Merge "Custom CA certificate for verifying SSL connections"
This commit is contained in:
commit
a6f39bc74a
|
@ -319,11 +319,13 @@ def ceilometerclient(request):
|
|||
|
||||
endpoint = base.url_for(request, 'metering')
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
LOG.debug('ceilometerclient connection created using token "%s" '
|
||||
'and endpoint "%s"' % (request.user.token.id, endpoint))
|
||||
return ceilometer_client.Client('2', endpoint,
|
||||
token=(lambda: request.user.token.id),
|
||||
insecure=insecure)
|
||||
insecure=insecure,
|
||||
ca_file=cacert)
|
||||
|
||||
|
||||
def resource_list(request, query=None, ceilometer_usage_object=None):
|
||||
|
|
|
@ -44,6 +44,7 @@ DEFAULT_QUOTA_NAME = 'default'
|
|||
|
||||
def cinderclient(request):
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
cinder_url = ""
|
||||
try:
|
||||
cinder_url = base.url_for(request, 'volume')
|
||||
|
@ -57,6 +58,7 @@ def cinderclient(request):
|
|||
project_id=request.user.tenant_id,
|
||||
auth_url=cinder_url,
|
||||
insecure=insecure,
|
||||
cacert=cacert,
|
||||
http_log_debug=settings.DEBUG)
|
||||
c.client.auth_token = request.user.token.id
|
||||
c.client.management_url = cinder_url
|
||||
|
|
|
@ -39,10 +39,11 @@ def glanceclient(request):
|
|||
o = urlparse.urlparse(base.url_for(request, 'image'))
|
||||
url = "://".join((o.scheme, o.netloc))
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
LOG.debug('glanceclient connection created using token "%s" and url "%s"'
|
||||
% (request.user.token.id, url))
|
||||
return glance_client.Client('1', url, token=request.user.token.id,
|
||||
insecure=insecure)
|
||||
insecure=insecure, cacert=cacert)
|
||||
|
||||
|
||||
def image_delete(request, image_id):
|
||||
|
|
|
@ -32,12 +32,14 @@ def format_parameters(params):
|
|||
def heatclient(request, password=None):
|
||||
api_version = "1"
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
endpoint = base.url_for(request, 'orchestration')
|
||||
LOG.debug('heatclient connection created using token "%s" and url "%s"' %
|
||||
(request.user.token.id, endpoint))
|
||||
kwargs = {
|
||||
'token': request.user.token.id,
|
||||
'insecure': insecure,
|
||||
'ca_file': cacert,
|
||||
'username': request.user.username,
|
||||
'password': password
|
||||
#'timeout': args.timeout,
|
||||
|
|
|
@ -163,12 +163,14 @@ def keystoneclient(request, admin=False):
|
|||
else:
|
||||
endpoint = _get_endpoint_url(request, endpoint_type)
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
LOG.debug("Creating a new keystoneclient connection to %s." % endpoint)
|
||||
remote_addr = request.environ.get('REMOTE_ADDR', '')
|
||||
conn = api_version['client'].Client(token=user.token.id,
|
||||
endpoint=endpoint,
|
||||
original_ip=remote_addr,
|
||||
insecure=insecure,
|
||||
cacert=cacert,
|
||||
auth_url=endpoint,
|
||||
debug=settings.DEBUG)
|
||||
setattr(request, cache_attr, conn)
|
||||
|
|
|
@ -395,13 +395,14 @@ def get_ipver_str(ip_version):
|
|||
|
||||
def neutronclient(request):
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
LOG.debug('neutronclient connection created using token "%s" and url "%s"'
|
||||
% (request.user.token.id, base.url_for(request, 'network')))
|
||||
LOG.debug('user_id=%(user)s, tenant_id=%(tenant)s' %
|
||||
{'user': request.user.id, 'tenant': request.user.tenant_id})
|
||||
c = neutron_client.Client(token=request.user.token.id,
|
||||
endpoint_url=base.url_for(request, 'network'),
|
||||
insecure=insecure)
|
||||
insecure=insecure, ca_cert=cacert)
|
||||
return c
|
||||
|
||||
|
||||
|
|
|
@ -343,6 +343,7 @@ class FloatingIpManager(network_base.FloatingIpManager):
|
|||
|
||||
def novaclient(request):
|
||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
LOG.debug('novaclient connection created using token "%s" and url "%s"' %
|
||||
(request.user.token.id, base.url_for(request, 'compute')))
|
||||
c = nova_client.Client(request.user.username,
|
||||
|
@ -350,6 +351,7 @@ def novaclient(request):
|
|||
project_id=request.user.tenant_id,
|
||||
auth_url=base.url_for(request, 'compute'),
|
||||
insecure=insecure,
|
||||
cacert=cacert,
|
||||
http_log_debug=settings.DEBUG)
|
||||
c.client.auth_token = request.user.token.id
|
||||
c.client.management_url = base.url_for(request, 'compute')
|
||||
|
|
|
@ -92,6 +92,7 @@ def _objectify(items, container_name):
|
|||
|
||||
def swift_api(request):
|
||||
endpoint = base.url_for(request, 'object-store')
|
||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||
LOG.debug('Swift connection created using token "%s" and url "%s"'
|
||||
% (request.user.token.id, endpoint))
|
||||
return swiftclient.client.Connection(None,
|
||||
|
@ -99,6 +100,7 @@ def swift_api(request):
|
|||
None,
|
||||
preauthtoken=request.user.token.id,
|
||||
preauthurl=endpoint,
|
||||
cacert=cacert,
|
||||
auth_version="2.0")
|
||||
|
||||
|
||||
|
|
|
@ -131,6 +131,9 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
|
|||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
# OPENSTACK_SSL_NO_VERIFY = True
|
||||
|
||||
# The CA certificate to use to verify SSL connections
|
||||
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
|
||||
|
||||
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
|
||||
# capabilities of the auth backend for Keystone.
|
||||
# If Keystone has been configured to use LDAP as the auth backend then set
|
||||
|
|
|
@ -334,6 +334,7 @@ class APITestCase(TestCase):
|
|||
None,
|
||||
preauthtoken=mox.IgnoreArg(),
|
||||
preauthurl=mox.IgnoreArg(),
|
||||
cacert=None,
|
||||
auth_version="2.0") \
|
||||
.AndReturn(self.swiftclient)
|
||||
expected_calls -= 1
|
||||
|
|
Loading…
Reference in New Issue