Allow nova to use insecure cinderclient.

Add an option cinder_api_insecure to pass on to cinderclient. Bug 1100459 Change-Id: Ifb31cc0df48d2345fa0a6ec440bdf9685254cbcd
2013-01-16 16:00:49 -06:00 · 2013-01-16 16:00:49 -06:00 · 4aeecd5c7e
parent 01f204efdf
commit 4aeecd5c7e
3 changed files with 21 additions and 3 deletions
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@ -2282,6 +2282,10 @@
 # value)
 #cinder_http_retries=3

+# Allow to perform insecure SSL (https) requests to cinder
+# (boolean value)
+#cinder_api_insecure=false
+

 [conductor]

@ -2546,4 +2550,4 @@
 #keymap=en-us


-# Total option count: 519
+# Total option count: 520
--- a/nova/tests/test_cinder.py
+++ b/nova/tests/test_cinder.py
@ -98,13 +98,14 @@ class FakeHTTPClient(cinder.cinder_client.client.HTTPClient):
 class FakeCinderClient(cinder.cinder_client.Client):

    def __init__(self, username, password, project_id=None, auth_url=None,
-                 retries=None):
+                 insecure=False, retries=None):
        super(FakeCinderClient, self).__init__(username, password,
                                               project_id=project_id,
                                               auth_url=auth_url,
+                                               insecure=insecure,
                                               retries=retries)
        self.client = FakeHTTPClient(username, password, project_id, auth_url,
-                                     retries=retries)
+                                     insecure=insecure, retries=retries)
        # keep a ref to the clients callstack for factory's assert_called
        self.callstack = self.client.callstack = []

@ -177,6 +178,15 @@ class CinderTestCase(test.TestCase):
        self.assertTrue('volume_image_metadata' in volume)
        self.assertEqual(volume['volume_image_metadata'], _image_metadata)

+    def test_cinder_api_insecure(self):
+        # The True/False negation is awkward, but better for the client
+        # to pass us insecure=True and we check verify_cert == False
+        self.flags(cinder_api_insecure=True)
+        volume = self.api.get(self.context, '1234')
+        self.assert_called('GET', '/volumes/1234')
+        self.assertEquals(
+            self.fake_client_factory.client.client.verify_cert, False)
+
    def test_cinder_http_retries(self):
        retries = 42
        self.flags(cinder_http_retries=retries)
--- a/nova/volume/cinder.py
+++ b/nova/volume/cinder.py
@ -48,6 +48,9 @@ cinder_opts = [
    cfg.IntOpt('cinder_http_retries',
               default=3,
               help='Number of cinderclient retries on failed http calls'),
+    cfg.BoolOpt('cinder_api_insecure',
+               default=False,
+               help='Allow to perform insecure SSL requests to cinder'),
 ]

 CONF = cfg.CONF
@ -88,6 +91,7 @@ def cinderclient(context):
                             context.auth_token,
                             project_id=context.project_id,
                             auth_url=url,
+                             insecure=CONF.cinder_api_insecure,
                             retries=CONF.cinder_http_retries)
    # noauth extracts user_id:project_id from auth_token
    c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,