openstack
/
horizon
Code Issues Proposed changes

Merge "Custom CA certificate for verifying SSL connections"

This commit is contained in:
Jenkins 2013-09-03 21:49:48 +00:00 committed by Gerrit Code Review
parent 57a8af95af 12ab09a994
commit a6f39bc74a
10 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openstack_dashboard/api/ceilometer.py
View File

@ -319,11 +319,13 @@ def ceilometerclient(request):
endpoint = base.url_for(request, 'metering')
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
LOG.debug('ceilometerclient connection created using token "%s" '
'and endpoint "%s"' % (request.user.token.id, endpoint))
return ceilometer_client.Client('2', endpoint,
token=(lambda: request.user.token.id),
insecure=insecure)
insecure=insecure,
ca_file=cacert)
def resource_list(request, query=None, ceilometer_usage_object=None):

2
openstack_dashboard/api/cinder.py
View File

@ -44,6 +44,7 @@ DEFAULT_QUOTA_NAME = 'default'
def cinderclient(request):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
cinder_url = ""
try:
cinder_url = base.url_for(request, 'volume')
@ -57,6 +58,7 @@ def cinderclient(request):
project_id=request.user.tenant_id,
auth_url=cinder_url,
insecure=insecure,
cacert=cacert,
http_log_debug=settings.DEBUG)
c.client.auth_token = request.user.token.id
c.client.management_url = cinder_url

3
openstack_dashboard/api/glance.py
View File

@ -39,10 +39,11 @@ def glanceclient(request):
o = urlparse.urlparse(base.url_for(request, 'image'))
url = "://".join((o.scheme, o.netloc))
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
LOG.debug('glanceclient connection created using token "%s" and url "%s"'
% (request.user.token.id, url))
return glance_client.Client('1', url, token=request.user.token.id,
insecure=insecure)
insecure=insecure, cacert=cacert)
def image_delete(request, image_id):

2
openstack_dashboard/api/heat.py
View File

@ -32,12 +32,14 @@ def format_parameters(params):
def heatclient(request, password=None):
api_version = "1"
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
endpoint = base.url_for(request, 'orchestration')
LOG.debug('heatclient connection created using token "%s" and url "%s"' %
(request.user.token.id, endpoint))
kwargs = {
'token': request.user.token.id,
'insecure': insecure,
'ca_file': cacert,
'username': request.user.username,
'password': password
#'timeout': args.timeout,

2
openstack_dashboard/api/keystone.py
View File

@ -163,12 +163,14 @@ def keystoneclient(request, admin=False):
else:
endpoint = _get_endpoint_url(request, endpoint_type)
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
LOG.debug("Creating a new keystoneclient connection to %s." % endpoint)
remote_addr = request.environ.get('REMOTE_ADDR', '')
conn = api_version['client'].Client(token=user.token.id,
endpoint=endpoint,
original_ip=remote_addr,
insecure=insecure,
cacert=cacert,
auth_url=endpoint,
debug=settings.DEBUG)
setattr(request, cache_attr, conn)

3
openstack_dashboard/api/neutron.py
View File

@ -395,13 +395,14 @@ def get_ipver_str(ip_version):
def neutronclient(request):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
LOG.debug('neutronclient connection created using token "%s" and url "%s"'
% (request.user.token.id, base.url_for(request, 'network')))
LOG.debug('user_id=%(user)s, tenant_id=%(tenant)s' %
{'user': request.user.id, 'tenant': request.user.tenant_id})
c = neutron_client.Client(token=request.user.token.id,
endpoint_url=base.url_for(request, 'network'),
insecure=insecure)
insecure=insecure, ca_cert=cacert)
return c

2
openstack_dashboard/api/nova.py
View File

@ -343,6 +343,7 @@ class FloatingIpManager(network_base.FloatingIpManager):
def novaclient(request):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
LOG.debug('novaclient connection created using token "%s" and url "%s"' %
(request.user.token.id, base.url_for(request, 'compute')))
c = nova_client.Client(request.user.username,
@ -350,6 +351,7 @@ def novaclient(request):
project_id=request.user.tenant_id,
auth_url=base.url_for(request, 'compute'),
insecure=insecure,
cacert=cacert,
http_log_debug=settings.DEBUG)
c.client.auth_token = request.user.token.id
c.client.management_url = base.url_for(request, 'compute')

2
openstack_dashboard/api/swift.py
View File

@ -92,6 +92,7 @@ def _objectify(items, container_name):
def swift_api(request):
endpoint = base.url_for(request, 'object-store')
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
LOG.debug('Swift connection created using token "%s" and url "%s"'
% (request.user.token.id, endpoint))
return swiftclient.client.Connection(None,
@ -99,6 +100,7 @@ def swift_api(request):
None,
preauthtoken=request.user.token.id,
preauthurl=endpoint,
cacert=cacert,
auth_version="2.0")

3
openstack_dashboard/local/local_settings.py.example
View File

@ -131,6 +131,9 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
# Disable SSL certificate checks (useful for self-signed certificates):
# OPENSTACK_SSL_NO_VERIFY = True
# The CA certificate to use to verify SSL connections
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
# If Keystone has been configured to use LDAP as the auth backend then set

1
openstack_dashboard/test/helpers.py
View File

@ -334,6 +334,7 @@ class APITestCase(TestCase):
None,
preauthtoken=mox.IgnoreArg(),
preauthurl=mox.IgnoreArg(),
cacert=None,
auth_version="2.0") \
.AndReturn(self.swiftclient)
expected_calls -= 1