Adds https support for metadata agent
Adds two configure options to support https client for metadata proxy * auth_insecure: turn off verification of the certificate for ssl, or * auth_ca_cert: CA cert to check against with for ssl. Change-Id: I3ffb86ae9ce31931436a4e13957aae30eebf9d92 Closes-Bug: #1263872
This commit is contained in:
parent
b0ae4e5808
commit
a06c2f6cbd
@ -5,6 +5,10 @@
|
|||||||
# The Neutron user information for accessing the Neutron API.
|
# The Neutron user information for accessing the Neutron API.
|
||||||
auth_url = http://localhost:5000/v2.0
|
auth_url = http://localhost:5000/v2.0
|
||||||
auth_region = RegionOne
|
auth_region = RegionOne
|
||||||
|
# Turn off verification of the certificate for ssl
|
||||||
|
# auth_insecure = False
|
||||||
|
# Certificate Authority public key (CA cert) file for ssl
|
||||||
|
# auth_ca_cert =
|
||||||
admin_tenant_name = %SERVICE_TENANT_NAME%
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||||
admin_user = %SERVICE_USER%
|
admin_user = %SERVICE_USER%
|
||||||
admin_password = %SERVICE_PASSWORD%
|
admin_password = %SERVICE_PASSWORD%
|
||||||
|
@ -61,6 +61,14 @@ class MetadataProxyHandler(object):
|
|||||||
help=_("The type of authentication to use")),
|
help=_("The type of authentication to use")),
|
||||||
cfg.StrOpt('auth_region',
|
cfg.StrOpt('auth_region',
|
||||||
help=_("Authentication region")),
|
help=_("Authentication region")),
|
||||||
|
cfg.BoolOpt('auth_insecure',
|
||||||
|
default=False,
|
||||||
|
help=_("Turn off verification of the certificate for"
|
||||||
|
" ssl")),
|
||||||
|
cfg.StrOpt('auth_ca_cert',
|
||||||
|
default=None,
|
||||||
|
help=_("Certificate Authority public key (CA cert) "
|
||||||
|
"file for ssl")),
|
||||||
cfg.StrOpt('endpoint_type',
|
cfg.StrOpt('endpoint_type',
|
||||||
default='adminURL',
|
default='adminURL',
|
||||||
help=_("Network service endpoint type to pull from "
|
help=_("Network service endpoint type to pull from "
|
||||||
@ -89,6 +97,8 @@ class MetadataProxyHandler(object):
|
|||||||
auth_strategy=self.conf.auth_strategy,
|
auth_strategy=self.conf.auth_strategy,
|
||||||
region_name=self.conf.auth_region,
|
region_name=self.conf.auth_region,
|
||||||
token=self.auth_info.get('auth_token'),
|
token=self.auth_info.get('auth_token'),
|
||||||
|
insecure=self.conf.auth_insecure,
|
||||||
|
ca_cert=self.conf.auth_ca_cert,
|
||||||
endpoint_url=self.auth_info.get('endpoint_url'),
|
endpoint_url=self.auth_info.get('endpoint_url'),
|
||||||
endpoint_type=self.conf.endpoint_type
|
endpoint_type=self.conf.endpoint_type
|
||||||
)
|
)
|
||||||
|
@ -34,6 +34,8 @@ class FakeConf(object):
|
|||||||
auth_url = 'http://127.0.0.1'
|
auth_url = 'http://127.0.0.1'
|
||||||
auth_strategy = 'keystone'
|
auth_strategy = 'keystone'
|
||||||
auth_region = 'region'
|
auth_region = 'region'
|
||||||
|
auth_insecure = False
|
||||||
|
auth_ca_cert = None
|
||||||
endpoint_type = 'adminURL'
|
endpoint_type = 'adminURL'
|
||||||
nova_metadata_ip = '9.9.9.9'
|
nova_metadata_ip = '9.9.9.9'
|
||||||
nova_metadata_port = 8775
|
nova_metadata_port = 8775
|
||||||
@ -100,6 +102,8 @@ class TestMetadataProxyHandler(base.BaseTestCase):
|
|||||||
password=FakeConf.admin_password,
|
password=FakeConf.admin_password,
|
||||||
auth_strategy=FakeConf.auth_strategy,
|
auth_strategy=FakeConf.auth_strategy,
|
||||||
token=None,
|
token=None,
|
||||||
|
insecure=FakeConf.auth_insecure,
|
||||||
|
ca_cert=FakeConf.auth_ca_cert,
|
||||||
endpoint_url=None,
|
endpoint_url=None,
|
||||||
endpoint_type=FakeConf.endpoint_type)
|
endpoint_type=FakeConf.endpoint_type)
|
||||||
]
|
]
|
||||||
|
Loading…
Reference in New Issue
Block a user