Passing OS_CACERT to clients
When we use client with TLS enabled it is important to pass them the certificate of the CA to allow a correct TLS handshake. The value for the certificate is stored, if any, in the environ. This change allows to pass this value to different clients. Change-Id: I2107767f8b7137c5f9de647ae5214310c6da3ca2
This commit is contained in:
parent
49e5405c59
commit
0d14c19285
@ -19,36 +19,29 @@ from os_cloud_config.utils import clients
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def _get_client_args():
|
||||
return (os.environ["OS_USERNAME"],
|
||||
os.environ["OS_PASSWORD"],
|
||||
os.environ["OS_TENANT_NAME"],
|
||||
os.environ["OS_AUTH_URL"],
|
||||
os.environ.get("OS_CACERT"))
|
||||
|
||||
|
||||
def get_nova_bm_client():
|
||||
return clients.get_nova_bm_client(os.environ["OS_USERNAME"],
|
||||
os.environ["OS_PASSWORD"],
|
||||
os.environ["OS_TENANT_NAME"],
|
||||
os.environ["OS_AUTH_URL"])
|
||||
return clients.get_nova_bm_client(*_get_client_args())
|
||||
|
||||
|
||||
def get_ironic_client():
|
||||
return clients.get_ironic_client(os.environ["OS_USERNAME"],
|
||||
os.environ["OS_PASSWORD"],
|
||||
os.environ["OS_TENANT_NAME"],
|
||||
os.environ["OS_AUTH_URL"])
|
||||
return clients.get_ironic_client(*_get_client_args())
|
||||
|
||||
|
||||
def get_keystone_client():
|
||||
return clients.get_keystone_client(os.environ["OS_USERNAME"],
|
||||
os.environ["OS_PASSWORD"],
|
||||
os.environ["OS_TENANT_NAME"],
|
||||
os.environ["OS_AUTH_URL"])
|
||||
return clients.get_keystone_client(*_get_client_args())
|
||||
|
||||
|
||||
def get_keystone_v3_client():
|
||||
return clients.get_keystone_v3_client(os.environ["OS_USERNAME"],
|
||||
os.environ["OS_PASSWORD"],
|
||||
os.environ["OS_TENANT_NAME"],
|
||||
os.environ["OS_AUTH_URL"])
|
||||
return clients.get_keystone_v3_client(*_get_client_args())
|
||||
|
||||
|
||||
def get_neutron_client():
|
||||
return clients.get_neutron_client(os.environ["OS_USERNAME"],
|
||||
os.environ["OS_PASSWORD"],
|
||||
os.environ["OS_TENANT_NAME"],
|
||||
os.environ["OS_AUTH_URL"])
|
||||
return clients.get_neutron_client(*_get_client_args())
|
||||
|
@ -21,6 +21,16 @@ from os_cloud_config.tests import base
|
||||
|
||||
class CMDClientsTest(base.TestCase):
|
||||
|
||||
@mock.patch.dict('os.environ', {'OS_USERNAME': 'username',
|
||||
'OS_PASSWORD': 'password',
|
||||
'OS_TENANT_NAME': 'tenant',
|
||||
'OS_AUTH_URL': 'auth_url',
|
||||
'OS_CACERT': 'cacert'})
|
||||
def test___get_client_args(self):
|
||||
result = clients._get_client_args()
|
||||
expected = ("username", "password", "tenant", "auth_url", "cacert")
|
||||
self.assertEqual(result, expected)
|
||||
|
||||
@mock.patch('os.environ')
|
||||
@mock.patch('ironicclient.client.get_client')
|
||||
def test_get_ironic_client(self, client_mock, environ):
|
||||
@ -29,7 +39,8 @@ class CMDClientsTest(base.TestCase):
|
||||
1, os_username=environ["OS_USERNAME"],
|
||||
os_password=environ["OS_PASSWORD"],
|
||||
os_auth_url=environ["OS_AUTH_URL"],
