openstack
/
magnum
Code Issues Proposed changes

Rename "insecure" to "tls_disabled" 

When talking about TLS "insecure" is used for describing a situation
where certificate validation is disabled. However in Magnum it has been
used to describe disabling TLS entirely. This change modifies this
column and attribute name to avoid any confusion.

Co-Authored by: Adrian Otto <adrian.otto@rackspace.com>
Co-Authored by: Vilobh Meshram <vilobhmm@yahoo-inc.com>

Closes-Bug: #1500953
Change-Id: Idb3316900fe2b7fb3acd38f57226902ca10e091a
This commit is contained in:
Tom Cammann 2015-09-29 17:30:44 +01:00
parent 413764cbe2
commit bc6b7b79ba
14 changed files with 53 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
magnum/api/controllers/v1/baymodel.py
View File

@ -122,7 +122,7 @@ class BayModel(base.APIBase):
labels = wtypes.DictType(str, str)
"""One or more key/value pairs"""
insecure = wsme.wsattr(types.boolean, default=False)
tls_disabled = wsme.wsattr(types.boolean, default=False)
"""Indicates whether the TLS should be disabled"""
def __init__(self, **kwargs):

4
magnum/conductor/template_definition.py
View File

@ -493,8 +493,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
self.add_parameter('external_network',
baymodel_attr='external_network_id',
required=True)
self.add_parameter('insecure',
baymodel_attr='insecure',
self.add_parameter('tls_disabled',
baymodel_attr='tls_disabled',
required=True)
self.add_output('swarm_master',
bay_attr='api_address')

31
magnum/db/sqlalchemy/alembic/versions/5ad410481b88_rename_insecure.py Normal file
View File

@ -0,0 +1,31 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""rename-insecure
Revision ID: 5ad410481b88
Revises: 27ad304554e2
Create Date: 2015-09-29 17:51:10.195121
"""
# revision identifiers, used by Alembic.
revision = '5ad410481b88'
down_revision = '27ad304554e2'
from alembic import op
import sqlalchemy as sa
def upgrade():
op.alter_column('baymodel', 'insecure',
new_column_name='tls_disabled',
existing_type=sa.Boolean())

2
magnum/db/sqlalchemy/models.py
View File

@ -173,7 +173,7 @@ class BayModel(Base):
no_proxy = Column(String(255))
registry_enabled = Column(Boolean, default=False)
labels = Column(JSONEncodedDict)
insecure = Column(Boolean, default=False)
tls_disabled = Column(Boolean, default=False)
class Container(Base):

5
magnum/objects/baymodel.py
View File

@ -28,7 +28,8 @@ class BayModel(base.MagnumPersistentObject, base.MagnumObject,
# Version 1.3: Added 'labels' attribute
# Version 1.4: Added 'insecure' attribute
# Version 1.5: Changed type of 'coe' from StringField to BayTypeField
VERSION = '1.5'
# Version 1.6: Change 'insecure' to 'tls_disabled'
VERSION = '1.6'
dbapi = dbapi.get_instance()
@ -56,7 +57,7 @@ class BayModel(base.MagnumPersistentObject, base.MagnumObject,
'no_proxy': fields.StringField(nullable=True),
'registry_enabled': fields.BooleanField(default=False),
'labels': fields.DictOfStringsField(nullable=True),
'insecure': fields.BooleanField(default=False),
'tls_disabled': fields.BooleanField(default=False),
}
@staticmethod

2
magnum/templates/docker-swarm/fragments/make-cert.py
View File

@ -133,7 +133,7 @@ def write_server_cert(config, csr_req):
def main():
config = load_config()
if config['INSECURE'] == 'False':
if config['TLS_DISABLED'] == 'False':
create_dirs()
write_ca_cert(config)
write_server_key()

2
magnum/templates/docker-swarm/fragments/write-docker-service.sh
View File

@ -20,7 +20,7 @@ ExecStart=/usr/bin/docker -d -H fd:// \\
-H tcp://0.0.0.0:2375 \\
END_SERVICE_TOP
if [ $INSECURE == 'False' ]; then
if [ $TLS_DISABLED == 'False' ]; then
cat >> /etc/systemd/system/docker.service << END_TLS
--tls \\

