Rename "insecure" to "tls_disabled"
When talking about TLS "insecure" is used for describing a situation where certificate validation is disabled. However in Magnum it has been used to describe disabling TLS entirely. This change modifies this column and attribute name to avoid any confusion. Co-Authored by: Adrian Otto <adrian.otto@rackspace.com> Co-Authored by: Vilobh Meshram <vilobhmm@yahoo-inc.com> Closes-Bug: #1500953 Change-Id: Idb3316900fe2b7fb3acd38f57226902ca10e091a
This commit is contained in:
parent
413764cbe2
commit
bc6b7b79ba
|
@ -122,7 +122,7 @@ class BayModel(base.APIBase):
|
|||
labels = wtypes.DictType(str, str)
|
||||
"""One or more key/value pairs"""
|
||||
|
||||
insecure = wsme.wsattr(types.boolean, default=False)
|
||||
tls_disabled = wsme.wsattr(types.boolean, default=False)
|
||||
"""Indicates whether the TLS should be disabled"""
|
||||
|
||||
def __init__(self, **kwargs):
|
||||
|
|
|
@ -493,8 +493,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
|
|||
self.add_parameter('external_network',
|
||||
baymodel_attr='external_network_id',
|
||||
required=True)
|
||||
self.add_parameter('insecure',
|
||||
baymodel_attr='insecure',
|
||||
self.add_parameter('tls_disabled',
|
||||
baymodel_attr='tls_disabled',
|
||||
required=True)
|
||||
self.add_output('swarm_master',
|
||||
bay_attr='api_address')
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
"""rename-insecure
|
||||
|
||||
Revision ID: 5ad410481b88
|
||||
Revises: 27ad304554e2
|
||||
Create Date: 2015-09-29 17:51:10.195121
|
||||
|
||||
"""
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '5ad410481b88'
|
||||
down_revision = '27ad304554e2'
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
def upgrade():
|
||||
op.alter_column('baymodel', 'insecure',
|
||||
new_column_name='tls_disabled',
|
||||
existing_type=sa.Boolean())
|
|
@ -173,7 +173,7 @@ class BayModel(Base):
|
|||
no_proxy = Column(String(255))
|
||||
registry_enabled = Column(Boolean, default=False)
|
||||
labels = Column(JSONEncodedDict)
|
||||
insecure = Column(Boolean, default=False)
|
||||
tls_disabled = Column(Boolean, default=False)
|
||||
|
||||
|
||||
class Container(Base):
|
||||
|
|
|
@ -28,7 +28,8 @@ class BayModel(base.MagnumPersistentObject, base.MagnumObject,
|
|||
# Version 1.3: Added 'labels' attribute
|
||||
# Version 1.4: Added 'insecure' attribute
|
||||
# Version 1.5: Changed type of 'coe' from StringField to BayTypeField
|
||||
VERSION = '1.5'
|
||||
# Version 1.6: Change 'insecure' to 'tls_disabled'
|
||||
VERSION = '1.6'
|
||||
|
||||
dbapi = dbapi.get_instance()
|
||||
|
||||
|
@ -56,7 +57,7 @@ class BayModel(base.MagnumPersistentObject, base.MagnumObject,
|
|||
'no_proxy': fields.StringField(nullable=True),
|
||||
'registry_enabled': fields.BooleanField(default=False),
|
||||
'labels': fields.DictOfStringsField(nullable=True),
|
||||
'insecure': fields.BooleanField(default=False),
|
||||
'tls_disabled': fields.BooleanField(default=False),
|
||||
}
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -133,7 +133,7 @@ def write_server_cert(config, csr_req):
|
|||
|
||||
def main():
|
||||
config = load_config()
|
||||
if config['INSECURE'] == 'False':
|
||||
if config['TLS_DISABLED'] == 'False':
|
||||
create_dirs()
|
||||
write_ca_cert(config)
|
||||
write_server_key()
|
||||
|
|
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/docker -d -H fd:// \\
|
|||
-H tcp://0.0.0.0:2375 \\
|
||||
END_SERVICE_TOP
|
||||
|
||||
if [ $INSECURE == 'False' ]; then
|
||||
if [ $TLS_DISABLED == 'False' ]; then
|
||||
|
||||
cat >> /etc/systemd/system/docker.service << END_TLS
|
||||
--tls \\
|
||||
|
|
|
@ -14,4 +14,4 @@ write_files:
|
|||
BAY_UUID="$BAY_UUID"
|
||||
USER_TOKEN="$USER_TOKEN"
|
||||
MAGNUM_URL="$MAGNUM_URL"
|
||||
INSECURE="$INSECURE"
|
||||
TLS_DISABLED="$TLS_DISABLED"
|
||||
|
|
|
@ -22,7 +22,7 @@ ExecStart=/usr/bin/docker run --name swarm-manager \\
