openstack/deb-python-os-cloud-config
Code Issues Proposed changes

Passing OS_CACERT to clients

Browse Source 
When we use client with TLS enabled it is important to pass them the
certificate of the CA to allow a correct TLS handshake. The value for
the certificate is stored, if any, in the environ. This change allows to
pass this value to different clients.

Change-Id: I2107767f8b7137c5f9de647ae5214310c6da3ca2
This commit is contained in:
Andrea Rosa 2014-10-31 13:15:55 +00:00
parent 49e5405c59
commit 0d14c19285
4 changed files with 76 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
os_cloud_config/cmd/utils/_clients.py
View File

@ -19,36 +19,29 @@ from os_cloud_config.utils import clients
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
def _get_client_args():
return (os.environ["OS_USERNAME"],
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"],
os.environ.get("OS_CACERT"))
def get_nova_bm_client(): def get_nova_bm_client():
return clients.get_nova_bm_client(os.environ["OS_USERNAME"], return clients.get_nova_bm_client(*_get_client_args())
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
def get_ironic_client(): def get_ironic_client():
return clients.get_ironic_client(os.environ["OS_USERNAME"], return clients.get_ironic_client(*_get_client_args())
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
def get_keystone_client(): def get_keystone_client():
return clients.get_keystone_client(os.environ["OS_USERNAME"], return clients.get_keystone_client(*_get_client_args())
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
def get_keystone_v3_client(): def get_keystone_v3_client():
return clients.get_keystone_v3_client(os.environ["OS_USERNAME"], return clients.get_keystone_v3_client(*_get_client_args())
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])
def get_neutron_client(): def get_neutron_client():
return clients.get_neutron_client(os.environ["OS_USERNAME"], return clients.get_neutron_client(*_get_client_args())
os.environ["OS_PASSWORD"],
os.environ["OS_TENANT_NAME"],
os.environ["OS_AUTH_URL"])

