Merge "Disable verification for Keystone session in Swift"
This commit is contained in:
commit
fd2a80a08f
|
@ -1331,7 +1331,7 @@ class SingleTenantStore(BaseStore):
|
||||||
project_domain_id=self.project_domain_id,
|
project_domain_id=self.project_domain_id,
|
||||||
project_domain_name=self.project_domain_name)
|
project_domain_name=self.project_domain_name)
|
||||||
|
|
||||||
sess = ks_session.Session(auth=password)
|
sess = ks_session.Session(auth=password, verify=not self.insecure)
|
||||||
return ks_client.Client(session=sess)
|
return ks_client.Client(session=sess)
|
||||||
|
|
||||||
def get_manager(self, store_location, context=None, allow_reauth=False):
|
def get_manager(self, store_location, context=None, allow_reauth=False):
|
||||||
|
@ -1452,7 +1452,8 @@ class MultiTenantStore(BaseStore):
|
||||||
trustor_auth = ks_identity.V3Token(auth_url=auth_address,
|
trustor_auth = ks_identity.V3Token(auth_url=auth_address,
|
||||||
token=context.auth_token,
|
token=context.auth_token,
|
||||||
project_id=context.tenant)
|
project_id=context.tenant)
|
||||||
trustor_sess = ks_session.Session(auth=trustor_auth)
|
trustor_sess = ks_session.Session(auth=trustor_auth,
|
||||||
|
verify=not self.insecure)
|
||||||
trustor_client = ks_client.Client(session=trustor_sess)
|
trustor_client = ks_client.Client(session=trustor_sess)
|
||||||
auth_ref = trustor_client.session.auth.get_auth_ref(trustor_sess)
|
auth_ref = trustor_client.session.auth.get_auth_ref(trustor_sess)
|
||||||
roles = [t['name'] for t in auth_ref['roles']]
|
roles = [t['name'] for t in auth_ref['roles']]
|
||||||
|
@ -1468,7 +1469,8 @@ class MultiTenantStore(BaseStore):
|
||||||
user_domain_name=user_domain_name,
|
user_domain_name=user_domain_name,
|
||||||
project_domain_id=project_domain_id,
|
project_domain_id=project_domain_id,
|
||||||
project_domain_name=project_domain_name)
|
project_domain_name=project_domain_name)
|
||||||
trustee_sess = ks_session.Session(auth=password)
|
trustee_sess = ks_session.Session(auth=password,
|
||||||
|
verify=not self.insecure)
|
||||||
trustee_client = ks_client.Client(session=trustee_sess)
|
trustee_client = ks_client.Client(session=trustee_sess)
|
||||||
|
|
||||||
# request glance user id - we will use it as trustee user
|
# request glance user id - we will use it as trustee user
|
||||||
|
@ -1494,7 +1496,8 @@ class MultiTenantStore(BaseStore):
|
||||||
)
|
)
|
||||||
# now we can authenticate against KS
|
# now we can authenticate against KS
|
||||||
# as trustee of user who provided token
|
# as trustee of user who provided token
|
||||||
client_sess = ks_session.Session(auth=client_password)
|
client_sess = ks_session.Session(auth=client_password,
|
||||||
|
verify=not self.insecure)
|
||||||
return ks_client.Client(session=client_sess)
|
return ks_client.Client(session=client_sess)
|
||||||
|
|
||||||
def get_manager(self, store_location, context=None, allow_reauth=False):
|
def get_manager(self, store_location, context=None, allow_reauth=False):
|
||||||
|
|
|
@ -1213,17 +1213,27 @@ class SwiftTests(object):
|
||||||
loc = mock.MagicMock()
|
loc = mock.MagicMock()
|
||||||
self.assertRaises(NotImplementedError, store.get_manager, loc)
|
self.assertRaises(NotImplementedError, store.get_manager, loc)
|
||||||
|
|
||||||
|
def test_init_client_multi_tenant(self):
|
||||||
|
"""Test that keystone client was initialized correctly"""
|
||||||
|
self._init_client(verify=True, swift_store_multi_tenant=True,
|
||||||
|
swift_store_config_file=None)
|
||||||
|
|
||||||
|
def test_init_client_multi_tenant_insecure(self):
|
||||||
|
"""
|
||||||
|
Test that keystone client was initialized correctly with no
|
||||||
|
certificate verification.
