Merge "Revert "Handle ssl for VNX manila driver""
This commit is contained in:
commit
ed19930c72
|
@ -132,14 +132,6 @@ share_opts = [
|
||||||
cfg.StrOpt('goodness_function',
|
cfg.StrOpt('goodness_function',
|
||||||
help='String representation for an equation that will be '
|
help='String representation for an equation that will be '
|
||||||
'used to determine the goodness of a host.'),
|
'used to determine the goodness of a host.'),
|
||||||
cfg.BoolOpt('driver_ssl_cert_verify',
|
|
||||||
default=False,
|
|
||||||
help='If set to True the https client will validate the SSL '
|
|
||||||
'certificate of the backend endpoint.'),
|
|
||||||
cfg.StrOpt('driver_ssl_cert_path',
|
|
||||||
help='Can be used to specify a non default path to a '
|
|
||||||
'CA_BUNDLE file or directory with certificates of trusted '
|
|
||||||
'CAs, which will be used to validate the backend.'),
|
|
||||||
]
|
]
|
||||||
|
|
||||||
ssh_opts = [
|
ssh_opts = [
|
||||||
|
|
|
@ -38,16 +38,10 @@ class XMLAPIConnector(object):
|
||||||
self.storage_ip = configuration.emc_nas_server
|
self.storage_ip = configuration.emc_nas_server
|
||||||
self.username = configuration.emc_nas_login
|
self.username = configuration.emc_nas_login
|
||||||
self.password = configuration.emc_nas_password
|
self.password = configuration.emc_nas_password
|
||||||
self.ssl_cert_verify = configuration.driver_ssl_cert_verify
|
|
||||||
self.ssl_cert_path = configuration.driver_ssl_cert_path
|
|
||||||
self.debug = debug
|
self.debug = debug
|
||||||
self.auth_url = 'https://' + self.storage_ip + '/Login'
|
self.auth_url = 'https://' + self.storage_ip + '/Login'
|
||||||
self._url = 'https://{}/servlets/CelerraManagementServices'.format(
|
self._url = ('https://' + self.storage_ip
|
||||||
self.storage_ip)
|
+ '/servlets/CelerraManagementServices')
|
||||||
context = utils.create_ssl_context(configuration)
|
|
||||||
if context:
|
|
||||||
https_handler = url_request.HTTPSHandler(context=context)
|
|
||||||
else:
|
|
||||||
https_handler = url_request.HTTPSHandler()
|
https_handler = url_request.HTTPSHandler()
|
||||||
cookie_handler = url_request.HTTPCookieProcessor(
|
cookie_handler = url_request.HTTPCookieProcessor(
|
||||||
http_cookiejar.CookieJar())
|
http_cookiejar.CookieJar())
|
||||||
|
|
|
@ -1467,9 +1467,6 @@ class FakeEMCShareDriver(object):
|
||||||
self.configuration.emc_nas_login = FakeData.emc_nas_login
|
self.configuration.emc_nas_login = FakeData.emc_nas_login
|
||||||
self.configuration.emc_nas_password = FakeData.emc_nas_password
|
self.configuration.emc_nas_password = FakeData.emc_nas_password
|
||||||
self.configuration.share_backend_name = FakeData.share_backend_name
|
self.configuration.share_backend_name = FakeData.share_backend_name
|
||||||
self.configuration.driver_ssl_cert_verify = False
|
|
||||||
self.configuration.driver_ssl_cert_path = None
|
|
||||||
|
|
||||||
|
|
||||||
CIFS_SHARE = fake_share.fake_share(
|
CIFS_SHARE = fake_share.fake_share(
|
||||||
id=FakeData.share_id,
|
id=FakeData.share_id,
|
||||||
|
|
|
@ -17,7 +17,6 @@
|
||||||
import datetime
|
import datetime
|
||||||
import errno
|
import errno
|
||||||
import socket
|
import socket
|
||||||
import ssl
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
import ddt
|
import ddt
|
||||||
|
@ -745,30 +744,3 @@ class ShareMigrationHelperTestCase(test.TestCase):
|
||||||
self.assertRaises(expected_exc,
|
self.assertRaises(expected_exc,
|
||||||
utils.wait_for_access_update, self.context,
|
