Add ca cert file support to cinder client requests
Allow for ca certificates file to be specified when doing cinder client requests. Needed when using custom ca authorities. Change-Id: Ib9aa15df2fc7d96cb8587c13769399e353c032c6 Fixes: bug #1179476
This commit is contained in:
Cian O'Driscoll
parent
56f5172f33
commit
5bc5fd8855
@ -2513,6 +2513,10 @@
|
||||
# region name of this node (string value)
|
||||
#os_region_name=<None>
|
||||
|
||||
# Allow for a ca certificates file to be specified for cinder
|
||||
# client requests (string value)
|
||||
#cinder_ca_certificates_file=<None>
|
||||
|
||||
# Number of cinderclient retries on failed http calls (integer
|
||||
# value)
|
||||
#cinder_http_retries=3
|
||||
|
||||
@ -98,14 +98,16 @@ class FakeHTTPClient(cinder.cinder_client.client.HTTPClient):
|
||||
class FakeCinderClient(cinder.cinder_client.Client):
|
||||
|
||||
def __init__(self, username, password, project_id=None, auth_url=None,
|
||||
insecure=False, retries=None):
|
||||
insecure=False, retries=None, cacert=None):
|
||||
super(FakeCinderClient, self).__init__(username, password,
|
||||
project_id=project_id,
|
||||
auth_url=auth_url,
|
||||
insecure=insecure,
|
||||
retries=retries)
|
||||
retries=retries,
|
||||
cacert=cacert)
|
||||
self.client = FakeHTTPClient(username, password, project_id, auth_url,
|
||||
insecure=insecure, retries=retries)
|
||||
insecure=insecure, retries=retries,
|
||||
cacert=cacert)
|
||||
# keep a ref to the clients callstack for factory's assert_called
|
||||
self.callstack = self.client.callstack = []
|
||||
|
||||
@ -187,6 +189,14 @@ class CinderTestCase(test.TestCase):
|
||||
self.assertEquals(
|
||||
self.fake_client_factory.client.client.verify_cert, False)
|
||||
|
||||
def test_cinder_api_cacert_file(self):
|
||||
cacert = "/etc/ssl/certs/ca-certificates.crt"
|
||||
self.flags(cinder_ca_certificates_file=cacert)
|
||||
volume = self.api.get(self.context, '1234')
|
||||
self.assert_called('GET', '/volumes/1234')
|
||||
self.assertEquals(
|
||||
self.fake_client_factory.client.client.verify_cert, cacert)
|
||||
|
||||
def test_cinder_http_retries(self):
|
||||
retries = 42
|
||||
self.flags(cinder_http_retries=retries)
|
||||
|
||||
@ -45,6 +45,10 @@ cinder_opts = [
|
||||
cfg.StrOpt('os_region_name',
|
||||
default=None,
|
||||
help='region name of this node'),
|
||||
cfg.StrOpt('cinder_ca_certificates_file',
|
||||
default=None,
|
||||
help='Location of ca certicates file to use for cinder client '
|
||||
'requests.'),
|
||||
cfg.IntOpt('cinder_http_retries',
|
||||
default=3,
|
||||
help='Number of cinderclient retries on failed http calls'),
|
||||
@ -52,9 +56,9 @@ cinder_opts = [
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to cinder'),
|
||||
cfg.BoolOpt('cinder_cross_az_attach',
|
||||
default=True,
|
||||
help='Allow attach between instance and volume in different '
|
||||
'availability zones.'),
|
||||
default=True,
|
||||
help='Allow attach between instance and volume in different '
|
||||
'availability zones.'),
|
||||
]
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -98,7 +102,8 @@ def cinderclient(context):
|
||||
project_id=context.project_id,
|
||||
auth_url=url,
|
||||
insecure=CONF.cinder_api_insecure,
|
||||
retries=CONF.cinder_http_retries)
|
||||
retries=CONF.cinder_http_retries,
|
||||
cacert=CONF.cinder_ca_certificates_file)
|
||||
# noauth extracts user_id:project_id from auth_token
|
||||
c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,
|
||||
context.project_id)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user