Support changing the protocol part of callback_url to https

Adds a new kernel parameter for manual configuration and also creates foundation for automatic TLS support later. Change-Id: If341c3a8a268fc8cab6bd6be04b12ca32b31c8d8 Story: #2007214 Task: #40619
2020-08-06 15:14:31 +02:00
parent 622ca733e2
commit 353d09c3b0
6 changed files with 28 additions and 8 deletions
--- a/ironic_python_agent/agent.py
+++ b/ironic_python_agent/agent.py
@@ -133,7 +133,8 @@ class IronicPythonAgentHeartbeater(threading.Thread):
        try:
            self.api.heartbeat(
                uuid=self.agent.get_node_uuid(),
-                advertise_address=self.agent.advertise_address
+                advertise_address=self.agent.advertise_address,
+                advertise_protocol=self.agent.advertise_protocol,
            )
            self.error_delay = self.initial_delay
            LOG.info('heartbeat successful')
@@ -165,7 +166,7 @@ class IronicPythonAgent(base.ExecuteCommandMixin):
    def __init__(self, api_url, advertise_address, listen_address,
                 ip_lookup_attempts, ip_lookup_sleep, network_interface,
                 lookup_timeout, lookup_interval, standalone, agent_token,
-                 hardware_initialization_delay=0):
+                 hardware_initialization_delay=0, advertise_protocol='http'):
        super(IronicPythonAgent, self).__init__()
        if bool(cfg.CONF.keyfile) != bool(cfg.CONF.certfile):
            LOG.warning("Only one of 'keyfile' and 'certfile' options is "
@@ -192,6 +193,7 @@ class IronicPythonAgent(base.ExecuteCommandMixin):
            self.heartbeater = IronicPythonAgentHeartbeater(self)
        self.listen_address = listen_address
        self.advertise_address = advertise_address
+        self.advertise_protocol = advertise_protocol
        self.version = pkg_resources.get_distribution('ironic-python-agent')\
            .version
        self.api = app.Application(self, cfg.CONF)
--- a/ironic_python_agent/cmd/agent.py
+++ b/ironic_python_agent/cmd/agent.py
@@ -46,4 +46,5 @@ def run():
                            CONF.lookup_interval,
                            CONF.standalone,
                            CONF.agent_token,
-                            CONF.hardware_initialization_delay).run()
+                            CONF.hardware_initialization_delay,
+                            CONF.advertise_protocol).run()
--- a/ironic_python_agent/config.py
+++ b/ironic_python_agent/config.py
@@ -62,6 +62,12 @@ cli_opts = [
                     'Can be supplied as "ipa-advertise-port" '
                     'kernel parameter.'),

+    cfg.StrOpt('advertise_protocol',
+               default=APARAMS.get('ipa-advertise-protocol', 'http'),
+               choices=['http', 'https'],
+               help='Protocol to use for the callback URL. HTTP is used by '
+                    'default, set to "https" if you have HTTPS configured.'),
+
    cfg.IntOpt('ip_lookup_attempts',
               min=1,
               default=int(APARAMS.get('ipa-ip-lookup-attempts', 6)),
--- a/ironic_python_agent/ironic_api_client.py
+++ b/ironic_python_agent/ironic_api_client.py
@@ -105,10 +105,11 @@ class APIClient(object):
                return MIN_IRONIC_VERSION
        return self._ironic_api_version

-    def heartbeat(self, uuid, advertise_address):
+    def heartbeat(self, uuid, advertise_address, advertise_protocol='http'):
        path = self.heartbeat_api.format(uuid=uuid)

-        data = {'callback_url': self._get_agent_url(advertise_address)}
+        data = {'callback_url': self._get_agent_url(advertise_address,
+                                                    advertise_protocol)}

        api_ver = self._get_ironic_api_version()

@@ -209,6 +210,7 @@ class APIClient(object):
        # Got valid content
        raise loopingcall.LoopingCallDone(retvalue=content)

-    def _get_agent_url(self, advertise_address):
-        return 'http://{}:{}'.format(netutils.wrap_ipv6(advertise_address[0]),
+    def _get_agent_url(self, advertise_address, advertise_protocol='http'):
+        return '{}://{}:{}'.format(advertise_protocol,
+                                   netutils.wrap_ipv6(advertise_address[0]),
                                   advertise_address[1])
--- a/ironic_python_agent/tests/unit/test_ironic_api_client.py
+++ b/ironic_python_agent/tests/unit/test_ironic_api_client.py
@@ -375,3 +375,7 @@ class TestBaseIronicPythonAgent(base.IronicAgentTest):
    def test_get_agent_url_ipv6(self):
        url = self.api_client._get_agent_url(('1:2::3:4', '9999'))
        self.assertEqual('http://[1:2::3:4]:9999', url)
+
+    def test_get_agent_url_protocol(self):
+        url = self.api_client._get_agent_url(('1:2::3:4', '9999'), 'https')
+        self.assertEqual('https://[1:2::3:4]:9999', url)
--- a/releasenotes/notes/advertise-protocol-110ae1587f727e62.yaml
+++ b/releasenotes/notes/advertise-protocol-110ae1587f727e62.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new kernel parameter ``ipa-advertise-protocol`` can be used to change
+    the protocol of the callback URL to ``https``.