openstack/deb-mistral
Code Issues Proposed changes

Insecure flag added to openstack context

Browse Source 
New Insecure flag inroduced for openstack actions. With that mistral
is able to connect to https clouds without verifying server certificate.

Change-Id: If7839ac586ff0b50f3f323a6bd42349eb0c25ca8
This commit is contained in:
Istvan Imre 2016-10-07 13:54:01 +02:00 committed by Dougal Matthews
parent 2852d113b1
commit 600dd47654
3 changed files with 48 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
mistral/actions/openstack/actions.py
View File

@ -79,7 +79,8 @@ class NovaAction(base.OpenStackAction):
auth_token=ctx.auth_token,
tenant_id=ctx.project_id,
region_name=keystone_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
client.client.management_url = keystone_utils.format_url(
@ -110,7 +111,8 @@ class GlanceAction(base.OpenStackAction):
return self._get_client_class()(
glance_endpoint.url,
region_name=glance_endpoint.region,
token=ctx.auth_token
token=ctx.auth_token,
insecure=ctx.insecure
)
@classmethod
@ -137,6 +139,7 @@ class KeystoneAction(base.OpenStackAction):
'auth_url': ctx.auth_uri,
'project_id': ctx.project_id,
'cacert': ctx.auth_cacert,
'insecure': ctx.insecure
}
# In case of trust-scoped token explicitly pass endpoint parameter.
@ -188,7 +191,8 @@ class CeilometerAction(base.OpenStackAction):
endpoint_url,
region_name=ceilometer_endpoint.region,
token=ctx.auth_token,
username=ctx.user_name
username=ctx.user_name,
insecure=ctx.insecure
)
@classmethod
@ -221,7 +225,8 @@ class HeatAction(base.OpenStackAction):
endpoint_url,
region_name=heat_endpoint.region,
token=ctx.auth_token,
username=ctx.user_name
username=ctx.user_name,
insecure=ctx.insecure
)
@classmethod
@ -246,7 +251,8 @@ class NeutronAction(base.OpenStackAction):
endpoint_url=neutron_endpoint.url,
region_name=neutron_endpoint.region,
token=ctx.auth_token,
auth_url=ctx.auth_uri
auth_url=ctx.auth_uri,
insecure=ctx.insecure
)
@ -278,7 +284,8 @@ class CinderAction(base.OpenStackAction):
ctx.auth_token,
project_id=ctx.project_id,
auth_url=cinder_url,
region_name=cinder_endpoint.region
region_name=cinder_endpoint.region,
insecure=ctx.insecure
)
client.client.auth_token = ctx.auth_token
@ -320,7 +327,8 @@ class MistralAction(base.OpenStackAction):
auth_token=ctx.auth_token,
project_id=ctx.project_id,
user_id=ctx.user_id,
auth_url=auth_url
auth_url=auth_url,
insecure=ctx.insecure
)
@classmethod
@ -353,7 +361,8 @@ class TroveAction(base.OpenStackAction):
ctx.auth_token,
project_id=ctx.project_id,
auth_url=trove_url,
region_name=trove_endpoint.region
region_name=trove_endpoint.region,
insecure=ctx.insecure
)
client.client.auth_token = ctx.auth_token
@ -383,7 +392,8 @@ class IronicAction(base.OpenStackAction):
ironic_endpoint.url,
token=ctx.auth_token,
region_name=ironic_endpoint.region,
os_ironic_api_version=IRONIC_API_VERSION
os_ironic_api_version=IRONIC_API_VERSION,
insecure=ctx.insecure
)
@classmethod
@ -432,6 +442,7 @@ class BaremetalIntrospectionAction(base.OpenStackAction):
api_version=1,
inspector_url=inspector_endpoint.url,
auth_token=ctx.auth_token,
insecure=ctx.insecure
)
@ -450,7 +461,8 @@ class SwiftAction(base.OpenStackAction):
kwargs = {
'preauthurl': swift_endpoint.url % {'tenant_id': ctx.project_id},
'preauthtoken': ctx.auth_token
'preauthtoken': ctx.auth_token,
'insecure': ctx.insecure
}
return self._get_client_class()(**kwargs)
@ -475,6 +487,7 @@ class ZaqarAction(base.OpenStackAction):
'os_auth_token': ctx.auth_token,
'os_auth_url': keystone_endpoint.url,
'os_project_id': ctx.project_id,
'insecure': ctx.insecure,
}
auth_opts = {'backend': 'keystone', 'options': opts}
conf = {'auth_opts': auth_opts}
@ -576,7 +589,8 @@ class BarbicanAction(base.OpenStackAction):
return self._get_client_class()(
project_id=ctx.project_id,
endpoint=barbican_endpoint.url,
auth=auth
auth=auth,
insecure=ctx.insecure
)
@classmethod
@ -679,7 +693,8 @@ class DesignateAction(base.OpenStackAction):
tenant_id=ctx.project_id,
auth_url=ctx.auth_uri,
region_name=designate_endpoint.region,
service_type='dns'
service_type='dns',
insecure=ctx.insecure
)
client.client.auth_token = ctx.auth_token
@ -712,7 +727,8 @@ class MagnumAction(base.OpenStackAction):
auth_token=ctx.auth_token,
project_id=ctx.project_id,
user_id=ctx.user_id,
auth_url=auth_url
auth_url=auth_url,
insecure=ctx.insecure
)
@classmethod
@ -739,7 +755,8 @@ class MuranoAction(base.OpenStackAction):
token=ctx.auth_token,
tenant=ctx.project_id,
region_name=murano_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
@classmethod
@ -766,7 +783,8 @@ class TackerAction(base.OpenStackAction):
token=ctx.auth_token,
tenant_id=ctx.project_id,
region_name=tacker_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
@classmethod
@ -793,7 +811,8 @@ class SenlinAction(base.OpenStackAction):
token=ctx.auth_token,
tenant_id=ctx.project_id,
region_name=senlin_endpoint.region,
auth_url=keystone_endpoint.url
auth_url=keystone_endpoint.url,
insecure=ctx.insecure
)
@classmethod
@ -825,7 +844,8 @@ class AodhAction(base.OpenStackAction):
endpoint_url,
region_name=aodh_endpoint.region,
token=ctx.auth_token,
username=ctx.user_name
username=ctx.user_name,
insecure=ctx.insecure
)
@classmethod

