Add support for auth against keystone on https

Add parameter to mistral client for ca cert so that it can
 authenticate against keystone running on https.
Add help for parameter.
Update README to document parameter.

Closes-Bug: #1420343

Change-Id: Ib1c0e78a35056df4447c7158d1f8908fb62893d7
This commit is contained in:
David C Kennedy
2015-02-10 15:21:43 +00:00
committed by kennedda
parent cab5ea0ead
commit aa94d5d271
5 changed files with 25 additions and 11 deletions

View File

@@ -32,6 +32,10 @@ If Mistral authentication is enabled, provide the information about OpenStack au
export OS_PASSWORD=secret
export OS_MISTRAL_URL=http://<Mistral host>:8989/v2 (optional, by default URL=http://localhost:8989/v2)
and in the case that you are authenticating against keystone over https:
export OS_CACERT=<path_to_ca_cert>
>***Note:** In client, we can use both Keystone auth versions - v2.0 and v3. But server supports only v3.*
To make sure Mistral client works, type:

View File

@@ -21,7 +21,7 @@ from mistralclient.api.v2 import client as client_v2
def client(mistral_url=None, username=None, api_key=None,
project_name=None, auth_url=None, project_id=None,
endpoint_type='publicURL', service_type='workflow',
auth_token=None, user_id=None):
auth_token=None, user_id=None, cacert=None):
if mistral_url and not isinstance(mistral_url, six.string_types):
raise RuntimeError('Mistral url should be string')
@@ -41,7 +41,7 @@ def client(mistral_url=None, username=None, api_key=None,
auth_url=auth_url, project_id=project_id,
endpoint_type=endpoint_type,
service_type=service_type, auth_token=auth_token,
user_id=user_id)
user_id=user_id, cacert=cacert)
def determine_client_version(mistral_url):

View File

@@ -25,7 +25,7 @@ class Client(object):
def __init__(self, mistral_url=None, username=None, api_key=None,
project_name=None, auth_url=None, project_id=None,
endpoint_type='publicURL', service_type='workflow',
auth_token=None, user_id=None):
auth_token=None, user_id=None, cacert=None):
if mistral_url and not isinstance(mistral_url, six.string_types):
raise RuntimeError('Mistral url should be string')
@@ -35,7 +35,7 @@ class Client(object):
self.authenticate(mistral_url, username, api_key,
project_name, auth_url, project_id,
endpoint_type, service_type, auth_token,
user_id))
user_id, cacert))
if not mistral_url:
mistral_url = "http://localhost:8989/v1"
@@ -53,7 +53,7 @@ class Client(object):
def authenticate(self, mistral_url=None, username=None, api_key=None,
project_name=None, auth_url=None, project_id=None,
endpoint_type='publicURL', service_type='workflow',
auth_token=None, user_id=None):
auth_token=None, user_id=None, cacert=None):
if (not (project_name or project_id) or
not (isinstance(project_name, six.string_types) or
@@ -83,7 +83,8 @@ class Client(object):
tenant_id=project_id,
tenant_name=project_name,
auth_url=auth_url,
endpoint=auth_url)
endpoint=auth_url,
cacert=cacert)
keystone.authenticate()
token = keystone.auth_token

View File

@@ -29,7 +29,7 @@ class Client(object):
def __init__(self, mistral_url=None, username=None, api_key=None,
project_name=None, auth_url=None, project_id=None,
endpoint_type='publicURL', service_type='workflow',
auth_token=None, user_id=None):
auth_token=None, user_id=None, cacert=None):
if mistral_url and not isinstance(mistral_url, six.string_types):
raise RuntimeError('Mistral url should be string')
@@ -39,7 +39,7 @@ class Client(object):
self.authenticate(mistral_url, username, api_key,
project_name, auth_url, project_id,
endpoint_type, service_type, auth_token,
user_id))
user_id, cacert))
if not mistral_url:
mistral_url = "http://localhost:8989/v2"
@@ -60,7 +60,7 @@ class Client(object):
def authenticate(self, mistral_url=None, username=None, api_key=None,
project_name=None, auth_url=None, project_id=None,
endpoint_type='publicURL', service_type='workflow',
auth_token=None, user_id=None):
auth_token=None, user_id=None, cacert=None):
if (not (project_name or project_id) or
not (isinstance(project_name, six.string_types) or
@@ -90,7 +90,8 @@ class Client(object):
tenant_id=project_id,
tenant_name=project_name,
auth_url=auth_url,
endpoint=auth_url)
endpoint=auth_url,
cacert=cacert)
keystone.authenticate()
token = keystone.auth_token

View File

@@ -171,6 +171,13 @@ class MistralShell(app.App):
default=c.env('OS_AUTH_URL'),
help='Authentication URL (Env: OS_AUTH_URL)'
)
parser.add_argument(
'--os-cacert',
action='store',
dest='cacert',
default=c.env('OS_CACERT'),
help='Authentication CA Certificate (Env: OS_CACERT)'
)
return parser
def initialize_app(self, argv):
@@ -186,7 +193,8 @@ class MistralShell(app.App):
project_id=self.options.tenant_id,
endpoint_type='publicURL',
service_type='workflow',
auth_token=self.options.token)
auth_token=self.options.token,
cacert=self.options.cacert)
def _set_shell_commands(self, cmds_dict):
for k, v in cmds_dict.items():