utils.wait_for_access_update, self.context,
|
||||||
db, fake_instance, 1)
|
db, fake_instance, 1)
|
||||||
|
|
||||||
|
|
||||||
class SslContextTestCase(test.TestCase):
|
|
||||||
|
|
||||||
def test_create_ssl_context(self):
|
|
||||||
configuration = mock.Mock()
|
|
||||||
configuration.driver_ssl_cert_verify = True
|
|
||||||
configuration.driver_ssl_cert_path = "./cert_path/"
|
|
||||||
self.mock_object(ssl, 'create_default_context')
|
|
||||||
context = utils.create_ssl_context(configuration)
|
|
||||||
self.assertIsNotNone(context)
|
|
||||||
|
|
||||||
def test_create_ssl_context_no_verify(self):
|
|
||||||
configuration = mock.Mock()
|
|
||||||
configuration.driver_ssl_cert_verify = False
|
|
||||||
self.mock_object(ssl, 'create_default_context')
|
|
||||||
context = utils.create_ssl_context(configuration)
|
|
||||||
self.assertFalse(context.check_hostname)
|
|
||||||
|
|
||||||
def test_no_create_default_context(self):
|
|
||||||
"""Test scenario of running on python 2.7.8 or earlier."""
|
|
||||||
configuration = mock.Mock()
|
|
||||||
configuration.driver_ssl_cert_verify = False
|
|
||||||
self.mock_object(ssl, 'create_default_context',
|
|
||||||
mock.Mock(side_effect=AttributeError))
|
|
||||||
context = utils.create_ssl_context(configuration)
|
|
||||||
self.assertIsNone(context)
|
|
||||||
|
|
|
@ -26,7 +26,6 @@ import random
|
||||||
import re
|
import re
|
||||||
import shutil
|
import shutil
|
||||||
import socket
|
import socket
|
||||||
import ssl
|
|
||||||
import sys
|
import sys
|
||||||
import tempfile
|
import tempfile
|
||||||
import time
|
import time
|
||||||
|
@ -49,7 +48,7 @@ from webob import exc
|
||||||
from manila.common import constants
|
from manila.common import constants
|
||||||
from manila.db import api as db_api
|
from manila.db import api as db_api
|
||||||
from manila import exception
|
from manila import exception
|
||||||
from manila.i18n import _, _LW
|
from manila.i18n import _
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
LOG = log.getLogger(__name__)
|
LOG = log.getLogger(__name__)
|
||||||
|
@ -591,24 +590,3 @@ def wait_for_access_update(context, db, share_instance,
|
||||||
raise exception.ShareMigrationFailed(reason=msg)
|
raise exception.ShareMigrationFailed(reason=msg)
|
||||||
else:
|
else:
|
||||||
time.sleep(tries ** 2)
|
time.sleep(tries ** 2)
|
||||||
|
|
||||||
|
|
||||||
def create_ssl_context(configuration):
|
|
||||||
"""Create context for ssl verification.
|
|
||||||
|
|
||||||
.. note:: starting from python 2.7.9 ssl adds create_default_context.
|
|
||||||
We need to keep compatibility with previous python as well.
|
|
||||||
"""
|
|
||||||
try:
|
|
||||||
if configuration.driver_ssl_cert_verify:
|
|
||||||
context = ssl.create_default_context(
|
|
||||||
capath=configuration.driver_ssl_cert_path)
|
|
||||||
else:
|
|
||||||
context = ssl.create_default_context()
|
|
||||||
context.check_hostname = False
|
|
||||||
context.verify_mode = ssl.CERT_NONE
|
|
||||||
except AttributeError:
|
|
||||||
LOG.warning(_LW('Creating ssl context is not supported on this '
|
|
||||||
'version of Python, ssl verification is disabled.'))
|
|
||||||
context = None
|
|
||||||
return context
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
features:
|
|
||||||
- Added following 2 options for SSL verification
|
|
||||||
``driver_ssl_cert_verify``
|
|
||||||
``driver_ssl_cert_path``
|
|
||||||
For more details, see OpenStack official documentation.
|
|
Loading…
Reference in New Issue