Add tls proxy support for Zaqar

Change-Id: I234a3d60333ee89a7c283b425e524d4624191577
2020-05-08 15:44:42 +08:00 · 2020-05-08 15:44:42 +08:00 · d1607f9f56
commit d1607f9f56
parent 6dd0e536b9
2 changed files with 25 additions and 1 deletions
--- a/os_collect_config/tests/test_zaqar.py
+++ b/os_collect_config/tests/test_zaqar.py
@ -136,6 +136,8 @@ class TestZaqar(testtools.TestCase):
                    project_id='9f6b09df-4d7f-4a33-8ec3-9924d8f46f10')
        conf.config(group='zaqar',
                    queue_id='4f3f46d3-09f1-42a7-8c13-f91a5457192c')
+        conf.config(group='zaqar', ssl_certificate_validation=True)
+        conf.config(group='zaqar', ca_file='/foo/bar')

    @mock.patch.object(ks_discover.Discover, '__init__')
    @mock.patch.object(ks_discover.Discover, 'url_for')
@ -221,6 +223,16 @@ class TestZaqar(testtools.TestCase):
            exc.ZaqarMetadataNotConfigured, zaqar_collect.collect)
        self.assertIn('No queue_id configured', self.log.output)

+    def test_collect_zaqar_no_ca_file(self):
+        cfg.CONF.zaqar.ssl_certificate_validation = True
+        cfg.CONF.zaqar.ca_file = None
+        zaqar_collect = zaqar.Collector()
+        self.assertRaises(
+            exc.ZaqarMetadataNotConfigured, zaqar_collect.collect)
+        expected = ('No CA file configured when flag ssl certificate '
+                    'validation is on.')
+        self.assertIn(expected, self.log.output)
+
    @mock.patch.object(transport, 'get_transport_for')
    @mock.patch.object(ks_discover.Discover, '__init__')
    @mock.patch.object(ks_discover.Discover, 'url_for')
--- a/os_collect_config/zaqar.py
+++ b/os_collect_config/zaqar.py
@ -45,6 +45,11 @@ opts = [
                help='Use the websocket transport to connect to Zaqar.'),
    cfg.StrOpt('region-name',
               help='Region Name for extracting Zaqar endpoint'),
+    cfg.BoolOpt('ssl-certificate-validation',
+                help='ssl certificat validation flag for connect to Zaqar',
+                default=False),
+    cfg.StrOpt('ca-file',
+               help='CA Cert file for connect to Zaqar'),
 ]
 name = 'zaqar'

@ -134,6 +139,11 @@ class Collector(object):
        if CONF.zaqar.queue_id is None:
            logger.warn('No queue_id configured.')
            raise exc.ZaqarMetadataNotConfigured()
+        if CONF.zaqar.ssl_certificate_validation is True and (
+                CONF.zaqar.ca_file is None):
+            logger.warn('No CA file configured when flag ssl certificate '
+                        'validation is on.')
+            raise exc.ZaqarMetadataNotConfigured()
        # NOTE(flwang): To be compatible with old versions, we won't throw
        # error here if there is no region name.

@ -151,7 +161,9 @@ class Collector(object):
                    'backend': 'keystone',
                    'options': {
                        'os_auth_token': ks.auth_token,
-                        'os_project_id': CONF.zaqar.project_id
+                        'os_project_id': CONF.zaqar.project_id,
+                        'insecure': not CONF.zaqar.ssl_certificate_validation,
+                        'cacert': CONF.zaqar.ca_file
                    }
                }
            }