openstack/deb-python-os-cloud-config
Code Issues Proposed changes

Passing OS_CACERT to clients

Browse Source 
When we use client with TLS enabled it is important to pass them the
certificate of the CA to allow a correct TLS handshake. The value for
the certificate is stored, if any, in the environ. This change allows to
pass this value to different clients.

Change-Id: I2107767f8b7137c5f9de647ae5214310c6da3ca2
This commit is contained in:
Andrea Rosa 2014-10-31 13:15:55 +00:00
parent 49e5405c59
commit 0d14c19285
4 changed files with 76 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
os_cloud_config/cmd/utils/_clients.py
View File

@ -19,36 +19,29 @@ from os_cloud_config.utils import clients
LOG = logging.getLogger(__name__)
def _get_client_args():
return (os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"],
os.environ.get("OS_CACERT"))
def get_nova_bm_client():
return clients.get_nova_bm_client(os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
return clients.get_nova_bm_client(*_get_client_args())
def get_ironic_client():
return clients.get_ironic_client(os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
return clients.get_ironic_client(*_get_client_args())
def get_keystone_client():
return clients.get_keystone_client(os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
return clients.get_keystone_client(*_get_client_args())
def get_keystone_v3_client():
return clients.get_keystone_v3_client(os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
return clients.get_keystone_v3_client(*_get_client_args())
def get_neutron_client():
return clients.get_neutron_client(os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
return clients.get_neutron_client(*_get_client_args())

23
os_cloud_config/cmd/utils/tests/test_clients.py
View File

@ -21,6 +21,16 @@ from os_cloud_config.tests import base
class CMDClientsTest(base.TestCase):
@mock.patch.dict('os.environ', {'OS_USERNAME': 'username',
'OS_PASSWORD': 'password',
'OS_TENANT_NAME': 'tenant',
'OS_AUTH_URL': 'auth_url',
'OS_CACERT': 'cacert'})
def test___get_client_args(self):
result = clients._get_client_args()
expected = ("username", "password", "tenant", "auth_url", "cacert")
self.assertEqual(result, expected)
@mock.patch('os.environ')
@mock.patch('ironicclient.client.get_client')
def test_get_ironic_client(self, client_mock, environ):
@ -29,7 +39,8 @@ class CMDClientsTest(base.TestCase):
1, os_username=environ["OS_USERNAME"],
os_password=environ["OS_PASSWORD"],
os_auth_url=environ["OS_AUTH_URL"],
os_tenant_name=environ["OS_TENANT_NAME"])
os_tenant_name=environ["OS_TENANT_NAME"],
ca_file=environ.get("OS_CACERT"))
@mock.patch('os.environ')
@mock.patch('novaclient.v1_1.client.Client')
@ -39,6 +50,7 @@ class CMDClientsTest(base.TestCase):
environ["OS_PASSWORD"],
environ["OS_AUTH_URL"],
environ["OS_TENANT_NAME"],
cacert=environ.get("OS_CACERT"),
extensions=[mock.ANY])
@mock.patch('os.environ')
@ -49,7 +61,8 @@ class CMDClientsTest(base.TestCase):
username=environ["OS_USERNAME"],
password=environ["OS_PASSWORD"],
auth_url=environ["OS_AUTH_URL"],
tenant_name=environ["OS_TENANT_NAME"])
tenant_name=environ["OS_TENANT_NAME"],
cacert=environ.get("OS_CACERT"))
@mock.patch('os.environ')
@mock.patch('keystoneclient.v3.client.Client')
@ -59,7 +72,8 @@ class CMDClientsTest(base.TestCase):
username=environ["OS_USERNAME"],
password=environ["OS_PASSWORD"],
auth_url=environ["OS_AUTH_URL"].replace('v2.0', 'v3'),
tenant_name=environ["OS_TENANT_NAME"])
tenant_name=environ["OS_TENANT_NAME"],
cacert=environ.get("OS_CACERT"))
@mock.patch('os.environ')
@mock.patch('neutronclient.neutron.client.Client')
@ -69,4 +83,5 @@ class CMDClientsTest(base.TestCase):
'2.0', username=environ["OS_USERNAME"],
password=environ["OS_PASSWORD"],
auth_url=environ["OS_AUTH_URL"],
tenant_name=environ["OS_TENANT_NAME"])
tenant_name=environ["OS_TENANT_NAME"],
ca_cert=environ.get("OS_CACERT"))

