Browse Source

Merge "Use TLS for json_rpc when configured"

changes/93/740893/2
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
35e76ad82d
3 changed files with 27 additions and 1 deletions
  1. +4
    -1
      ironic/common/json_rpc/client.py
  2. +18
    -0
      ironic/tests/unit/common/test_json_rpc.py
  3. +5
    -0
      releasenotes/notes/fix-json-rpc-client-ssl-2438a731beb3d5f9.yaml

+ 4
- 1
ironic/common/json_rpc/client.py View File

@@ -167,7 +167,10 @@ class _CallContext(object):
body['id'] = context.request_id or uuidutils.generate_uuid()

LOG.debug("RPC %s with %s", method, strutils.mask_dict_password(body))
url = 'http://%s:%d' % (self.host, CONF.json_rpc.port)
scheme = 'http'
if CONF.json_rpc.use_ssl:
scheme = 'https'
url = '%s://%s:%d' % (scheme, self.host, CONF.json_rpc.port)
result = _get_session().post(url, json=body)
LOG.debug('RPC %s returned %s', method,
strutils.mask_password(result.text or '<None>'))


+ 18
- 0
ironic/tests/unit/common/test_json_rpc.py View File

@@ -385,6 +385,24 @@ class TestClient(test_base.TestCase):
'rpc.version': '1.42'},
'id': self.context.request_id})

def test_call_with_ssl(self, mock_session):
self.config(use_ssl=True, group='json_rpc')
response = mock_session.return_value.post.return_value
response.json.return_value = {
'jsonrpc': '2.0',
'result': 42
}
cctx = self.client.prepare('foo.example.com')
self.assertEqual('example.com', cctx.host)
result = cctx.call(self.context, 'do_something', answer=42)
self.assertEqual(42, result)
mock_session.return_value.post.assert_called_once_with(
'https://example.com:8089',
json={'jsonrpc': '2.0',
'method': 'do_something',
'params': {'answer': 42, 'context': self.ctx_json},
'id': self.context.request_id})

def test_cast_success(self, mock_session):
cctx = self.client.prepare('foo.example.com')
self.assertEqual('example.com', cctx.host)


+ 5
- 0
releasenotes/notes/fix-json-rpc-client-ssl-2438a731beb3d5f9.yaml View File

@@ -0,0 +1,5 @@
---
fixes:
- |
Fixes json_rpc client connections always using HTTP even if `use_ssl` was
set to True.

Loading…
Cancel
Save