openstack/python-tripleoclient
Code Issues Proposed changes

Handle tls endpoint for zaqar websocket client

Browse Source 
When creating zaqar websocket client, if the endpoint has tls enabled
provide the CA to the client.

Closes-Bug: 1791970
Change-Id: I09fca4ea80ae8246f136ea6998dfc7ad1c6bb4d2
This commit is contained in:
Jill Rouleau 2018-09-11 12:01:01 -06:00
parent c906002929
commit 6639b9e564
4 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tripleoclient/constants.py
View File

@ -79,3 +79,6 @@ ENABLE_SSH_ADMIN_SSH_PORT_TIMEOUT = 300
ADDITIONAL_ARCHITECTURES = ['ppc64le'] ADDITIONAL_ARCHITECTURES = ['ppc64le']
ANSIBLE_VALIDATION_DIR = '/usr/share/openstack-tripleo-validations/validations' ANSIBLE_VALIDATION_DIR = '/usr/share/openstack-tripleo-validations/validations'
# The path to the local CA certificate installed on the undercloud
LOCAL_CACERT_PATH = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'

9
tripleoclient/plugin.py
View File

@ -26,6 +26,8 @@ import websocket
from tripleoclient import exceptions from tripleoclient import exceptions
from tripleoclient import constants
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
DEFAULT_TRIPLEOCLIENT_API_VERSION = '1' DEFAULT_TRIPLEOCLIENT_API_VERSION = '1'
@ -83,7 +85,12 @@ class WebsocketClient(object):
LOG.debug('Instantiating messaging websocket client: %s', endpoint) LOG.debug('Instantiating messaging websocket client: %s', endpoint)
try: try:
self._ws = websocket.create_connection(endpoint) if 'wss:' in endpoint:
OS_CACERT = {"ca_certs": constants.LOCAL_CACERT_PATH}
self._ws = websocket.create_connection(endpoint,
sslopt=OS_CACERT)
else:
self._ws = websocket.create_connection(endpoint)
except socket.error: except socket.error:
LOG.error("Could not establish a connection to the Zaqar " LOG.error("Could not establish a connection to the Zaqar "
"websocket. The command was sent but the answer " "websocket. The command was sent but the answer "

1
tripleoclient/tests/fakes.py
View File

@ -20,6 +20,7 @@ import sys
AUTH_TOKEN = "foobar" AUTH_TOKEN = "foobar"
AUTH_URL = "http://0.0.0.0" AUTH_URL = "http://0.0.0.0"
WS_URL = "ws://0.0.0.0" WS_URL = "ws://0.0.0.0"
WSS_URL = "wss://0.0.0.0"
class FakeApp(object): class FakeApp(object):

28
tripleoclient/tests/test_plugin.py
View File

@ -106,3 +106,31 @@ class TestPlugin(base.TestCase):
with mock.patch('tripleoclient.plugin.LOG') as mock_log: with mock.patch('tripleoclient.plugin.LOG') as mock_log:
self.assertRaises(socket.error, client.messaging_websocket) self.assertRaises(socket.error, client.messaging_websocket)
mock_log.error.assert_called_once_with(msg) mock_log.error.assert_called_once_with(msg)
@mock.patch("websocket.create_connection")
def test_make_tls_client(self, ws_create_connection):
clientmgr = mock.MagicMock()
clientmgr.get_endpoint_for_service_type.return_value = fakes.WSS_URL
clientmgr.auth.get_token.return_value = "TOKEN"
clientmgr.auth_ref.project_id = "ID"
ws_create_connection.return_value.recv.return_value = json.dumps({
"headers": {
"status": 200
}
})
client = plugin.make_client(clientmgr)
websocket = client.messaging_websocket()
# The second access should not return the same client:
self.assertIsNot(client.messaging_websocket(), websocket)
plugin.make_client(clientmgr)
# And the functions should only be called when the client is created:
self.assertEqual(clientmgr.auth.get_token.call_count, 2)
self.assertEqual(clientmgr.get_endpoint_for_service_type.call_count, 2)
ws_create_connection.assert_called_with(
"wss://0.0.0.0",
sslopt={'ca_certs':
'/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'})