23
os_cloud_config/cmd/utils/tests/test_clients.py
View File

@ -21,6 +21,16 @@ from os_cloud_config.tests import base
class CMDClientsTest(base.TestCase): class CMDClientsTest(base.TestCase):
@mock.patch.dict('os.environ', {'OS_USERNAME': 'username',
'OS_PASSWORD': 'password',
'OS_TENANT_NAME': 'tenant',
'OS_AUTH_URL': 'auth_url',
'OS_CACERT': 'cacert'})
def test___get_client_args(self):
result = clients._get_client_args()
expected = ("username", "password", "tenant", "auth_url", "cacert")
self.assertEqual(result, expected)
@mock.patch('os.environ') @mock.patch('os.environ')
@mock.patch('ironicclient.client.get_client') @mock.patch('ironicclient.client.get_client')
def test_get_ironic_client(self, client_mock, environ): def test_get_ironic_client(self, client_mock, environ):
@ -29,7 +39,8 @@ class CMDClientsTest(base.TestCase):
1, os_username=environ["OS_USERNAME"], 1, os_username=environ["OS_USERNAME"],
os_password=environ["OS_PASSWORD"], os_password=environ["OS_PASSWORD"],
os_auth_url=environ["OS_AUTH_URL"], os_auth_url=environ["OS_AUTH_URL"],
os_tenant_name=environ["OS_TENANT_NAME"]) os_tenant_name=environ["OS_TENANT_NAME"],
ca_file=environ.get("OS_CACERT"))
@mock.patch('os.environ') @mock.patch('os.environ')
@mock.patch('novaclient.v1_1.client.Client') @mock.patch('novaclient.v1_1.client.Client')
@ -39,6 +50,7 @@ class CMDClientsTest(base.TestCase):
environ["OS_PASSWORD"], environ["OS_PASSWORD"],
environ["OS_AUTH_URL"], environ["OS_AUTH_URL"],
environ["OS_TENANT_NAME"], environ["OS_TENANT_NAME"],
cacert=environ.get("OS_CACERT"),
extensions=[mock.ANY]) extensions=[mock.ANY])
@mock.patch('os.environ') @mock.patch('os.environ')
@ -49,7 +61,8 @@ class CMDClientsTest(base.TestCase):
username=environ["OS_USERNAME"], username=environ["OS_USERNAME"],
password=environ["OS_PASSWORD"], password=environ["OS_PASSWORD"],
auth_url=environ["OS_AUTH_URL"], auth_url=environ["OS_AUTH_URL"],
tenant_name=environ["OS_TENANT_NAME"]) tenant_name=environ["OS_TENANT_NAME"],
cacert=environ.get("OS_CACERT"))
@mock.patch('os.environ') @mock.patch('os.environ')
@mock.patch('keystoneclient.v3.client.Client') @mock.patch('keystoneclient.v3.client.Client')
@ -59,7 +72,8 @@ class CMDClientsTest(base.TestCase):
username=environ["OS_USERNAME"], username=environ["OS_USERNAME"],
password=environ["OS_PASSWORD"], password=environ["OS_PASSWORD"],
auth_url=environ["OS_AUTH_URL"].replace('v2.0', 'v3'), auth_url=environ["OS_AUTH_URL"].replace('v2.0', 'v3'),
tenant_name=environ["OS_TENANT_NAME"]) tenant_name=environ["OS_TENANT_NAME"],
cacert=environ.get("OS_CACERT"))
@mock.patch('os.environ') @mock.patch('os.environ')
@mock.patch('neutronclient.neutron.client.Client') @mock.patch('neutronclient.neutron.client.Client')
@ -69,4 +83,5 @@ class CMDClientsTest(base.TestCase):
'2.0', username=environ["OS_USERNAME"], '2.0', username=environ["OS_USERNAME"],
password=environ["OS_PASSWORD"], password=environ["OS_PASSWORD"],
auth_url=environ["OS_AUTH_URL"], auth_url=environ["OS_AUTH_URL"],
tenant_name=environ["OS_TENANT_NAME"]) tenant_name=environ["OS_TENANT_NAME"],
ca_cert=environ.get("OS_CACERT"))

43
os_cloud_config/utils/clients.py
View File

@ -26,49 +26,72 @@ from novaclient.v1_1.contrib import baremetal
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
def get_nova_bm_client(username, password, tenant_name, auth_url): def get_nova_bm_client(username, password, tenant_name, auth_url, cacert=None):
LOG.debug('Creating nova client.') LOG.debug('Creating nova client.')
baremetal_extension = Extension('baremetal', baremetal) baremetal_extension = Extension('baremetal', baremetal)
return novav11client.Client(username, return novav11client.Client(username,
password, password,
tenant_name, tenant_name,
auth_url, auth_url,
extensions=[baremetal_extension]) extensions=[baremetal_extension],
cacert=cacert)
def get_ironic_client(username, password, tenant_name, auth_url): def get_ironic_client(username, password, tenant_name, auth_url, cacert=None):
LOG.debug('Creating ironic client.') LOG.debug('Creating ironic client.')
kwargs = {'os_username': username, kwargs = {'os_username': username,
'os_password': password, 'os_password': password,
'os_auth_url': auth_url, 'os_auth_url': auth_url,
'os_tenant_name': tenant_name} 'os_tenant_name': tenant_name,
'ca_file': cacert}
return ironicclient.get_client(1, **kwargs) return ironicclient.get_client(1, **kwargs)
def get_keystone_client(username, password, tenant_name, auth_url): def get_keystone_client(username,
password,
tenant_name,
auth_url,
cacert=None):
LOG.debug('Creating keystone client.') LOG.debug('Creating keystone client.')
kwargs = {'username': username, kwargs = {'username': username,
'password': password, 'password': password,
'tenant_name': tenant_name, 'tenant_name': tenant_name,
'auth_url': auth_url} 'auth_url': auth_url,
'cacert': cacert}
return ksclient.Client(**kwargs) return ksclient.Client(**kwargs)
def get_keystone_v3_client(username, password, tenant_name, auth_url): def get_keystone_v3_client(username,
password,
tenant_name,
auth_url,
cacert=None):
LOG.debug('Creating keystone v3 client.') LOG.debug('Creating keystone v3 client.')
kwargs = {'username': username, kwargs = {'username': username,
'password': password, 'password': password,
'tenant_name': tenant_name, 'tenant_name': tenant_name,
'auth_url': auth_url.replace('v2.0', 'v3')} 'auth_url': auth_url.replace('v2.0', 'v3'),
'cacert': cacert}
return ks3client.Client(**kwargs) return ks3client.Client(**kwargs)
def get_neutron_client(username, password, tenant_name, auth_url): def get_neutron_client(username,
password,
tenant_name,
auth_url,
cacert=None):
LOG.debug('Creating neutron client.') LOG.debug('Creating neutron client.')
kwargs = {'username': username, kwargs = {'username': username,
'password': password, 'password': password,
'tenant_name': tenant_name, 'tenant_name': tenant_name,
'auth_url': auth_url} 'auth_url': auth_url,
'ca_cert': cacert}
neutron = neutronclient.Client('2.0', **kwargs) neutron = neutronclient.Client('2.0', **kwargs)
neutron.format = 'json' neutron.format = 'json'
return neutron return neutron

