openstack/kuryr
Code Issues Proposed changes

Adds config options for using SSL

Browse Source 
Adds auth_ca_cert and auth_insecure config options.

Change-Id: I4be39f47968a260d3958ef498050aba23a1aefe3
Closes-Bug: #1535823
This commit is contained in:
Mohammad Banikazemi 2016-02-15 16:07:01 -05:00
parent 811de8e9ab
commit 06134e437a
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kuryr/common/config.py
View File

@ -75,6 +75,12 @@ keystone_opts = [
cfg.StrOpt('admin_token', cfg.StrOpt('admin_token',
default=os.environ.get('SERVICE_TOKEN'), default=os.environ.get('SERVICE_TOKEN'),
help=_('The admin token.')), help=_('The admin token.')),
cfg.StrOpt('auth_ca_cert',
default=os.environ.get('SERVICE_CA_CERT'),
help=_('The CA certification file.')),
cfg.BoolOpt('auth_insecure',
default=False,
help=_("Turn off verification of the certificate for ssl")),
] ]
binding_opts = [ binding_opts = [
cfg.StrOpt('veth_dst_prefix', cfg.StrOpt('veth_dst_prefix',

5
kuryr/controllers.py
View File

@ -88,13 +88,16 @@ def get_neutron_client():
password = keystone_conf.admin_password password = keystone_conf.admin_password
auth_token = keystone_conf.admin_token auth_token = keystone_conf.admin_token
auth_uri = keystone_conf.auth_uri.rstrip('/') auth_uri = keystone_conf.auth_uri.rstrip('/')
ca_cert = keystone_conf.auth_ca_cert
insecure = keystone_conf.auth_insecure
neutron_uri = cfg.CONF.neutron_client.neutron_uri neutron_uri = cfg.CONF.neutron_client.neutron_uri
if username and password: if username and password:
# Authenticate with password crentials # Authenticate with password crentials
neutron_client = utils.get_neutron_client( neutron_client = utils.get_neutron_client(
url=neutron_uri, username=username, tenant_name=tenant_name, url=neutron_uri, username=username, tenant_name=tenant_name,
password=password, auth_url=auth_uri) password=password, auth_url=auth_uri,
ca_cert=ca_cert, insecure=insecure)
else: else:
neutron_client = utils.get_neutron_client_simple( neutron_client = utils.get_neutron_client_simple(
url=neutron_uri, auth_url=auth_uri, token=auth_token) url=neutron_uri, auth_url=auth_uri, token=auth_token)

7
kuryr/utils.py
View File

@ -40,11 +40,12 @@ def get_neutron_client_simple(url, auth_url, token):
def get_neutron_client(url, username, tenant_name, password, def get_neutron_client(url, username, tenant_name, password,
auth_url, timeout=30): auth_url, ca_cert, insecure, timeout=30):
return client_v2.Client(endpoint_url=url, timeout=timeout, return client_v2.Client(endpoint_url=url, timeout=timeout,
username=username, tenant_name=tenant_name, username=username, tenant_name=tenant_name,
password=password, auth_url=auth_url) password=password, auth_url=auth_url,
ca_cert=ca_cert, insecure=insecure)
# Return all errors as JSON. From http://flask.pocoo.org/snippets/83/ # Return all errors as JSON. From http://flask.pocoo.org/snippets/83/