Use OS_CACERT for zaqar's websocket connection

The CA certificatge was hardcoded. This was not the right thing to do, since we do have the ability to provide our own cert for TripleO. python-openstackclient already has a way for us to know what certificate was used. This is provided via the OS_CACERT environment variable (or the --os-cacert command line argument). So we use this instead. Change-Id: Ib7b3860378fce2cda7f80c1ad8b8dd14a4b22581 Closes-Bug: #1817634
2019-03-11 09:53:06 +02:00 · 2019-03-11 09:53:06 +02:00 · 24ac1f137c
commit 24ac1f137c
parent 9fd5b3ce6b
3 changed files with 9 additions and 9 deletions
--- a/tripleoclient/constants.py
+++ b/tripleoclient/constants.py
@ -86,9 +86,6 @@ VALIDATION_GROUPS = ['openshift-on-openstack',
                     'post-upgrade']


-# The path to the local CA certificate installed on the undercloud
-LOCAL_CACERT_PATH = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
-
 # ctlplane network defaults
 CTLPLANE_CIDR_DEFAULT = '192.168.24.0/24'
 CTLPLANE_DHCP_START_DEFAULT = ['192.168.24.5']
--- a/tripleoclient/plugin.py
+++ b/tripleoclient/plugin.py
@ -26,8 +26,6 @@ import websocket

 from tripleoclient import exceptions

-from tripleoclient import constants
-
 LOG = logging.getLogger(__name__)

 DEFAULT_TRIPLEOCLIENT_API_VERSION = '1'
@ -69,7 +67,7 @@ def build_option_parser(parser):

 class WebsocketClient(object):

-    def __init__(self, instance, queue_name="tripleo"):
+    def __init__(self, instance, queue_name="tripleo", cacert=None):
        self._project_id = None
        self._ws = None
        self._websocket_client_id = None
@ -85,8 +83,8 @@ class WebsocketClient(object):

        LOG.debug('Instantiating messaging websocket client: %s', endpoint)
        try:
-            if 'wss:' in endpoint:
-                OS_CACERT = {"ca_certs": constants.LOCAL_CACERT_PATH}
+            if 'wss:' in endpoint and cacert:
+                OS_CACERT = {"ca_certs": cacert}
                self._ws = websocket.create_connection(endpoint,
                                                       sslopt=OS_CACERT)
            else:
@ -209,7 +207,8 @@ class ClientWrapper(object):

    def messaging_websocket(self, queue_name='tripleo'):
        """Returns a websocket for the messaging service"""
-        return WebsocketClient(self._instance, queue_name)
+        return WebsocketClient(self._instance, queue_name,
+                               cacert=self._instance.cacert)

    @property
    def object_store(self):
--- a/tripleoclient/tests/test_plugin.py
+++ b/tripleoclient/tests/test_plugin.py
@ -30,6 +30,7 @@ class TestPlugin(base.TestCase):

        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = None
        ws_create_connection.return_value.recv.return_value = json.dumps({
            "headers": {
                "status": 200
@ -74,6 +75,7 @@ class TestPlugin(base.TestCase):
        clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL
        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = None

        client = plugin.make_client(clientmgr)

@ -98,6 +100,7 @@ class TestPlugin(base.TestCase):
        clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL
        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = None

        client = plugin.make_client(clientmgr)

@ -114,6 +117,7 @@ class TestPlugin(base.TestCase):

        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
        ws_create_connection.return_value.recv.return_value = json.dumps({
            "headers": {
                "status": 200