Merge "Revert "Handle ssl for VNX manila driver""

2017-03-23 15:40:03 +00:00 · 2017-03-23 15:40:03 +00:00 · ed19930c72
parent 11965d6066 1252c2edf5
commit ed19930c72
6 changed files with 4 additions and 77 deletions
--- a/manila/share/driver.py
+++ b/manila/share/driver.py
@ -132,14 +132,6 @@ share_opts = [
    cfg.StrOpt('goodness_function',
               help='String representation for an equation that will be '
                    'used to determine the goodness of a host.'),
-    cfg.BoolOpt('driver_ssl_cert_verify',
-                default=False,
-                help='If set to True the https client will validate the SSL '
-                     'certificate of the backend endpoint.'),
-    cfg.StrOpt('driver_ssl_cert_path',
-               help='Can be used to specify a non default path to a '
-                    'CA_BUNDLE file or directory with certificates of trusted '
-                    'CAs, which will be used to validate the backend.'),
 ]

 ssh_opts = [
--- a/manila/share/drivers/dell_emc/plugins/vnx/connector.py
+++ b/manila/share/drivers/dell_emc/plugins/vnx/connector.py
@ -38,17 +38,11 @@ class XMLAPIConnector(object):
        self.storage_ip = configuration.emc_nas_server
        self.username = configuration.emc_nas_login
        self.password = configuration.emc_nas_password
-        self.ssl_cert_verify = configuration.driver_ssl_cert_verify
-        self.ssl_cert_path = configuration.driver_ssl_cert_path
        self.debug = debug
        self.auth_url = 'https://' + self.storage_ip + '/Login'
-        self._url = 'https://{}/servlets/CelerraManagementServices'.format(
-            self.storage_ip)
-        context = utils.create_ssl_context(configuration)
-        if context:
-            https_handler = url_request.HTTPSHandler(context=context)
-        else:
-            https_handler = url_request.HTTPSHandler()
+        self._url = ('https://' + self.storage_ip
+                     + '/servlets/CelerraManagementServices')
+        https_handler = url_request.HTTPSHandler()
        cookie_handler = url_request.HTTPCookieProcessor(
            http_cookiejar.CookieJar())
        self.url_opener = url_request.build_opener(https_handler,
--- a/manila/tests/share/drivers/dell_emc/plugins/vnx/fakes.py
+++ b/manila/tests/share/drivers/dell_emc/plugins/vnx/fakes.py
@ -1467,9 +1467,6 @@ class FakeEMCShareDriver(object):
        self.configuration.emc_nas_login = FakeData.emc_nas_login
        self.configuration.emc_nas_password = FakeData.emc_nas_password
        self.configuration.share_backend_name = FakeData.share_backend_name
-        self.configuration.driver_ssl_cert_verify = False
-        self.configuration.driver_ssl_cert_path = None
-

 CIFS_SHARE = fake_share.fake_share(
    id=FakeData.share_id,
--- a/manila/tests/test_utils.py
+++ b/manila/tests/test_utils.py
@ -17,7 +17,6 @@
 import datetime
 import errno
 import socket
-import ssl
 import time

 import ddt
@ -745,30 +744,3 @@ class ShareMigrationHelperTestCase(test.TestCase):
        self.assertRaises(expected_exc,
                          utils.wait_for_access_update, self.context,
                          db, fake_instance, 1)
-
-
-class SslContextTestCase(test.TestCase):
-
-    def test_create_ssl_context(self):
-        configuration = mock.Mock()
-        configuration.driver_ssl_cert_verify = True
-        configuration.driver_ssl_cert_path = "./cert_path/"
-        self.mock_object(ssl, 'create_default_context')
-        context = utils.create_ssl_context(configuration)
-        self.assertIsNotNone(context)
-
-    def test_create_ssl_context_no_verify(self):
-        configuration = mock.Mock()
-        configuration.driver_ssl_cert_verify = False
-        self.mock_object(ssl, 'create_default_context')
-        context = utils.create_ssl_context(configuration)
-        self.assertFalse(context.check_hostname)
-
-    def test_no_create_default_context(self):
-        """Test scenario of running on python 2.7.8 or earlier."""
-        configuration = mock.Mock()
-        configuration.driver_ssl_cert_verify = False
-        self.mock_object(ssl, 'create_default_context',
-                         mock.Mock(side_effect=AttributeError))
-        context = utils.create_ssl_context(configuration)
-        self.assertIsNone(context)
--- a/manila/utils.py
+++ b/manila/utils.py
@ -26,7 +26,6 @@ import random
 import re
 import shutil
 import socket
-import ssl
 import sys
 import tempfile
 import time
@ -49,7 +48,7 @@ from webob import exc
 from manila.common import constants
 from manila.db import api as db_api
 from manila import exception
-from manila.i18n import _, _LW
+from manila.i18n import _

 CONF = cfg.CONF
 LOG = log.getLogger(__name__)
@ -591,24 +590,3 @@ def wait_for_access_update(context, db, share_instance,
            raise exception.ShareMigrationFailed(reason=msg)
        else:
            time.sleep(tries ** 2)
-
-
-def create_ssl_context(configuration):
-    """Create context for ssl verification.
-
-    .. note:: starting from python 2.7.9 ssl adds create_default_context.
-              We need to keep compatibility with previous python as well.
-    """
-    try:
-        if configuration.driver_ssl_cert_verify:
-            context = ssl.create_default_context(
-                capath=configuration.driver_ssl_cert_path)
-        else:
-            context = ssl.create_default_context()
-            context.check_hostname = False
-            context.verify_mode = ssl.CERT_NONE
-    except AttributeError:
-        LOG.warning(_LW('Creating ssl context is not supported on this '
-                        'version of Python, ssl verification is disabled.'))
-        context = None
-    return context
--- a/releasenotes/notes/add-ssl-verify-options-2287ae7b40e3ae83.yaml
+++ b/releasenotes/notes/add-ssl-verify-options-2287ae7b40e3ae83.yaml
@ -1,6 +0,0 @@
---
-features:
-  - Added following 2 options for SSL verification
-    ``driver_ssl_cert_verify``
-    ``driver_ssl_cert_path``
-    For more details, see OpenStack official documentation.