|
||||
os_tenant_name=environ["OS_TENANT_NAME"])
|
||||
os_tenant_name=environ["OS_TENANT_NAME"],
|
||||
ca_file=environ.get("OS_CACERT"))
|
||||
|
||||
@mock.patch('os.environ')
|
||||
@mock.patch('novaclient.v1_1.client.Client')
|
||||
@ -39,6 +50,7 @@ class CMDClientsTest(base.TestCase):
|
||||
environ["OS_PASSWORD"],
|
||||
environ["OS_AUTH_URL"],
|
||||
environ["OS_TENANT_NAME"],
|
||||
cacert=environ.get("OS_CACERT"),
|
||||
extensions=[mock.ANY])
|
||||
|
||||
@mock.patch('os.environ')
|
||||
@ -49,7 +61,8 @@ class CMDClientsTest(base.TestCase):
|
||||
username=environ["OS_USERNAME"],
|
||||
password=environ["OS_PASSWORD"],
|
||||
auth_url=environ["OS_AUTH_URL"],
|
||||
tenant_name=environ["OS_TENANT_NAME"])
|
||||
tenant_name=environ["OS_TENANT_NAME"],
|
||||
cacert=environ.get("OS_CACERT"))
|
||||
|
||||
@mock.patch('os.environ')
|
||||
@mock.patch('keystoneclient.v3.client.Client')
|
||||
@ -59,7 +72,8 @@ class CMDClientsTest(base.TestCase):
|
||||
username=environ["OS_USERNAME"],
|
||||
password=environ["OS_PASSWORD"],
|
||||
auth_url=environ["OS_AUTH_URL"].replace('v2.0', 'v3'),
|
||||
tenant_name=environ["OS_TENANT_NAME"])
|
||||
tenant_name=environ["OS_TENANT_NAME"],
|
||||
cacert=environ.get("OS_CACERT"))
|
||||
|
||||
@mock.patch('os.environ')
|
||||
@mock.patch('neutronclient.neutron.client.Client')
|
||||
@ -69,4 +83,5 @@ class CMDClientsTest(base.TestCase):
|
||||
'2.0', username=environ["OS_USERNAME"],
|
||||
password=environ["OS_PASSWORD"],
|
||||
auth_url=environ["OS_AUTH_URL"],
|
||||
tenant_name=environ["OS_TENANT_NAME"])
|
||||
tenant_name=environ["OS_TENANT_NAME"],
|
||||
ca_cert=environ.get("OS_CACERT"))
|
||||
|
@ -26,49 +26,72 @@ from novaclient.v1_1.contrib import baremetal
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def get_nova_bm_client(username, password, tenant_name, auth_url):
|
||||
def get_nova_bm_client(username, password, tenant_name, auth_url, cacert=None):
|
||||
LOG.debug('Creating nova client.')
|
||||
baremetal_extension = Extension('baremetal', baremetal)
|
||||
return novav11client.Client(username,
|
||||
password,
|
||||
tenant_name,
|
||||
auth_url,
|
||||
extensions=[baremetal_extension])
|
||||
extensions=[baremetal_extension],
|
||||
cacert=cacert)
|
||||
|
||||
|
||||
def get_ironic_client(username, password, tenant_name, auth_url):
|
||||
def get_ironic_client(username, password, tenant_name, auth_url, cacert=None):
|
||||
LOG.debug('Creating ironic client.')
|
||||
kwargs = {'os_username': username,
|
||||
'os_password': password,
|
||||
'os_auth_url': auth_url,
|
||||
'os_tenant_name': tenant_name}
|
||||
'os_tenant_name': tenant_name,
|
||||
'ca_file': cacert}
|
||||
|
||||
return ironicclient.get_client(1, **kwargs)
|
||||
|
||||
|
||||
def get_keystone_client(username, password, tenant_name, auth_url):
|
||||
def get_keystone_client(username,
|
||||
password,
|
||||
tenant_name,
|
||||
auth_url,
|
||||
cacert=None):
|
||||
|
||||
LOG.debug('Creating keystone client.')
