Pass OPENSTACK_SSL_CACERT setting to keystone
Pass the value of the OPENSTACK_SSL_CACERT setting as the cacert parameter when instantiating the keystoneclient. Change-Id: I1efaf6a51af841233675a53e42d7b762cfbd4003 Closes-bug: 1240238
This commit is contained in:
Brian DeHamer
@@ -74,6 +74,7 @@ class KeystoneBackend(object):
|
|||||||
LOG.debug('Beginning user authentication for user "%s".' % username)
|
LOG.debug('Beginning user authentication for user "%s".' % username)
|
||||||
|
|
||||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
|
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
|
||||||
endpoint_type = getattr(
|
endpoint_type = getattr(
|
||||||
settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL')
|
settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL')
|
||||||
|
|
||||||
@@ -85,6 +86,7 @@ class KeystoneBackend(object):
|
|||||||
password=password,
|
password=password,
|
||||||
auth_url=auth_url,
|
auth_url=auth_url,
|
||||||
insecure=insecure,
|
insecure=insecure,
|
||||||
|
cacert=ca_cert,
|
||||||
debug=settings.DEBUG)
|
debug=settings.DEBUG)
|
||||||
|
|
||||||
unscoped_auth_ref = client.auth_ref
|
unscoped_auth_ref = client.auth_ref
|
||||||
@@ -135,6 +137,7 @@ class KeystoneBackend(object):
|
|||||||
token=unscoped_auth_ref.auth_token,
|
token=unscoped_auth_ref.auth_token,
|
||||||
auth_url=auth_url,
|
auth_url=auth_url,
|
||||||
insecure=insecure,
|
insecure=insecure,
|
||||||
|
cacert=ca_cert,
|
||||||
debug=settings.DEBUG)
|
debug=settings.DEBUG)
|
||||||
auth_ref = client.auth_ref
|
auth_ref = client.auth_ref
|
||||||
break
|
break
|
||||||
|
|||||||
@@ -66,12 +66,14 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_two.id,
|
tenant_id=self.data.tenant_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -108,6 +110,7 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
||||||
@@ -115,12 +118,14 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_two.id,
|
tenant_id=self.data.tenant_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndRaise(exc)
|
.AndRaise(exc)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_one.id,
|
tenant_id=self.data.tenant_one.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -155,6 +160,7 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
||||||
@@ -162,12 +168,14 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_two.id,
|
tenant_id=self.data.tenant_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndRaise(exc)
|
.AndRaise(exc)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_one.id,
|
tenant_id=self.data.tenant_one.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndRaise(exc)
|
.AndRaise(exc)
|
||||||
@@ -203,6 +211,7 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.tenants.list().AndReturn([])
|
self.keystone_client_unscoped.tenants.list().AndReturn([])
|
||||||
@@ -237,6 +246,7 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False).AndRaise(exc)
|
debug=False).AndRaise(exc)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
@@ -268,6 +278,7 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False).AndRaise(exc)
|
debug=False).AndRaise(exc)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
@@ -308,12 +319,14 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_two.id,
|
tenant_id=self.data.tenant_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -322,6 +335,7 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
tenant_id=tenant.id,
|
tenant_id=tenant.id,
|
||||||
token=scoped.auth_token,
|
token=scoped.auth_token,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
|
|
||||||
@@ -375,12 +389,14 @@ class OpenStackAuthTestsV2(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
self.keystone_client_unscoped.tenants.list().AndReturn(tenants)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.tenant_two.id,
|
tenant_id=self.data.tenant_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -501,6 +517,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.projects.list(user=user.id) \
|
self.keystone_client_unscoped.projects.list(user=user.id) \
|
||||||
@@ -508,6 +525,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_two.id,
|
tenant_id=self.data.project_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -543,6 +561,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.projects.list(user=user.id) \
|
self.keystone_client_unscoped.projects.list(user=user.id) \
|
||||||
@@ -551,12 +570,14 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_two.id,
|
tenant_id=self.data.project_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndRaise(exc)
|
.AndRaise(exc)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_one.id,
|
tenant_id=self.data.project_one.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -592,6 +613,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.projects.list(user=user.id) \
|
self.keystone_client_unscoped.projects.list(user=user.id) \
|
||||||
@@ -600,12 +622,14 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_two.id,
|
tenant_id=self.data.project_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndRaise(exc)
|
.AndRaise(exc)
|
||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_one.id,
|
