openstack/os-collect-config
Code Issues Proposed changes

Add tls proxy support for Zaqar

Browse Source 
Change-Id: I234a3d60333ee89a7c283b425e524d4624191577
This commit is contained in:
ricolin 2020-05-08 15:44:42 +08:00 committed by Alex Schultz
parent 6dd0e536b9
commit d1607f9f56
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
os_collect_config/tests/test_zaqar.py
View File

@ -136,6 +136,8 @@ class TestZaqar(testtools.TestCase):
project_id='9f6b09df-4d7f-4a33-8ec3-9924d8f46f10') project_id='9f6b09df-4d7f-4a33-8ec3-9924d8f46f10')
conf.config(group='zaqar', conf.config(group='zaqar',
queue_id='4f3f46d3-09f1-42a7-8c13-f91a5457192c') queue_id='4f3f46d3-09f1-42a7-8c13-f91a5457192c')
conf.config(group='zaqar', ssl_certificate_validation=True)
conf.config(group='zaqar', ca_file='/foo/bar')
@mock.patch.object(ks_discover.Discover, '__init__') @mock.patch.object(ks_discover.Discover, '__init__')
@mock.patch.object(ks_discover.Discover, 'url_for') @mock.patch.object(ks_discover.Discover, 'url_for')
@ -221,6 +223,16 @@ class TestZaqar(testtools.TestCase):
exc.ZaqarMetadataNotConfigured, zaqar_collect.collect) exc.ZaqarMetadataNotConfigured, zaqar_collect.collect)
self.assertIn('No queue_id configured', self.log.output) self.assertIn('No queue_id configured', self.log.output)
def test_collect_zaqar_no_ca_file(self):
cfg.CONF.zaqar.ssl_certificate_validation = True
cfg.CONF.zaqar.ca_file = None
zaqar_collect = zaqar.Collector()
self.assertRaises(
exc.ZaqarMetadataNotConfigured, zaqar_collect.collect)
expected = ('No CA file configured when flag ssl certificate '
'validation is on.')
self.assertIn(expected, self.log.output)
@mock.patch.object(transport, 'get_transport_for') @mock.patch.object(transport, 'get_transport_for')
@mock.patch.object(ks_discover.Discover, '__init__') @mock.patch.object(ks_discover.Discover, '__init__')
@mock.patch.object(ks_discover.Discover, 'url_for') @mock.patch.object(ks_discover.Discover, 'url_for')

14
os_collect_config/zaqar.py
View File

@ -45,6 +45,11 @@ opts = [
help='Use the websocket transport to connect to Zaqar.'), help='Use the websocket transport to connect to Zaqar.'),
cfg.StrOpt('region-name', cfg.StrOpt('region-name',
help='Region Name for extracting Zaqar endpoint'), help='Region Name for extracting Zaqar endpoint'),
cfg.BoolOpt('ssl-certificate-validation',
help='ssl certificat validation flag for connect to Zaqar',
default=False),
cfg.StrOpt('ca-file',
help='CA Cert file for connect to Zaqar'),
] ]
name = 'zaqar' name = 'zaqar'
@ -134,6 +139,11 @@ class Collector(object):
if CONF.zaqar.queue_id is None: if CONF.zaqar.queue_id is None:
logger.warn('No queue_id configured.') logger.warn('No queue_id configured.')
raise exc.ZaqarMetadataNotConfigured() raise exc.ZaqarMetadataNotConfigured()
if CONF.zaqar.ssl_certificate_validation is True and (
CONF.zaqar.ca_file is None):
logger.warn('No CA file configured when flag ssl certificate '
'validation is on.')
raise exc.ZaqarMetadataNotConfigured()
# NOTE(flwang): To be compatible with old versions, we won't throw # NOTE(flwang): To be compatible with old versions, we won't throw
# error here if there is no region name. # error here if there is no region name.
@ -151,7 +161,9 @@ class Collector(object):
'backend': 'keystone', 'backend': 'keystone',
'options': { 'options': {
'os_auth_token': ks.auth_token, 'os_auth_token': ks.auth_token,
'os_project_id': CONF.zaqar.project_id 'os_project_id': CONF.zaqar.project_id,
'insecure': not CONF.zaqar.ssl_certificate_validation,
'cacert': CONF.zaqar.ca_file
} }
} }
} }