Backport of the patch to fix the insecure VIM
This is a backport of the patch: https://review.openstack.org/#/c/532525/4 Change-Id: I17af91d6041c4e41f6d479da742e96ea45ae31f7 Signed-off-by: Manuel Buil <mbuil@suse.com>
This commit is contained in:
parent
682c965108
commit
593762fb78
|
@ -24,6 +24,7 @@ def args2body_vim(config_param, vim):
|
|||
:param vim: vim request object
|
||||
:return: vim body with args populated
|
||||
"""
|
||||
cert_verify_type = ['True', 'False']
|
||||
vim['vim_project'] = {'name': config_param.pop('project_name', ''),
|
||||
'project_domain_name':
|
||||
config_param.pop('project_domain_name', '')}
|
||||
|
@ -31,10 +32,16 @@ def args2body_vim(config_param, vim):
|
|||
raise exceptions.TackerClientException(message='Project name '
|
||||
'must be specified',
|
||||
status_code=404)
|
||||
cert_verify = config_param.pop('cert_verify', 'True')
|
||||
if cert_verify not in cert_verify_type:
|
||||
raise exceptions.TackerClientException(
|
||||
message='Supported cert_verify types: True, False',
|
||||
status_code=400)
|
||||
vim['auth_cred'] = {'username': config_param.pop('username', ''),
|
||||
'password': config_param.pop('password', ''),
|
||||
'user_domain_name':
|
||||
config_param.pop('user_domain_name', '')}
|
||||
config_param.pop('user_domain_name', ''),
|
||||
'cert_verify': cert_verify}
|
||||
|
||||
|
||||
def validate_auth_url(url):
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
auth_url: 'http://1.2.3.4:5000'
|
||||
username: 'xyz'
|
||||
password: '12345'
|
||||
project_name: 'abc'
|
||||
project_domain_name: 'prj_domain_name'
|
||||
user_domain_name: 'user_domain_name'
|
||||
cert_verify: 'False'
|
|
@ -38,7 +38,8 @@ class CLITestV10VIMJSON(test_cli10.CLITestV10Base):
|
|||
'name': 'abc',
|
||||
'project_domain_name': 'prj_domain_name'}
|
||||
self.auth_cred = {'username': 'xyz', 'password': '12345',
|
||||
'user_domain_name': 'user_domain_name'}
|
||||
'user_domain_name': 'user_domain_name',
|
||||
'cert_verify': 'True'}
|
||||
self.auth_url = 'http://1.2.3.4:5000'
|
||||
|
||||
def test_register_vim_all_params(self):
|
||||
|
@ -61,6 +62,30 @@ class CLITestV10VIMJSON(test_cli10.CLITestV10Base):
|
|||
args, position_names, position_values,
|
||||
extra_body=extra_body)
|
||||
|
||||
def test_register_vim_with_false_cert_verify(self):
|
||||
cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None)
|
||||
name = 'my-name'
|
||||
my_id = 'my-id'
|
||||
# change cert_verify to False
|
||||
self.auth_cred = {'username': 'xyz', 'password': '12345',
|
||||
'user_domain_name': 'user_domain_name',
|
||||
'cert_verify': 'False'}
|
||||
description = 'Vim Description'
|
||||
vim_config = utils.get_file_path(
|
||||
'tests/unit/vm/samples/vim_config_with_false_cert_verify.yaml')
|
||||
args = [
|
||||
name,
|
||||
'--config-file', vim_config,
|
||||
'--description', description]
|
||||
position_names = ['auth_cred', 'vim_project', 'auth_url']
|
||||
position_values = [self.auth_cred, self.vim_project,
|
||||
self.auth_url]
|
||||
extra_body = {'type': 'openstack', 'name': name,
|
||||
'description': description, 'is_default': False}
|
||||
self._test_create_resource(self._RESOURCE, cmd, None, my_id,
|
||||
args, position_names, position_values,
|
||||
extra_body=extra_body)
|
||||
|
||||
def test_register_vim_with_no_auth_url(self):
|
||||
cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None)
|
||||
my_id = 'my-id'
|
||||
|
|
|
@ -28,6 +28,7 @@ class TestVIMUtils(testtools.TestCase):
|
|||
'username': sentinel.usrname1,
|
||||
'password': sentinel.password1,
|
||||
'project_domain_name': sentinel.prj_domain_name1,
|
||||
'cert_verify': 'True',
|
||||
'user_domain_name': sentinel.user_domain.name, }
|
||||
vim = {}
|
||||
auth_cred = config_param.copy()
|
||||
|
@ -43,6 +44,7 @@ class TestVIMUtils(testtools.TestCase):
|
|||
def test_args2body_vim_no_project(self):
|
||||
config_param = {'username': sentinel.usrname1,
|
||||
'password': sentinel.password1,
|
||||
'cert_verify': 'True',
|
||||
'user_domain_name': sentinel.user_domain.name, }
|
||||
vim = {}
|
||||
self.assertRaises(exceptions.TackerClientException,
|
||||
|
|
Loading…
Reference in New Issue