Add tls proxy support for Zaqar

Change-Id: I234a3d60333ee89a7c283b425e524d4624191577
This commit is contained in:
ricolin 2020-05-08 15:44:42 +08:00
parent 0558b20f5a
commit 36afc82ac3
2 changed files with 25 additions and 1 deletions

View File

@ -136,6 +136,8 @@ class TestZaqar(testtools.TestCase):
project_id='9f6b09df-4d7f-4a33-8ec3-9924d8f46f10')
conf.config(group='zaqar',
queue_id='4f3f46d3-09f1-42a7-8c13-f91a5457192c')
conf.config(group='zaqar', ssl_certificate_validation=True)
conf.config(group='zaqar', ca_file='/foo/bar')
@mock.patch.object(ks_discover.Discover, '__init__')
@mock.patch.object(ks_discover.Discover, 'url_for')
@ -221,6 +223,16 @@ class TestZaqar(testtools.TestCase):
exc.ZaqarMetadataNotConfigured, zaqar_collect.collect)
self.assertIn('No queue_id configured', self.log.output)
def test_collect_zaqar_no_ca_file(self):
cfg.CONF.zaqar.ssl_certificate_validation = True
cfg.CONF.zaqar.ca_file = None
zaqar_collect = zaqar.Collector()
self.assertRaises(
exc.ZaqarMetadataNotConfigured, zaqar_collect.collect)
expected = ('No CA file configured when flag ssl certificate '
'validation is on.')
self.assertIn(expected, self.log.output)
@mock.patch.object(transport, 'get_transport_for')
@mock.patch.object(ks_discover.Discover, '__init__')
@mock.patch.object(ks_discover.Discover, 'url_for')

View File

@ -45,6 +45,11 @@ opts = [
help='Use the websocket transport to connect to Zaqar.'),
cfg.StrOpt('region-name',
help='Region Name for extracting Zaqar endpoint'),
cfg.BoolOpt('ssl-certificate-validation',
help='ssl certificat validation flag for connect to Zaqar',
default=False),
cfg.StrOpt('ca-file',
help='CA Cert file for connect to Zaqar'),
]
name = 'zaqar'
@ -134,6 +139,11 @@ class Collector(object):
if CONF.zaqar.queue_id is None:
logger.warn('No queue_id configured.')
raise exc.ZaqarMetadataNotConfigured()
if CONF.zaqar.ssl_certificate_validation is True and (
CONF.zaqar.ca_file is None):
logger.warn('No CA file configured when flag ssl certificate '
'validation is on.')
raise exc.ZaqarMetadataNotConfigured()
# NOTE(flwang): To be compatible with old versions, we won't throw
# error here if there is no region name.
@ -151,7 +161,9 @@ class Collector(object):
'backend': 'keystone',
'options': {
'os_auth_token': ks.auth_token,
'os_project_id': CONF.zaqar.project_id
'os_project_id': CONF.zaqar.project_id,
'insecure': not CONF.zaqar.ssl_certificate_validation,
'cacert': CONF.zaqar.ca_file
}
}
}