5
mistral/context.py
View File

@ -72,6 +72,7 @@ class MistralContext(BaseContext):
_elements = set([
"auth_uri",
"auth_cacert",
"insecure",
"user_id",
"project_id",
"auth_token",
@ -111,6 +112,7 @@ def context_from_headers_and_env(headers, env):
params = _extract_auth_params_from_headers(headers)
auth_cacert = params['auth_cacert']
insecure = params['insecure']
auth_token = params['auth_token']
auth_uri = params['auth_uri']
project_id = params['project_id']
@ -130,6 +132,7 @@ def context_from_headers_and_env(headers, env):
return MistralContext(
auth_uri=auth_uri,
auth_cacert=auth_cacert,
insecure=insecure,
user_id=user_id,
project_id=project_id,
auth_token=auth_token,
@ -152,6 +155,7 @@ def _extract_auth_params_from_headers(headers):
params = {
# TODO(akovi): Target cert not handled yet
'auth_cacert': None,
'insecure': headers.get('X-Target-Insecure', False),
'auth_token': headers.get('X-Target-Auth-Token'),
'auth_uri': headers.get('X-Target-Auth-Uri'),
'project_id': headers.get('X-Target-Project-Id'),
@ -174,6 +178,7 @@ def _extract_auth_params_from_headers(headers):
else:
params = {
'auth_cacert': CONF.keystone_authtoken.cafile,
'insecure': False,
'auth_token': headers.get('X-Auth-Token'),
'auth_uri': CONF.keystone_authtoken.auth_uri,
'project_id': headers.get('X-Project-Id'),

9
mistral/tests/unit/actions/openstack/test_openstack_actions.py
View File

@ -57,7 +57,8 @@ class OpenStackActionTest(base.BaseTestCase):
auth_token=None,
is_admin=False,
# set year to 3016 in order for token to always be valid
expires_at='3016-07-13T18:34:22.000000Z'
expires_at='3016-07-13T18:34:22.000000Z',
insecure=False
)
ctx.set_ctx(test_ctx)
@ -112,7 +113,8 @@ class OpenStackActionTest(base.BaseTestCase):
auth_token=test_ctx.auth_token,
tenant_id=test_ctx.project_id,
region_name=mock_ks_endpoint_v2().region,
auth_url=mock_ks_endpoint_v2().url
auth_url=mock_ks_endpoint_v2().url,
insecure=test_ctx.insecure
)
self.assertTrue(mock_novaclient.Client().servers.get.called)
@ -144,7 +146,8 @@ class OpenStackActionTest(base.BaseTestCase):
auth_token=test_ctx.auth_token,
tenant_id=test_ctx.project_id,
region_name=mock_ks_endpoint_v2().region,
auth_url=mock_ks_endpoint_v2().url
auth_url=mock_ks_endpoint_v2().url,
insecure=test_ctx.insecure
)
self.assertTrue(mock_novaclient.Client().servers.get.called)