diff --git a/manila/share/driver.py b/manila/share/driver.py index fa25587f1e..fdafdd1c12 100644 --- a/manila/share/driver.py +++ b/manila/share/driver.py @@ -132,14 +132,6 @@ share_opts = [ cfg.StrOpt('goodness_function', help='String representation for an equation that will be ' 'used to determine the goodness of a host.'), - cfg.BoolOpt('driver_ssl_cert_verify', - default=False, - help='If set to True the https client will validate the SSL ' - 'certificate of the backend endpoint.'), - cfg.StrOpt('driver_ssl_cert_path', - help='Can be used to specify a non default path to a ' - 'CA_BUNDLE file or directory with certificates of trusted ' - 'CAs, which will be used to validate the backend.'), ] ssh_opts = [ diff --git a/manila/share/drivers/dell_emc/plugins/vnx/connector.py b/manila/share/drivers/dell_emc/plugins/vnx/connector.py index 25a5a56916..ce6d3c8149 100644 --- a/manila/share/drivers/dell_emc/plugins/vnx/connector.py +++ b/manila/share/drivers/dell_emc/plugins/vnx/connector.py @@ -38,17 +38,11 @@ class XMLAPIConnector(object): self.storage_ip = configuration.emc_nas_server self.username = configuration.emc_nas_login self.password = configuration.emc_nas_password - self.ssl_cert_verify = configuration.driver_ssl_cert_verify - self.ssl_cert_path = configuration.driver_ssl_cert_path self.debug = debug self.auth_url = 'https://' + self.storage_ip + '/Login' - self._url = 'https://{}/servlets/CelerraManagementServices'.format( - self.storage_ip) - context = utils.create_ssl_context(configuration) - if context: - https_handler = url_request.HTTPSHandler(context=context) - else: - https_handler = url_request.HTTPSHandler() + self._url = ('https://' + self.storage_ip + + '/servlets/CelerraManagementServices') + https_handler = url_request.HTTPSHandler() cookie_handler = url_request.HTTPCookieProcessor( http_cookiejar.CookieJar()) self.url_opener = url_request.build_opener(https_handler, diff --git a/manila/tests/share/drivers/dell_emc/plugins/vnx/fakes.py b/manila/tests/share/drivers/dell_emc/plugins/vnx/fakes.py index fabddc6937..738eeb304f 100644 --- a/manila/tests/share/drivers/dell_emc/plugins/vnx/fakes.py +++ b/manila/tests/share/drivers/dell_emc/plugins/vnx/fakes.py @@ -1467,9 +1467,6 @@ class FakeEMCShareDriver(object): self.configuration.emc_nas_login = FakeData.emc_nas_login self.configuration.emc_nas_password = FakeData.emc_nas_password self.configuration.share_backend_name = FakeData.share_backend_name - self.configuration.driver_ssl_cert_verify = False - self.configuration.driver_ssl_cert_path = None - CIFS_SHARE = fake_share.fake_share( id=FakeData.share_id, diff --git a/manila/tests/test_utils.py b/manila/tests/test_utils.py index 9131346a23..9fdf051084 100644 --- a/manila/tests/test_utils.py +++ b/manila/tests/test_utils.py @@ -17,7 +17,6 @@ import datetime import errno import socket -import ssl import time import ddt @@ -745,30 +744,3 @@ class ShareMigrationHelperTestCase(test.TestCase): self.assertRaises(expected_exc, utils.wait_for_access_update, self.context, db, fake_instance, 1) - - -class SslContextTestCase(test.TestCase): - - def test_create_ssl_context(self): - configuration = mock.Mock() - configuration.driver_ssl_cert_verify = True - configuration.driver_ssl_cert_path = "./cert_path/" - self.mock_object(ssl, 'create_default_context') - context = utils.create_ssl_context(configuration) - self.assertIsNotNone(context) - - def test_create_ssl_context_no_verify(self): - configuration = mock.Mock() - configuration.driver_ssl_cert_verify = False - self.mock_object(ssl, 'create_default_context') - context = utils.create_ssl_context(configuration) - self.assertFalse(context.check_hostname) - - def test_no_create_default_context(self): - """Test scenario of running on python 2.7.8 or earlier.""" - configuration = mock.Mock() - configuration.driver_ssl_cert_verify = False - self.mock_object(ssl, 'create_default_context', - mock.Mock(side_effect=AttributeError)) - context = utils.create_ssl_context(configuration) - self.assertIsNone(context) diff --git a/manila/utils.py b/manila/utils.py index 113c55fa02..3d312a23e5 100644 --- a/manila/utils.py +++ b/manila/utils.py @@ -26,7 +26,6 @@ import random import re import shutil import socket -import ssl import sys import tempfile import time @@ -49,7 +48,7 @@ from webob import exc from manila.common import constants from manila.db import api as db_api from manila import exception -from manila.i18n import _, _LW +from manila.i18n import _ CONF = cfg.CONF LOG = log.getLogger(__name__) @@ -591,24 +590,3 @@ def wait_for_access_update(context, db, share_instance, raise exception.ShareMigrationFailed(reason=msg) else: time.sleep(tries ** 2) - - -def create_ssl_context(configuration): - """Create context for ssl verification. - - .. note:: starting from python 2.7.9 ssl adds create_default_context. - We need to keep compatibility with previous python as well. - """ - try: - if configuration.driver_ssl_cert_verify: - context = ssl.create_default_context( - capath=configuration.driver_ssl_cert_path) - else: - context = ssl.create_default_context() - context.check_hostname = False - context.verify_mode = ssl.CERT_NONE - except AttributeError: - LOG.warning(_LW('Creating ssl context is not supported on this ' - 'version of Python, ssl verification is disabled.')) - context = None - return context diff --git a/releasenotes/notes/add-ssl-verify-options-2287ae7b40e3ae83.yaml b/releasenotes/notes/add-ssl-verify-options-2287ae7b40e3ae83.yaml deleted file mode 100644 index c80f132d15..0000000000 --- a/releasenotes/notes/add-ssl-verify-options-2287ae7b40e3ae83.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - Added following 2 options for SSL verification - ``driver_ssl_cert_verify`` - ``driver_ssl_cert_path`` - For more details, see OpenStack official documentation.