2
magnum/templates/docker-swarm/fragments/write-heat-params.yaml
View File

@ -14,4 +14,4 @@ write_files:
BAY_UUID="$BAY_UUID"
USER_TOKEN="$USER_TOKEN"
MAGNUM_URL="$MAGNUM_URL"
INSECURE="$INSECURE"
TLS_DISABLED="$TLS_DISABLED"

2
magnum/templates/docker-swarm/fragments/write-swarm-master-service.sh
View File

@ -22,7 +22,7 @@ ExecStart=/usr/bin/docker run --name swarm-manager \\
manage -H tcp://0.0.0.0:2375 \\
END_SERVICE_TOP
if [ $INSECURE = 'False' ]; then
if [ $TLS_DISABLED = 'False' ]; then
cat >> /etc/systemd/system/swarm-manager.service << END_TLS
--tls \\

8
magnum/templates/docker-swarm/swarm.yaml
View File

@ -80,7 +80,7 @@ parameters:
description: network range for fixed ip network
default: "10.0.0.0/24"
insecure:
tls_disabled:
type: boolean
description: whether or not to enable TLS
default: False
@ -192,7 +192,7 @@ resources:
"$BAY_UUID": {get_param: bay_uuid}
"$USER_TOKEN": {get_param: user_token}
"$MAGNUM_URL": {get_param: magnum_url}
"$INSECURE": {get_param: insecure}
"$TLS_DISABLED": {get_param: tls_disabled}
configure_swarm:
type: "OS::Heat::SoftwareConfig"
@ -252,7 +252,7 @@ resources:
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
"$INSECURE": {get_param: insecure}
"$TLS_DISABLED": {get_param: tls_disabled}
enable_services:
type: "OS::Heat::SoftwareConfig"
@ -366,7 +366,7 @@ resources:
bay_uuid: {get_param: bay_uuid}
user_token: {get_param: user_token}
magnum_url: {get_param: magnum_url}
insecure: {get_param: insecure}
tls_disabled: {get_param: tls_disabled}
outputs:

4
magnum/templates/docker-swarm/swarmnode.yaml
View File

@ -69,7 +69,7 @@ parameters:
type: string
description: endpoint to retrieve TLS certs from
insecure:
tls_disabled:
type: boolean
description: whether or not to disable TLS
@ -139,7 +139,7 @@ resources:
"$BAY_UUID": {get_param: bay_uuid}
"$USER_TOKEN": {get_param: user_token}
"$MAGNUM_URL": {get_param: magnum_url}
"$INSECURE": {get_param: insecure}
"$TLS_DISABLED": {get_param: tls_disabled}
configure_swarm:
type: "OS::Heat::SoftwareConfig"

6
magnum/tests/unit/conductor/handlers/test_bay_conductor.py
View File

@ -868,7 +868,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
'insecure': False
'tls_disabled': False
}
self.bay_dict = {
'id': 1,
@ -915,7 +915,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'user_token': self.context.auth_token,
'bay_uuid': 'some_uuid',
'magnum_url': self.mock_osc.magnum_url.return_value,
'insecure': False
'tls_disabled': False
}
self.assertEqual(expected, definition)
@ -951,7 +951,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'user_token': self.context.auth_token,
'bay_uuid': 'some_uuid',
'magnum_url': self.mock_osc.magnum_url.return_value,
'insecure': False
'tls_disabled': False
}
self.assertEqual(expected, definition)

2
magnum/tests/unit/db/utils.py
View File

@ -53,7 +53,7 @@ def get_test_baymodel(**kw):
'https_proxy': kw.get('https_proxy', 'fake_https_proxy'),
'no_proxy': kw.get('no_proxy', 'fake_no_proxy'),
'registry_enabled': kw.get('registry_enabled', False),
'insecure': kw.get('insecure', False)
'tls_disabled': kw.get('tls_disabled', False)
}

2
magnum/tests/unit/objects/test_objects.py
View File

@ -426,7 +426,7 @@ class _TestObject(object):
object_data = {
'Bay': '1.0-35edde13ad178e9419e7ea8b6d580bcd',
'BayLock': '1.0-7d1eb08cf2070523bd210369c7a2e076',
'BayModel': '1.5-b76d9b1e15e0ddef469eed9d986d4983',
'BayModel': '1.6-ac101f3a69f1bd65d671e884e0d88855',
'Certificate': '1.0-2aff667971b85c1edf8d15684fd7d5e2',
'Container': '1.0-e12affbba5f8a748882a3ae98aced282',
'MyObj': '1.0-b43567e512438205e32f4e95ca616697',