|
|||
manage -H tcp://0.0.0.0:2375 \\
|
||||
END_SERVICE_TOP
|
||||
|
||||
if [ $INSECURE = 'False' ]; then
|
||||
if [ $TLS_DISABLED = 'False' ]; then
|
||||
|
||||
cat >> /etc/systemd/system/swarm-manager.service << END_TLS
|
||||
--tls \\
|
||||
|
|
|
@ -80,7 +80,7 @@ parameters:
|
|||
description: network range for fixed ip network
|
||||
default: "10.0.0.0/24"
|
||||
|
||||
insecure:
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to enable TLS
|
||||
default: False
|
||||
|
@ -192,7 +192,7 @@ resources:
|
|||
"$BAY_UUID": {get_param: bay_uuid}
|
||||
"$USER_TOKEN": {get_param: user_token}
|
||||
"$MAGNUM_URL": {get_param: magnum_url}
|
||||
"$INSECURE": {get_param: insecure}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
|
||||
configure_swarm:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
@ -252,7 +252,7 @@ resources:
|
|||
"$HTTP_PROXY": {get_param: http_proxy}
|
||||
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||
"$NO_PROXY": {get_param: no_proxy}
|
||||
"$INSECURE": {get_param: insecure}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
|
||||
enable_services:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
@ -366,7 +366,7 @@ resources:
|
|||
bay_uuid: {get_param: bay_uuid}
|
||||
user_token: {get_param: user_token}
|
||||
magnum_url: {get_param: magnum_url}
|
||||
insecure: {get_param: insecure}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
|
||||
outputs:
|
||||
|
||||
|
|
|
@ -69,7 +69,7 @@ parameters:
|
|||
type: string
|
||||
description: endpoint to retrieve TLS certs from
|
||||
|
||||
insecure:
|
||||
tls_disabled:
|
||||
type: boolean
|
||||
description: whether or not to disable TLS
|
||||
|
||||
|
@ -139,7 +139,7 @@ resources:
|
|||
"$BAY_UUID": {get_param: bay_uuid}
|
||||
"$USER_TOKEN": {get_param: user_token}
|
||||
"$MAGNUM_URL": {get_param: magnum_url}
|
||||
"$INSECURE": {get_param: insecure}
|
||||
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||
|
||||
configure_swarm:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
|
|
@ -868,7 +868,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
|||
'http_proxy': 'http_proxy',
|
||||
'https_proxy': 'https_proxy',
|
||||
'no_proxy': 'no_proxy',
|
||||
'insecure': False
|
||||
'tls_disabled': False
|
||||
}
|
||||
self.bay_dict = {
|
||||
'id': 1,
|
||||
|
@ -915,7 +915,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
|||
'user_token': self.context.auth_token,
|
||||
'bay_uuid': 'some_uuid',
|
||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||
'insecure': False
|
||||
'tls_disabled': False
|
||||
|
||||
}
|
||||
self.assertEqual(expected, definition)
|
||||
|
@ -951,7 +951,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
|||
'user_token': self.context.auth_token,
|
||||
'bay_uuid': 'some_uuid',
|
||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||
'insecure': False
|
||||
'tls_disabled': False
|
||||
}
|
||||
self.assertEqual(expected, definition)
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ def get_test_baymodel(**kw):
|
|||
'https_proxy': kw.get('https_proxy', 'fake_https_proxy'),
|
||||
'no_proxy': kw.get('no_proxy', 'fake_no_proxy'),
|
||||
'registry_enabled': kw.get('registry_enabled', False),
|
||||
'insecure': kw.get('insecure', False)
|
||||
'tls_disabled': kw.get('tls_disabled', False)
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -426,7 +426,7 @@ class _TestObject(object):
|
|||
object_data = {
|
||||
'Bay': '1.0-35edde13ad178e9419e7ea8b6d580bcd',
|
||||
'BayLock': '1.0-7d1eb08cf2070523bd210369c7a2e076',
|
||||
'BayModel': '1.5-b76d9b1e15e0ddef469eed9d986d4983',
|
||||
'BayModel': '1.6-ac101f3a69f1bd65d671e884e0d88855',
|
||||
'Certificate': '1.0-2aff667971b85c1edf8d15684fd7d5e2',
|
||||
'Container': '1.0-e12affbba5f8a748882a3ae98aced282',
|
||||
'MyObj': '1.0-b43567e512438205e32f4e95ca616697',
|
||||
|
|
Loading…
Reference in New Issue