tenant_id=self.data.project_one.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndRaise(exc)
|
.AndRaise(exc)
|
||||||
@@ -642,6 +666,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False)\
|
debug=False)\
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.projects.list(user=user.id) \
|
self.keystone_client_unscoped.projects.list(user=user.id) \
|
||||||
@@ -677,6 +702,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False).AndRaise(exc)
|
debug=False).AndRaise(exc)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
@@ -708,6 +734,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False).AndRaise(exc)
|
debug=False).AndRaise(exc)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
@@ -749,6 +776,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.projects.list(user=user.id) \
|
self.keystone_client_unscoped.projects.list(user=user.id) \
|
||||||
@@ -756,6 +784,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_two.id,
|
tenant_id=self.data.project_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
@@ -763,6 +792,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
tenant_id=project.id,
|
tenant_id=project.id,
|
||||||
token=scoped.auth_token,
|
token=scoped.auth_token,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
|
|
||||||
@@ -817,6 +847,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
username=user.name,
|
username=user.name,
|
||||||
user_domain_name=DEFAULT_DOMAIN,
|
user_domain_name=DEFAULT_DOMAIN,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_unscoped)
|
.AndReturn(self.keystone_client_unscoped)
|
||||||
self.keystone_client_unscoped.projects.list(user=user.id) \
|
self.keystone_client_unscoped.projects.list(user=user.id) \
|
||||||
@@ -824,6 +855,7 @@ class OpenStackAuthTestsV3(test.TestCase):
|
|||||||
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL,
|
||||||
tenant_id=self.data.project_two.id,
|
tenant_id=self.data.project_two.id,
|
||||||
insecure=False,
|
insecure=False,
|
||||||
|
cacert=None,
|
||||||
token=unscoped.auth_token,
|
token=unscoped.auth_token,
|
||||||
debug=False) \
|
debug=False) \
|
||||||
.AndReturn(self.keystone_client_scoped)
|
.AndReturn(self.keystone_client_scoped)
|
||||||
|
|||||||
@@ -219,6 +219,7 @@ class User(AnonymousUser):
|
|||||||
def authorized_tenants(self):
|
def authorized_tenants(self):
|
||||||
""" Returns a memoized list of tenants this user may access. """
|
""" Returns a memoized list of tenants this user may access. """
|
||||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
|
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
|
||||||
|
|
||||||
if self.is_authenticated() and self._authorized_tenants is None:
|
if self.is_authenticated() and self._authorized_tenants is None:
|
||||||
endpoint = self.endpoint
|
endpoint = self.endpoint
|
||||||
@@ -229,6 +230,7 @@ class User(AnonymousUser):
|
|||||||
auth_url=endpoint,
|
auth_url=endpoint,
|
||||||
token=token.id,
|
token=token.id,
|
||||||
insecure=insecure,
|
insecure=insecure,
|
||||||
|
cacert=ca_cert,
|
||||||
debug=settings.DEBUG)
|
debug=settings.DEBUG)
|
||||||
except (keystone_exceptions.ClientException,
|
except (keystone_exceptions.ClientException,
|
||||||
keystone_exceptions.AuthorizationFailure):
|
keystone_exceptions.AuthorizationFailure):
|
||||||
|
|||||||
@@ -99,12 +99,14 @@ def delete_token(endpoint, token_id):
|
|||||||
"""Delete a token."""
|
"""Delete a token."""
|
||||||
|
|
||||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
|
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
|
||||||
try:
|
try:
|
||||||
if get_keystone_version() < 3:
|
if get_keystone_version() < 3:
|
||||||
client = keystone_client_v2.Client(
|
client = keystone_client_v2.Client(
|
||||||
endpoint=endpoint,
|
endpoint=endpoint,
|
||||||
token=token_id,
|
token=token_id,
|
||||||
insecure=insecure,
|
insecure=insecure,
|
||||||
|
cacert=ca_cert,
|
||||||
debug=settings.DEBUG
|
debug=settings.DEBUG
|
||||||
)
|
)
|
||||||
client.tokens.delete(token=token_id)
|
client.tokens.delete(token=token_id)
|
||||||
@@ -123,6 +125,7 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
|
|||||||
LOG.debug('Switching to tenant %s for user "%s".'
|
LOG.debug('Switching to tenant %s for user "%s".'
|
||||||
% (tenant_id, request.user.username))
|
% (tenant_id, request.user.username))
|
||||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
|
ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None)
|
||||||
endpoint = request.user.endpoint
|
endpoint = request.user.endpoint
|
||||||
try:
|
try:
|
||||||
if get_keystone_version() >= 3:
|
if get_keystone_version() >= 3:
|
||||||
@@ -131,6 +134,7 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
|
|||||||
token=request.user.token.id,
|
token=request.user.token.id,
|
||||||
auth_url=endpoint,
|
auth_url=endpoint,
|
||||||
insecure=insecure,
|
insecure=insecure,
|
||||||
|
cacert=ca_cert,
|
||||||
debug=settings.DEBUG)
|
debug=settings.DEBUG)
|
||||||
auth_ref = client.auth_ref
|
auth_ref = client.auth_ref
|
||||||
msg = 'Project switch successful for user "%(username)s".' % \
|
msg = 'Project switch successful for user "%(username)s".' % \
|
||||||
|
|||||||
Reference in New Issue
Block a user