From d1607f9f56dbdbf1933a1e8646615cd659002ed6 Mon Sep 17 00:00:00 2001 From: ricolin Date: Fri, 8 May 2020 15:44:42 +0800 Subject: [PATCH] Add tls proxy support for Zaqar Change-Id: I234a3d60333ee89a7c283b425e524d4624191577 --- os_collect_config/tests/test_zaqar.py | 12 ++++++++++++ os_collect_config/zaqar.py | 14 +++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/os_collect_config/tests/test_zaqar.py b/os_collect_config/tests/test_zaqar.py index 0753607..a07d805 100644 --- a/os_collect_config/tests/test_zaqar.py +++ b/os_collect_config/tests/test_zaqar.py @@ -136,6 +136,8 @@ class TestZaqar(testtools.TestCase): project_id='9f6b09df-4d7f-4a33-8ec3-9924d8f46f10') conf.config(group='zaqar', queue_id='4f3f46d3-09f1-42a7-8c13-f91a5457192c') + conf.config(group='zaqar', ssl_certificate_validation=True) + conf.config(group='zaqar', ca_file='/foo/bar') @mock.patch.object(ks_discover.Discover, '__init__') @mock.patch.object(ks_discover.Discover, 'url_for') @@ -221,6 +223,16 @@ class TestZaqar(testtools.TestCase): exc.ZaqarMetadataNotConfigured, zaqar_collect.collect) self.assertIn('No queue_id configured', self.log.output) + def test_collect_zaqar_no_ca_file(self): + cfg.CONF.zaqar.ssl_certificate_validation = True + cfg.CONF.zaqar.ca_file = None + zaqar_collect = zaqar.Collector() + self.assertRaises( + exc.ZaqarMetadataNotConfigured, zaqar_collect.collect) + expected = ('No CA file configured when flag ssl certificate ' + 'validation is on.') + self.assertIn(expected, self.log.output) + @mock.patch.object(transport, 'get_transport_for') @mock.patch.object(ks_discover.Discover, '__init__') @mock.patch.object(ks_discover.Discover, 'url_for') diff --git a/os_collect_config/zaqar.py b/os_collect_config/zaqar.py index b05bf1e..3d041b3 100644 --- a/os_collect_config/zaqar.py +++ b/os_collect_config/zaqar.py @@ -45,6 +45,11 @@ opts = [ help='Use the websocket transport to connect to Zaqar.'), cfg.StrOpt('region-name', help='Region Name for extracting Zaqar endpoint'), + cfg.BoolOpt('ssl-certificate-validation', + help='ssl certificat validation flag for connect to Zaqar', + default=False), + cfg.StrOpt('ca-file', + help='CA Cert file for connect to Zaqar'), ] name = 'zaqar' @@ -134,6 +139,11 @@ class Collector(object): if CONF.zaqar.queue_id is None: logger.warn('No queue_id configured.') raise exc.ZaqarMetadataNotConfigured() + if CONF.zaqar.ssl_certificate_validation is True and ( + CONF.zaqar.ca_file is None): + logger.warn('No CA file configured when flag ssl certificate ' + 'validation is on.') + raise exc.ZaqarMetadataNotConfigured() # NOTE(flwang): To be compatible with old versions, we won't throw # error here if there is no region name. @@ -151,7 +161,9 @@ class Collector(object): 'backend': 'keystone', 'options': { 'os_auth_token': ks.auth_token, - 'os_project_id': CONF.zaqar.project_id + 'os_project_id': CONF.zaqar.project_id, + 'insecure': not CONF.zaqar.ssl_certificate_validation, + 'cacert': CONF.zaqar.ca_file } } }