Use OS_CACERT for zaqar's websocket connection

The CA certificatge was hardcoded. This was not the right thing to do, since we do have the ability to provide our own cert for TripleO. python-openstackclient already has a way for us to know what certificate was used. This is provided via the OS_CACERT environment variable (or the --os-cacert command line argument). So we use this instead. Change-Id: Ib7b3860378fce2cda7f80c1ad8b8dd14a4b22581 Closes-Bug: #1817634 (cherry picked from commit 24ac1f137c)
2019-03-11 09:53:06 +02:00 · 2019-03-11 09:53:06 +02:00 · d38a5c1dc7
parent 7f8d8999d3
commit d38a5c1dc7
2 changed files with 9 additions and 6 deletions
--- a/tripleoclient/plugin.py
+++ b/tripleoclient/plugin.py
@ -26,8 +26,6 @@ import websocket

 from tripleoclient import exceptions

-from tripleoclient import constants
-
 LOG = logging.getLogger(__name__)

 DEFAULT_TRIPLEOCLIENT_API_VERSION = '1'
@ -69,7 +67,7 @@ def build_option_parser(parser):

 class WebsocketClient(object):

-    def __init__(self, instance, queue_name="tripleo"):
+    def __init__(self, instance, queue_name="tripleo", cacert=None):
        self._project_id = None
        self._ws = None
        self._websocket_client_id = None
@ -85,8 +83,8 @@ class WebsocketClient(object):

        LOG.debug('Instantiating messaging websocket client: %s', endpoint)
        try:
-            if 'wss:' in endpoint:
-                OS_CACERT = {"ca_certs": constants.LOCAL_CACERT_PATH}
+            if 'wss:' in endpoint and cacert:
+                OS_CACERT = {"ca_certs": cacert}
                self._ws = websocket.create_connection(endpoint,
                                                       sslopt=OS_CACERT)
            else:
@ -209,7 +207,8 @@ class ClientWrapper(object):

    def messaging_websocket(self, queue_name='tripleo'):
        """Returns a websocket for the messaging service"""
-        return WebsocketClient(self._instance, queue_name)
+        return WebsocketClient(self._instance, queue_name,
+                               cacert=self._instance.cacert)

    @property
    def object_store(self):
--- a/tripleoclient/tests/test_plugin.py
+++ b/tripleoclient/tests/test_plugin.py
@ -30,6 +30,7 @@ class TestPlugin(base.TestCase):

        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = None
        ws_create_connection.return_value.recv.return_value = json.dumps({
            "headers": {
                "status": 200
@ -74,6 +75,7 @@ class TestPlugin(base.TestCase):
        clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL
        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = None

        client = plugin.make_client(clientmgr)

@ -98,6 +100,7 @@ class TestPlugin(base.TestCase):
        clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL
        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = None

        client = plugin.make_client(clientmgr)

@ -114,6 +117,7 @@ class TestPlugin(base.TestCase):

        clientmgr.auth.get_token.return_value = "TOKEN"
        clientmgr.auth_ref.project_id = "ID"
+        clientmgr.cacert = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
        ws_create_connection.return_value.recv.return_value = json.dumps({
            "headers": {
                "status": 200