openstack/deb-python-django-openstack-auth
Code Issues Proposed changes

Pass OPENSTACK_SSL_CACERT setting to keystone

Browse Source 
Pass the value of the OPENSTACK_SSL_CACERT setting as the cacert
parameter when instantiating the keystoneclient.

Change-Id: I1efaf6a51af841233675a53e42d7b762cfbd4003
Closes-bug: 1240238
This commit is contained in:
Brian DeHamer
2013-10-25 14:30:24 -07:00
parent f511f81b4f
commit b49304d9e7
4 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
openstack_auth/backend.py
View File

@@ -74,6 +74,7 @@ class KeystoneBackend(object):
LOG.debug('Beginning user authentication for user "%s".' % username)
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
endpoint_type = getattr(
settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL')
@@ -85,6 +86,7 @@ class KeystoneBackend(object):
password=password,
auth_url=auth_url,
insecure=insecure,
cacert=ca_cert,
debug=settings.DEBUG)
unscoped_auth_ref = client.auth_ref
@@ -135,6 +137,7 @@ class KeystoneBackend(object):
token=unscoped_auth_ref.auth_token,
auth_url=auth_url,
insecure=insecure,
cacert=ca_cert,
debug=settings.DEBUG)
auth_ref = client.auth_ref
break

32
openstack_auth/tests/tests.py
View File

@@ -66,12 +66,14 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -108,6 +110,7 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
@@ -115,12 +118,14 @@ class OpenStackAuthTestsV2(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndRaise(exc)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_one.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -155,6 +160,7 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
@@ -162,12 +168,14 @@ class OpenStackAuthTestsV2(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndRaise(exc)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_one.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndRaise(exc)
@@ -203,6 +211,7 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.tenants.list().AndReturn([])
@@ -237,6 +246,7 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False).AndRaise(exc)
self.mox.ReplayAll()
@@ -268,6 +278,7 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False).AndRaise(exc)
self.mox.ReplayAll()
@@ -308,12 +319,14 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False) \
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -322,6 +335,7 @@ class OpenStackAuthTestsV2(test.TestCase):
tenant_id=tenant.id,
token=scoped.auth_token,
insecure=False,
cacert=None,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -375,12 +389,14 @@ class OpenStackAuthTestsV2(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False) \
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.tenant_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -501,6 +517,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.projects.list(user=user.id) \
@@ -508,6 +525,7 @@ class OpenStackAuthTestsV3(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -543,6 +561,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.projects.list(user=user.id) \
@@ -551,12 +570,14 @@ class OpenStackAuthTestsV3(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndRaise(exc)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_one.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -592,6 +613,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.projects.list(user=user.id) \
@@ -600,12 +622,14 @@ class OpenStackAuthTestsV3(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndRaise(exc)
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_one.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndRaise(exc)
@@ -642,6 +666,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False)\
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.projects.list(user=user.id) \
@@ -677,6 +702,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False).AndRaise(exc)
self.mox.ReplayAll()
@@ -708,6 +734,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False).AndRaise(exc)
self.mox.ReplayAll()
@@ -749,6 +776,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False) \
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.projects.list(user=user.id) \
@@ -756,6 +784,7 @@ class OpenStackAuthTestsV3(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -763,6 +792,7 @@ class OpenStackAuthTestsV3(test.TestCase):
tenant_id=project.id,
token=scoped.auth_token,
insecure=False,
cacert=None,
debug=False) \
.AndReturn(self.keystone_client_scoped)
@@ -817,6 +847,7 @@ class OpenStackAuthTestsV3(test.TestCase):
username=user.name,
user_domain_name=DEFAULT_DOMAIN,
insecure=False,
cacert=None,
debug=False) \
.AndReturn(self.keystone_client_unscoped)
self.keystone_client_unscoped.projects.list(user=user.id) \
@@ -824,6 +855,7 @@ class OpenStackAuthTestsV3(test.TestCase):
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
tenant_id=self.data.project_two.id,
insecure=False,
cacert=None,
token=unscoped.auth_token,
debug=False) \
.AndReturn(self.keystone_client_scoped)

2
openstack_auth/user.py
View File

@@ -219,6 +219,7 @@ class User(AnonymousUser):
def authorized_tenants(self):
""" Returns a memoized list of tenants this user may access. """
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
if self.is_authenticated() and self._authorized_tenants is None:
endpoint = self.endpoint
@@ -229,6 +230,7 @@ class User(AnonymousUser):
auth_url=endpoint,
token=token.id,
insecure=insecure,
cacert=ca_cert,
debug=settings.DEBUG)
except (keystone_exceptions.ClientException,
keystone_exceptions.AuthorizationFailure):

4
openstack_auth/views.py
View File

@@ -99,12 +99,14 @@ def delete_token(endpoint, token_id):
"""Delete a token."""
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
try:
if get_keystone_version() < 3:
client = keystone_client_v2.Client(
endpoint=endpoint,
token=token_id,
insecure=insecure,
cacert=ca_cert,
debug=settings.DEBUG
)
client.tokens.delete(token=token_id)
@@ -123,6 +125,7 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
LOG.debug('Switching to tenant %s for user "%s".'
% (tenant_id, request.user.username))
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
endpoint = request.user.endpoint
try:
if get_keystone_version() >= 3:
@@ -131,6 +134,7 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
token=request.user.token.id,
auth_url=endpoint,
insecure=insecure,
cacert=ca_cert,
debug=settings.DEBUG)
auth_ref = client.auth_ref
msg = 'Project switch successful for user "%(username)s".' % \