Add insecure option to registry https client

This fixes LP bug #1063793. This adds a new API config option registry_client_insecure (default false) which optionally allows not to specify a ca file for registry connections from the API server. The default is false so existing behaviour is unchanged unless this option is specified. Adding this option makes the registry symmetric wrt the API with which you can connect using clients with --insecure Change-Id: I4fa462cd68afaf14f7d7de6c572980a41c0849d6
2012-10-08 13:14:24 +00:00 · 2012-10-08 13:14:24 +00:00 · d1f8e8b009
commit d1f8e8b009
parent 46d38734ec
3 changed files with 17 additions and 1 deletions
--- a/doc/source/configuring.rst
+++ b/doc/source/configuring.rst
@ -227,6 +227,14 @@ The path to a Certifying Authority's cert file to use in SSL connections to the
 registry server, if any. Alternately, you may set the
 ``GLANCE_CLIENT_CA_FILE`` environ variable to a filepath of the CA cert file

+* ``registry_client_insecure=False``
+
+Optional. Default: False.
+
+When using SSL in connections to the registry server, do not require
+validation via a certifying authority. This is the registry's equivalent of
+specifying --insecure on the command line using glanceclient for the API
+
 Configuring Logging in Glance
 -----------------------------

--- a/etc/glance-api.conf
+++ b/etc/glance-api.conf
@ -131,6 +131,12 @@ registry_client_protocol = http
 # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
 #registry_client_ca_file = /path/to/ca/file

+# When using SSL in connections to the registry server, do not require
+# validation via a certifying authority. This is the registry's equivalent of
+# specifying --insecure on the command line using glanceclient for the API
+# Default: False
+#registry_client_insecure = False
+
 # ============ Notification System Options =====================

 # Notifications can be sent when images are create, updated or deleted.
--- a/glance/registry/init.py
+++ b/glance/registry/init.py
@ -37,6 +37,7 @@ registry_client_opts = [
    cfg.StrOpt('registry_client_key_file'),
    cfg.StrOpt('registry_client_cert_file'),
    cfg.StrOpt('registry_client_ca_file'),
+    cfg.BoolOpt('registry_client_insecure', default=False),
    cfg.StrOpt('metadata_encryption_key', secret=True),
 ]
 registry_client_ctx_opts = [
@ -84,7 +85,8 @@ def configure_registry_client():
        'use_ssl': CONF.registry_client_protocol.lower() == 'https',
        'key_file': CONF.registry_client_key_file,
        'cert_file': CONF.registry_client_cert_file,
-        'ca_file': CONF.registry_client_ca_file
+        'ca_file': CONF.registry_client_ca_file,
+        'insecure': CONF.registry_client_insecure,
    }