16
os_cloud_config/utils/tests/test_clients.py
View File

@ -29,7 +29,8 @@ class ClientsTest(base.TestCase):
1, os_username='username', 1, os_username='username',
os_password='password', os_password='password',
os_auth_url='auth_url', os_auth_url='auth_url',
os_tenant_name='tenant_name') os_tenant_name='tenant_name',
ca_file=None)
@mock.patch('novaclient.v1_1.client.Client') @mock.patch('novaclient.v1_1.client.Client')
def test_get_nova_bm_client(self, client_mock): def test_get_nova_bm_client(self, client_mock):
@ -39,6 +40,7 @@ class ClientsTest(base.TestCase):
'password', 'password',
'tenant_name', 'tenant_name',
'auth_url', 'auth_url',
cacert=None,
extensions=[mock.ANY]) extensions=[mock.ANY])
@mock.patch('keystoneclient.v2_0.client.Client') @mock.patch('keystoneclient.v2_0.client.Client')
@ -49,7 +51,8 @@ class ClientsTest(base.TestCase):
username='username', username='username',
password='password', password='password',
auth_url='auth_url', auth_url='auth_url',
tenant_name='tenant_name') tenant_name='tenant_name',
cacert=None)
@mock.patch('keystoneclient.v3.client.Client') @mock.patch('keystoneclient.v3.client.Client')
def test_get_keystone_v3_client_with_v2_url(self, client_mock): def test_get_keystone_v3_client_with_v2_url(self, client_mock):
@ -59,7 +62,8 @@ class ClientsTest(base.TestCase):
username='username', username='username',
password='password', password='password',
auth_url='auth_url/v3', auth_url='auth_url/v3',
tenant_name='tenant_name') tenant_name='tenant_name',
cacert=None)
@mock.patch('keystoneclient.v3.client.Client') @mock.patch('keystoneclient.v3.client.Client')
def test_get_keystone_v3_client_with_v3_url(self, client_mock): def test_get_keystone_v3_client_with_v3_url(self, client_mock):
@ -69,7 +73,8 @@ class ClientsTest(base.TestCase):
username='username', username='username',
password='password', password='password',
auth_url='auth_url/v3', auth_url='auth_url/v3',
tenant_name='tenant_name') tenant_name='tenant_name',
cacert=None)
@mock.patch('neutronclient.neutron.client.Client') @mock.patch('neutronclient.neutron.client.Client')
def test_get_neutron_client(self, client_mock): def test_get_neutron_client(self, client_mock):
@ -79,4 +84,5 @@ class ClientsTest(base.TestCase):
'2.0', username='username', '2.0', username='username',
password='password', password='password',
auth_url='auth_url', auth_url='auth_url',
tenant_name='tenant_name') tenant_name='tenant_name',
ca_cert=None)