|
||||
kwargs = {'username': username,
|
||||
'password': password,
|
||||
'tenant_name': tenant_name,
|
||||
'auth_url': auth_url}
|
||||
'auth_url': auth_url,
|
||||
'cacert': cacert}
|
||||
|
||||
return ksclient.Client(**kwargs)
|
||||
|
||||
|
||||
def get_keystone_v3_client(username, password, tenant_name, auth_url):
|
||||
def get_keystone_v3_client(username,
|
||||
password,
|
||||
tenant_name,
|
||||
auth_url,
|
||||
cacert=None):
|
||||
|
||||
LOG.debug('Creating keystone v3 client.')
|
||||
kwargs = {'username': username,
|
||||
'password': password,
|
||||
'tenant_name': tenant_name,
|
||||
'auth_url': auth_url.replace('v2.0', 'v3')}
|
||||
'auth_url': auth_url.replace('v2.0', 'v3'),
|
||||
'cacert': cacert}
|
||||
|
||||
return ks3client.Client(**kwargs)
|
||||
|
||||
|
||||
def get_neutron_client(username, password, tenant_name, auth_url):
|
||||
def get_neutron_client(username,
|
||||
password,
|
||||
tenant_name,
|
||||
auth_url,
|
||||
cacert=None):
|
||||
LOG.debug('Creating neutron client.')
|
||||
kwargs = {'username': username,
|
||||
'password': password,
|
||||
'tenant_name': tenant_name,
|
||||
'auth_url': auth_url}
|
||||
'auth_url': auth_url,
|
||||
'ca_cert': cacert}
|
||||
|
||||
neutron = neutronclient.Client('2.0', **kwargs)
|
||||
neutron.format = 'json'
|
||||
return neutron
|
||||
|
@ -29,7 +29,8 @@ class ClientsTest(base.TestCase):
|
||||
1, os_username='username',
|
||||
os_password='password',
|
||||
os_auth_url='auth_url',
|
||||
os_tenant_name='tenant_name')
|
||||
os_tenant_name='tenant_name',
|
||||
ca_file=None)
|
||||
|
||||
@mock.patch('novaclient.v1_1.client.Client')
|
||||
def test_get_nova_bm_client(self, client_mock):
|
||||
@ -39,6 +40,7 @@ class ClientsTest(base.TestCase):
|
||||
'password',
|
||||
'tenant_name',
|
||||
'auth_url',
|
||||
cacert=None,
|
||||
extensions=[mock.ANY])
|
||||
|
||||
@mock.patch('keystoneclient.v2_0.client.Client')
|
||||
@ -49,7 +51,8 @@ class ClientsTest(base.TestCase):
|
||||
username='username',
|
||||
password='password',
|
||||
auth_url='auth_url',
|
||||
tenant_name='tenant_name')
|
||||
tenant_name='tenant_name',
|
||||
cacert=None)
|
||||
|
||||
@mock.patch('keystoneclient.v3.client.Client')
|
||||
def test_get_keystone_v3_client_with_v2_url(self, client_mock):
|
||||
@ -59,7 +62,8 @@ class ClientsTest(base.TestCase):
|
||||
username='username',
|
||||
password='password',
|
||||
auth_url='auth_url/v3',
|
||||
tenant_name='tenant_name')
|
||||
tenant_name='tenant_name',
|
||||
cacert=None)
|
||||
|
||||
@mock.patch('keystoneclient.v3.client.Client')
|
||||
def test_get_keystone_v3_client_with_v3_url(self, client_mock):
|
||||
@ -69,7 +73,8 @@ class ClientsTest(base.TestCase):
|
||||
username='username',
|
||||
password='password',
|
||||
auth_url='auth_url/v3',
|
||||
tenant_name='tenant_name')
|
||||
tenant_name='tenant_name',
|
||||
cacert=None)
|
||||
|
||||
@mock.patch('neutronclient.neutron.client.Client')
|
||||
def test_get_neutron_client(self, client_mock):
|
||||
@ -79,4 +84,5 @@ class ClientsTest(base.TestCase):
|
||||
'2.0', username='username',
|
||||
password='password',
|
||||
auth_url='auth_url',
|
||||
tenant_name='tenant_name')
|
||||
tenant_name='tenant_name',
|
||||
ca_cert=None)
|
||||
|
Loading…
Reference in New Issue
Block a user