Add support for auth against keystone on https
Add parameter to mistral client for ca cert so that it can authenticate against keystone running on https. Add help for parameter. Update README to document parameter. Closes-Bug: #1420343 Change-Id: Ib1c0e78a35056df4447c7158d1f8908fb62893d7
This commit is contained in:
David C Kennedy
committed by
kennedda
kennedda
parent
cab5ea0ead
commit
aa94d5d271
@@ -32,6 +32,10 @@ If Mistral authentication is enabled, provide the information about OpenStack au
|
||||
export OS_PASSWORD=secret
|
||||
export OS_MISTRAL_URL=http://<Mistral host>:8989/v2 (optional, by default URL=http://localhost:8989/v2)
|
||||
|
||||
and in the case that you are authenticating against keystone over https:
|
||||
|
||||
export OS_CACERT=<path_to_ca_cert>
|
||||
|
||||
>***Note:** In client, we can use both Keystone auth versions - v2.0 and v3. But server supports only v3.*
|
||||
|
||||
To make sure Mistral client works, type:
|
||||
|
||||
@@ -21,7 +21,7 @@ from mistralclient.api.v2 import client as client_v2
|
||||
def client(mistral_url=None, username=None, api_key=None,
|
||||
project_name=None, auth_url=None, project_id=None,
|
||||
endpoint_type='publicURL', service_type='workflow',
|
||||
auth_token=None, user_id=None):
|
||||
auth_token=None, user_id=None, cacert=None):
|
||||
|
||||
if mistral_url and not isinstance(mistral_url, six.string_types):
|
||||
raise RuntimeError('Mistral url should be string')
|
||||
@@ -41,7 +41,7 @@ def client(mistral_url=None, username=None, api_key=None,
|
||||
auth_url=auth_url, project_id=project_id,
|
||||
endpoint_type=endpoint_type,
|
||||
service_type=service_type, auth_token=auth_token,
|
||||
user_id=user_id)
|
||||
user_id=user_id, cacert=cacert)
|
||||
|
||||
|
||||
def determine_client_version(mistral_url):
|
||||
|
||||
@@ -25,7 +25,7 @@ class Client(object):
|
||||
def __init__(self, mistral_url=None, username=None, api_key=None,
|
||||
project_name=None, auth_url=None, project_id=None,
|
||||
endpoint_type='publicURL', service_type='workflow',
|
||||
auth_token=None, user_id=None):
|
||||
auth_token=None, user_id=None, cacert=None):
|
||||
|
||||
if mistral_url and not isinstance(mistral_url, six.string_types):
|
||||
raise RuntimeError('Mistral url should be string')
|
||||
@@ -35,7 +35,7 @@ class Client(object):
|
||||
self.authenticate(mistral_url, username, api_key,
|
||||
project_name, auth_url, project_id,
|
||||
endpoint_type, service_type, auth_token,
|
||||
user_id))
|
||||
user_id, cacert))
|
||||
|
||||
if not mistral_url:
|
||||
mistral_url = "http://localhost:8989/v1"
|
||||
@@ -53,7 +53,7 @@ class Client(object):
|
||||
def authenticate(self, mistral_url=None, username=None, api_key=None,
|
||||
project_name=None, auth_url=None, project_id=None,
|
||||
endpoint_type='publicURL', service_type='workflow',
|
||||
auth_token=None, user_id=None):
|
||||
auth_token=None, user_id=None, cacert=None):
|
||||
|
||||
if (not (project_name or project_id) or
|
||||
not (isinstance(project_name, six.string_types) or
|
||||
@@ -83,7 +83,8 @@ class Client(object):
|
||||
tenant_id=project_id,
|
||||
tenant_name=project_name,
|
||||
auth_url=auth_url,
|
||||
endpoint=auth_url)
|
||||
endpoint=auth_url,
|
||||
cacert=cacert)
|
||||
|
||||
keystone.authenticate()
|
||||
token = keystone.auth_token
|
||||
|
||||
@@ -29,7 +29,7 @@ class Client(object):
|
||||
def __init__(self, mistral_url=None, username=None, api_key=None,
|
||||
project_name=None, auth_url=None, project_id=None,
|
||||
endpoint_type='publicURL', service_type='workflow',
|
||||
auth_token=None, user_id=None):
|
||||
auth_token=None, user_id=None, cacert=None):
|
||||
|
||||
if mistral_url and not isinstance(mistral_url, six.string_types):
|
||||
raise RuntimeError('Mistral url should be string')
|
||||
@@ -39,7 +39,7 @@ class Client(object):
|
||||
self.authenticate(mistral_url, username, api_key,
|
||||
project_name, auth_url, project_id,
|
||||
endpoint_type, service_type, auth_token,
|
||||
user_id))
|
||||
user_id, cacert))
|
||||
|
||||
if not mistral_url:
|
||||
mistral_url = "http://localhost:8989/v2"
|
||||
@@ -60,7 +60,7 @@ class Client(object):
|
||||
def authenticate(self, mistral_url=None, username=None, api_key=None,
|
||||
project_name=None, auth_url=None, project_id=None,
|
||||
endpoint_type='publicURL', service_type='workflow',
|
||||
auth_token=None, user_id=None):
|
||||
auth_token=None, user_id=None, cacert=None):
|
||||
|
||||
if (not (project_name or project_id) or
|
||||
not (isinstance(project_name, six.string_types) or
|
||||
@@ -90,7 +90,8 @@ class Client(object):
|
||||
tenant_id=project_id,
|
||||
tenant_name=project_name,
|
||||
auth_url=auth_url,
|
||||
endpoint=auth_url)
|
||||
endpoint=auth_url,
|
||||
cacert=cacert)
|
||||
|
||||
keystone.authenticate()
|
||||
token = keystone.auth_token
|
||||
|
||||
@@ -171,6 +171,13 @@ class MistralShell(app.App):
|
||||
default=c.env('OS_AUTH_URL'),
|
||||
help='Authentication URL (Env: OS_AUTH_URL)'
|
||||
)
|
||||
parser.add_argument(
|
||||
'--os-cacert',
|
||||
action='store',
|
||||
dest='cacert',
|
||||
default=c.env('OS_CACERT'),
|
||||
help='Authentication CA Certificate (Env: OS_CACERT)'
|
||||
)
|
||||
return parser
|
||||
|
||||
def initialize_app(self, argv):
|
||||
@@ -186,7 +193,8 @@ class MistralShell(app.App):
|
||||
project_id=self.options.tenant_id,
|
||||
endpoint_type='publicURL',
|
||||
service_type='workflow',
|
||||
auth_token=self.options.token)
|
||||
auth_token=self.options.token,
|
||||
cacert=self.options.cacert)
|
||||
|
||||
def _set_shell_commands(self, cmds_dict):
|
||||
for k, v in cmds_dict.items():
|
||||
|
||||
Reference in New Issue
Block a user