43
os_cloud_config/utils/clients.py
View File

@ -26,49 +26,72 @@ from novaclient.v1_1.contrib import baremetal
LOG = logging.getLogger(__name__)
def get_nova_bm_client(username, password, tenant_name, auth_url):
def get_nova_bm_client(username, password, tenant_name, auth_url, cacert=None):
LOG.debug('Creating nova client.')
baremetal_extension = Extension('baremetal', baremetal)
return novav11client.Client(username,
password,
tenant_name,
auth_url,
extensions=[baremetal_extension])
extensions=[baremetal_extension],
cacert=cacert)
def get_ironic_client(username, password, tenant_name, auth_url):
def get_ironic_client(username, password, tenant_name, auth_url, cacert=None):
LOG.debug('Creating ironic client.')
kwargs = {'os_username': username,
'os_password': password,
'os_auth_url': auth_url,
'os_tenant_name': tenant_name}
'os_tenant_name': tenant_name,
'ca_file': cacert}
return ironicclient.get_client(1, **kwargs)
def get_keystone_client(username, password, tenant_name, auth_url):
def get_keystone_client(username,
password,
tenant_name,
auth_url,
cacert=None):
LOG.debug('Creating keystone client.')
kwargs = {'username': username,
'password': password,
'tenant_name': tenant_name,
'auth_url': auth_url}
'auth_url': auth_url,
'cacert': cacert}
return ksclient.Client(**kwargs)
def get_keystone_v3_client(username, password, tenant_name, auth_url):
def get_keystone_v3_client(username,
password,
tenant_name,
auth_url,
cacert=None):
LOG.debug('Creating keystone v3 client.')
kwargs = {'username': username,
'password': password,
'tenant_name': tenant_name,
'auth_url': auth_url.replace('v2.0', 'v3')}
'auth_url': auth_url.replace('v2.0', 'v3'),
'cacert': cacert}
return ks3client.Client(**kwargs)
def get_neutron_client(username, password, tenant_name, auth_url):
def get_neutron_client(username,
password,
tenant_name,
auth_url,
cacert=None):
LOG.debug('Creating neutron client.')
kwargs = {'username': username,
'password': password,
'tenant_name': tenant_name,
'auth_url': auth_url}
'auth_url': auth_url,
'ca_cert': cacert}
neutron = neutronclient.Client('2.0', **kwargs)
neutron.format = 'json'
return neutron

16
os_cloud_config/utils/tests/test_clients.py
View File

@ -29,7 +29,8 @@ class ClientsTest(base.TestCase):
1, os_username='username',
os_password='password',
os_auth_url='auth_url',
os_tenant_name='tenant_name')
os_tenant_name='tenant_name',
ca_file=None)
@mock.patch('novaclient.v1_1.client.Client')
def test_get_nova_bm_client(self, client_mock):
@ -39,6 +40,7 @@ class ClientsTest(base.TestCase):
'password',
'tenant_name',
'auth_url',
cacert=None,
extensions=[mock.ANY])
@mock.patch('keystoneclient.v2_0.client.Client')
@ -49,7 +51,8 @@ class ClientsTest(base.TestCase):
username='username',
password='password',
auth_url='auth_url',
tenant_name='tenant_name')
tenant_name='tenant_name',
cacert=None)
@mock.patch('keystoneclient.v3.client.Client')
def test_get_keystone_v3_client_with_v2_url(self, client_mock):
@ -59,7 +62,8 @@ class ClientsTest(base.TestCase):
username='username',
password='password',
auth_url='auth_url/v3',
tenant_name='tenant_name')
tenant_name='tenant_name',
cacert=None)
@mock.patch('keystoneclient.v3.client.Client')
def test_get_keystone_v3_client_with_v3_url(self, client_mock):
@ -69,7 +73,8 @@ class ClientsTest(base.TestCase):
username='username',
password='password',
auth_url='auth_url/v3',
tenant_name='tenant_name')
tenant_name='tenant_name',
cacert=None)
@mock.patch('neutronclient.neutron.client.Client')
def test_get_neutron_client(self, client_mock):
@ -79,4 +84,5 @@ class ClientsTest(base.TestCase):
'2.0', username='username',
password='password',
auth_url='auth_url',
tenant_name='tenant_name')
tenant_name='tenant_name',
ca_cert=None)