Adds https support for metadata agent

Adds two configure options to support https client for metadata proxy
* auth_insecure: turn off verification of the certificate for ssl, or
* auth_ca_cert: CA cert to check against with for ssl.

Change-Id: I3ffb86ae9ce31931436a4e13957aae30eebf9d92
Closes-Bug: #1263872
This commit is contained in:
Xiaolin Zhang 2014-01-16 22:28:28 +08:00
parent b0ae4e5808
commit a06c2f6cbd
3 changed files with 18 additions and 0 deletions

View File

@ -5,6 +5,10 @@
# The Neutron user information for accessing the Neutron API. # The Neutron user information for accessing the Neutron API.
auth_url = http://localhost:5000/v2.0 auth_url = http://localhost:5000/v2.0
auth_region = RegionOne auth_region = RegionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
admin_tenant_name = %SERVICE_TENANT_NAME% admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER% admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD% admin_password = %SERVICE_PASSWORD%

View File

@ -61,6 +61,14 @@ class MetadataProxyHandler(object):
help=_("The type of authentication to use")), help=_("The type of authentication to use")),
cfg.StrOpt('auth_region', cfg.StrOpt('auth_region',
help=_("Authentication region")), help=_("Authentication region")),
cfg.BoolOpt('auth_insecure',
default=False,
help=_("Turn off verification of the certificate for"
" ssl")),
cfg.StrOpt('auth_ca_cert',
default=None,
help=_("Certificate Authority public key (CA cert) "
"file for ssl")),
cfg.StrOpt('endpoint_type', cfg.StrOpt('endpoint_type',
default='adminURL', default='adminURL',
help=_("Network service endpoint type to pull from " help=_("Network service endpoint type to pull from "
@ -89,6 +97,8 @@ class MetadataProxyHandler(object):
auth_strategy=self.conf.auth_strategy, auth_strategy=self.conf.auth_strategy,
region_name=self.conf.auth_region, region_name=self.conf.auth_region,
token=self.auth_info.get('auth_token'), token=self.auth_info.get('auth_token'),
insecure=self.conf.auth_insecure,
ca_cert=self.conf.auth_ca_cert,
endpoint_url=self.auth_info.get('endpoint_url'), endpoint_url=self.auth_info.get('endpoint_url'),
endpoint_type=self.conf.endpoint_type endpoint_type=self.conf.endpoint_type
) )

View File

@ -34,6 +34,8 @@ class FakeConf(object):
auth_url = 'http://127.0.0.1' auth_url = 'http://127.0.0.1'
auth_strategy = 'keystone' auth_strategy = 'keystone'
auth_region = 'region' auth_region = 'region'
auth_insecure = False
auth_ca_cert = None
endpoint_type = 'adminURL' endpoint_type = 'adminURL'
nova_metadata_ip = '9.9.9.9' nova_metadata_ip = '9.9.9.9'
nova_metadata_port = 8775 nova_metadata_port = 8775
@ -100,6 +102,8 @@ class TestMetadataProxyHandler(base.BaseTestCase):
password=FakeConf.admin_password, password=FakeConf.admin_password,
auth_strategy=FakeConf.auth_strategy, auth_strategy=FakeConf.auth_strategy,
token=None, token=None,
insecure=FakeConf.auth_insecure,
ca_cert=FakeConf.auth_ca_cert,
endpoint_url=None, endpoint_url=None,
endpoint_type=FakeConf.endpoint_type) endpoint_type=FakeConf.endpoint_type)
] ]