|
||||||
|
"""
|
||||||
|
self._init_client(verify=False, swift_store_multi_tenant=True,
|
||||||
|
swift_store_auth_insecure=True,
|
||||||
|
swift_store_config_file=None)
|
||||||
|
|
||||||
@mock.patch("glance_store._drivers.swift.store.ks_identity")
|
@mock.patch("glance_store._drivers.swift.store.ks_identity")
|
||||||
@mock.patch("glance_store._drivers.swift.store.ks_session")
|
@mock.patch("glance_store._drivers.swift.store.ks_session")
|
||||||
@mock.patch("glance_store._drivers.swift.store.ks_client")
|
@mock.patch("glance_store._drivers.swift.store.ks_client")
|
||||||
def test_init_client_multi_tenant(self,
|
def _init_client(self, mock_client, mock_session, mock_identity, verify,
|
||||||
mock_client,
|
**kwargs):
|
||||||
mock_session,
|
|
||||||
mock_identity):
|
|
||||||
"""Test that keystone client was initialized correctly"""
|
|
||||||
# initialize store and connection parameters
|
# initialize store and connection parameters
|
||||||
self.config(swift_store_config_file=None)
|
self.config(**kwargs)
|
||||||
self.config(swift_store_multi_tenant=True)
|
|
||||||
store = Store(self.conf)
|
store = Store(self.conf)
|
||||||
store.configure()
|
store.configure()
|
||||||
ref_params = sutils.SwiftParams(self.conf).params
|
ref_params = sutils.SwiftParams(self.conf).params
|
||||||
|
@ -1255,7 +1265,8 @@ class SwiftTests(object):
|
||||||
token=ctxt.auth_token,
|
token=ctxt.auth_token,
|
||||||
project_id=ctxt.tenant
|
project_id=ctxt.tenant
|
||||||
)
|
)
|
||||||
mock_session.Session.assert_any_call(auth=mock_identity.V3Token())
|
mock_session.Session.assert_any_call(auth=mock_identity.V3Token(),
|
||||||
|
verify=verify)
|
||||||
mock_client.Client.assert_any_call(session=trustor_session)
|
mock_client.Client.assert_any_call(session=trustor_session)
|
||||||
# test trustee usage and trust creation
|
# test trustee usage and trust creation
|
||||||
tenant_name, user = default_swift_reference.get('user').split(':')
|
tenant_name, user = default_swift_reference.get('user').split(':')
|
||||||
|
@ -1270,7 +1281,8 @@ class SwiftTests(object):
|
||||||
project_domain_name=default_swift_reference.get(
|
project_domain_name=default_swift_reference.get(
|
||||||
'project_domain_name')
|
'project_domain_name')
|
||||||
)
|
)
|
||||||
mock_session.Session.assert_any_call(auth=mock_identity.V3Password())
|
mock_session.Session.assert_any_call(auth=mock_identity.V3Password(),
|
||||||
|
verify=verify)
|
||||||
mock_client.Client.assert_any_call(session=trustee_session)
|
mock_client.Client.assert_any_call(session=trustee_session)
|
||||||
trustor_client.trusts.create.assert_called_once_with(
|
trustor_client.trusts.create.assert_called_once_with(
|
||||||
trustee_user='fake_user', trustor_user=ctxt.user,
|
trustee_user='fake_user', trustor_user=ctxt.user,
|
||||||
|
@ -1380,7 +1392,7 @@ class TestStoreAuthV3(TestStoreAuthV1):
|
||||||
project_domain_id='default', project_domain_name=None,
|
project_domain_id='default', project_domain_name=None,
|
||||||
user_domain_id='default', user_domain_name=None,)
|
user_domain_id='default', user_domain_name=None,)
|
||||||
mock_session.Session.assert_called_once_with(
|
mock_session.Session.assert_called_once_with(
|
||||||
auth=mock_identity.V3Password())
|
auth=mock_identity.V3Password(), verify=True)
|
||||||
mock_client.Client.assert_called_once_with(
|
mock_client.Client.assert_called_once_with(
|
||||||
session=mock_session.Session())
|
session=mock_session.Session())
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue