fix working with incorrect certificate
use 'insecure' flag from config Change-Id: I880dffc58ab428dcd0aacf62815faeddc0321e9f
This commit is contained in:
parent
64580a36d3
commit
108a8387c6
|
@ -38,6 +38,7 @@ from ec2api.api import faults
|
|||
from ec2api import context
|
||||
from ec2api import exception
|
||||
from ec2api.i18n import _
|
||||
from ec2api import utils
|
||||
from ec2api import wsgi
|
||||
|
||||
|
||||
|
@ -222,9 +223,9 @@ class EC2KeystoneAuth(wsgi.Middleware):
|
|||
creds = {'auth': {'OS-KSEC2:ec2Credentials': cred_dict}}
|
||||
creds_json = jsonutils.dumps(creds)
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
|
||||
response = requests.request('POST', token_url,
|
||||
data=creds_json, headers=headers)
|
||||
params = {'data': creds_json, 'headers': headers}
|
||||
utils.update_request_params_with_ssl(params)
|
||||
response = requests.request('POST', token_url, **params)
|
||||
status_code = response.status_code
|
||||
if status_code != 200:
|
||||
msg = response.reason
|
||||
|
@ -240,7 +241,9 @@ class EC2KeystoneAuth(wsgi.Middleware):
|
|||
return faults.ec2_error_response(request_id, "AuthFailure", msg,
|
||||
status=400)
|
||||
auth = keystone_identity_access.AccessInfoPlugin(auth_ref)
|
||||
session = keystone_session.Session(auth=auth)
|
||||
params = {'auth': auth}
|
||||
utils.update_request_params_with_ssl(params)
|
||||
session = keystone_session.Session(**params)
|
||||
remote_address = req.remote_addr
|
||||
if CONF.use_forwarded_for:
|
||||
remote_address = req.headers.get('X-Forwarded-For',
|
||||
|
|
|
@ -27,6 +27,7 @@ import six
|
|||
|
||||
from ec2api import exception
|
||||
from ec2api.i18n import _, _LW
|
||||
from ec2api import utils
|
||||
|
||||
|
||||
ec2_opts = [
|
||||
|
@ -176,7 +177,9 @@ def get_os_admin_context():
|
|||
tenant_name=CONF.admin_tenant_name,
|
||||
auth_url=CONF.keystone_url,
|
||||
)
|
||||
_admin_session = keystone_session.Session(auth=auth)
|
||||
params = {'auth': auth}
|
||||
utils.update_request_params_with_ssl(params)
|
||||
_admin_session = keystone_session.Session(**params)
|
||||
|
||||
return RequestContext(
|
||||
None, None,
|
||||
|
|
|
@ -79,3 +79,9 @@ def xhtml_escape(value):
|
|||
|
||||
"""
|
||||
return saxutils.escape(value, {'"': '"', "'": '''})
|
||||
|
||||
|
||||
def update_request_params_with_ssl(params):
|
||||
verify = CONF.ssl_ca_file or not CONF.ssl_insecure
|
||||
if verify is not True:
|
||||
params['verify'] = verify
|
||||
|
|
|
@ -47,6 +47,9 @@ wsgi_opts = [
|
|||
'generate log lines. The following values can be formatted '
|
||||
'into it: client_ip, date_time, request_line, status_code, '
|
||||
'body_length, wall_seconds.'),
|
||||
cfg.BoolOpt('ssl_insecure',
|
||||
default=False,
|
||||
help="Verify HTTPS connections."),
|
||||
cfg.StrOpt('ssl_ca_file',
|
||||
help="CA certificate file to use to verify "
|
||||
"connecting clients"),
|
||||
|
|
Loading…
Reference in New Issue