@ class GlanceAction(base.OpenStackAction):
return self._get_client_class()(
glance_endpoint.url,
region_name=glance_endpoint.region,
token=ctx.auth_token
token=ctx.auth_token,
insecure=ctx.insecure
)
@classmethod
@ -137,6 +139,7 @@ class KeystoneAction(base.OpenStackAction):
'auth_url': ctx.auth_uri,
'project_id': ctx.project_id,
'cacert': ctx.auth_cacert,
'insecure': ctx.insecure
}
# In case of trust-scoped token explicitly pass endpoint parameter.
@ -188,7 +191,8 @@ class CeilometerAction(base.OpenStackAction):
endpoint_url,
region_name=ceilometer_endpoint.region,
token=ctx.auth_token,
username=ctx.user_name
username=ctx.user_name,
insecure=ctx.insecure
)
@classmethod
@ -221,7 +225,8 @@ class HeatAction(base.OpenStackAction):
endpoint_url,
region_name=heat_endpoint.region,
token=ctx.auth_token,
username=ctx.user_name
username=ctx.user_name,
insecure=ctx.insecure
)
@classmethod
@ -246,7 +251,8 @@ class NeutronAction(base.OpenStackAction):
endpoint_url=neutron_endpoint.url,
region_name=neutron_endpoint.region,
token=ctx.auth_token,
auth_url=ctx.auth_uri
auth_url=ctx.auth_uri,
insecure=ctx.insecure
)
@ -278,7 +284,8 @@ class CinderAction(base.OpenStackAction):
ctx.auth_token,
project_id=ctx.project_id,
auth_url=cinder_url,
region_name=cinder_endpoint.region
region_name=cinder_endpoint.region,
insecure=ctx.insecure
)
client.client.auth_token = ctx.auth_token
@ -320,7 +327,8 @@ class MistralAction(base.OpenStackAction):
auth_token=ctx.auth_token,
project_id=ctx.project_id,
user_id=ctx.user_id,
auth_url=auth_url
auth_url=auth_url,
insecure=ctx.insecure
)
@classmethod
@ -353,7 +361,8 @@ class TroveAction(base.OpenStackAction):
ctx.auth_token,
project_id=ctx.project_id,
auth_url=trove_url,
region_name=trove_endpoint.region
region_name=trove_endpoint.region,
insecure=ctx.insecure
)
client.client.auth_token = ctx.auth_token
@ -383,7 +392,8 @@ class IronicAction(base.OpenStackAction):
ironic_endpoint.url,
token=ctx.auth_token,
region_name=ironic_endpoint.region,
os_ironic_api_version=IRONIC_API_VERSION
os_ironic_api_version=IRONIC_API_VERSION,
insecure=ctx.insecure
)
@classmethod
@ -432,6 +442,7 @@ class BaremetalIntrospectionAction(base.OpenStackAction):
api_version=1,
inspector_url=inspector_endpoint.url,
auth_token=ctx.auth_token,
insecure=ctx.insecure
)
@ -450,7 +461,8 @@ class SwiftAction(base.OpenStackAction):
kwargs = {
'preauthurl': swift_endpoint.url % {'tenant_id': ctx.project_id},
'preauthtoken': ctx.auth_token
'preauthtoken': ctx.auth_token,
'insecure': ctx.insecure
}
return self._get_client_class()(**kwargs)
@ -475,6 +487,7 @@ class ZaqarAction(base.OpenStackAction):
'os_auth_token': ctx.auth_token,
'os_auth_url': keystone_endpoint.url,
'os_project_id': ctx.project_id,
'insecure': ctx.insecure,
}
auth_opts = {'backend': 'keystone', 'options': opts}
conf = {'auth_opts': auth_opts}
@ -576,7 +589,8 @@ class BarbicanAction(base.OpenStackAction):
return self._get_client_class()(
project_id=ctx.project_id,
endpoint=barbican_endpoint.url,
auth=auth
auth=auth,
insecure=ctx.insecure
)
@classmethod
@ -679,7 +693,8 @@ class DesignateAction(base.OpenStackAction):
tenant_id=ctx.project_id,
auth_url=ctx.auth_uri,
region_name=designate_endpoint.region,
service_type='dns'
service_type='dns',
insecure=ctx.insecure
)
client.client.auth_token = ctx.auth_token
@ -712,7 +727,8 @@ class MagnumAction(base.OpenStackAction):
auth_token=ctx.auth_token,
project_id=ctx.project_id,
user_id=ctx.user_id,
auth_url=auth_url
auth_url=auth_url,
insecure=ctx.insecure
)
@classmethod
@ -739,7 +755,8 @@ class MuranoAction(base.OpenStackAction):
token=ctx.auth_token,
tenant=ctx.project_id,
region_name=murano_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
@classmethod
@ -766,7 +783,8 @@ class TackerAction(base.OpenStackAction):
token=ctx.auth_token,
tenant_id=ctx.project_id,
region_name=tacker_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
@classmethod
@ -793,7 +811,8 @@ class SenlinAction(base.OpenStackAction):
token=ctx.auth_token,
tenant_id=ctx.project_id,
region_name=senlin_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
@classmethod
@ -825,7 +844,8 @@ class AodhAction(base.OpenStackAction):
endpoint_url,
region_name=aodh_endpoint.region,
token=ctx.auth_token,
username=ctx.user_name
username=ctx.user_name,
insecure=ctx.insecure
)
@classmethod

