Allow insecure authentication

Pass through the value of OPENSTACK_SSL_NO_VERIFY from settings.py to keystoneclient. This allows connecting to servers with self-signed or otherwise invalid certificates for testing purposes. It extends commit 8759ad4804
2013-04-08 11:54:00 +04:00
parent 0ad712a52c
commit 574e9d5f38
2 changed files with 11 additions and 3 deletions
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -2,6 +2,7 @@ import hashlib
 import logging

 from django.contrib.auth.models import AnonymousUser
+from django.conf import settings

 from keystoneclient.v2_0 import client as keystone_client
 from keystoneclient import exceptions as keystone_exceptions
@@ -118,13 +119,16 @@ class User(AnonymousUser):
    @property
    def authorized_tenants(self):
        """ Returns a memoized list of tenants this user may access. """
+        insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
+
        if self.is_authenticated() and self._authorized_tenants is None:
            endpoint = self.endpoint
            token = self.token
            try:
                client = keystone_client.Client(username=self.username,
                                                auth_url=endpoint,
-                                                token=token.id)
+                                                token=token.id,
+                                                insecure=insecure)
                self._authorized_tenants = client.tenants.list()
            except (keystone_exceptions.ClientException,
                    keystone_exceptions.AuthorizationFailure):
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -80,12 +80,14 @@ def logout(request):


 def delete_all_tokens(token_list):
+    insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
    for token_tuple in token_list:
        try:
            endpoint = token_tuple[0]
            token = token_tuple[1]
            client = keystone_client.Client(endpoint=endpoint,
-                                            token=token)
+                                            token=token,
+                                            insecure=insecure)
            client.tokens.delete(token=token)
        except keystone_exceptions.ClientException as e:
            LOG.info('Could not delete token')
@@ -96,8 +98,10 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
    """ Switches an authenticated user from one tenant to another. """
    LOG.debug('Switching to tenant %s for user "%s".'
              % (tenant_id, request.user.username))
+    insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
    endpoint = request.user.endpoint
-    client = keystone_client.Client(endpoint=endpoint)
+    client = keystone_client.Client(endpoint=endpoint,
+                                    insecure=insecure)
    try:
        token = client.tokens.authenticate(tenant_id=tenant_id,
                                        token=request.user.token.id)