View File

@ -72,6 +72,7 @@ class MistralContext(BaseContext):
_elements = set([
"auth_uri",
"auth_cacert",
"insecure",
"user_id",
"project_id",
"auth_token",
@ -111,6 +112,7 @@ def context_from_headers_and_env(headers, env):
params = _extract_auth_params_from_headers(headers)
auth_cacert = params['auth_cacert']
insecure = params['insecure']
auth_token = params['auth_token']
auth_uri = params['auth_uri']
project_id = params['project_id']
@ -130,6 +132,7 @@ def context_from_headers_and_env(headers, env):
return MistralContext(
auth_uri=auth_uri,
auth_cacert=auth_cacert,
insecure=insecure,
user_id=user_id,
project_id=project_id,
auth_token=auth_token,
@ -152,6 +155,7 @@ def _extract_auth_params_from_headers(headers):
params = {
# TODO(akovi): Target cert not handled yet
'auth_cacert': None,
'insecure': headers.get('X-Target-Insecure', False),
'auth_token': headers.get('X-Target-Auth-Token'),
'auth_uri': headers.get('X-Target-Auth-Uri'),
'project_id': headers.get('X-Target-Project-Id'),
@ -174,6 +178,7 @@ def _extract_auth_params_from_headers(headers):
else:
params = {
'auth_cacert': CONF.keystone_authtoken.cafile,
'insecure': False,
'auth_token': headers.get('X-Auth-Token'),
'auth_uri': CONF.keystone_authtoken.auth_uri,
'project_id': headers.get('X-Project-Id'),

View File

@ -57,7 +57,8 @@ class OpenStackActionTest(base.BaseTestCase):
auth_token=None,
is_admin=False,
# set year to 3016 in order for token to always be valid
expires_at='3016-07-13T18:34:22.000000Z'
expires_at='3016-07-13T18:34:22.000000Z',
insecure=False
)
ctx.set_ctx(test_ctx)
@ -112,7 +113,8 @@ class OpenStackActionTest(base.BaseTestCase):
auth_token=test_ctx.auth_token,
tenant_id=test_ctx.project_id,
region_name=mock_ks_endpoint_v2().region,
auth_url=mock_ks_endpoint_v2().url
auth_url=mock_ks_endpoint_v2().url,
insecure=test_ctx.insecure
)
self.assertTrue(mock_novaclient.Client().servers.get.called)
@ -144,7 +146,8 @@ class OpenStackActionTest(base.BaseTestCase):
auth_token=test_ctx.auth_token,
tenant_id=test_ctx.project_id,
region_name=mock_ks_endpoint_v2().region,
auth_url=mock_ks_endpoint_v2().url
auth_url=mock_ks_endpoint_v2().url,
insecure=test_ctx.insecure
)
self.assertTrue(mock_novaclient.Client().servers.get.called)