Use OS_CACERT for zaqar's websocket connection
The CA certificatge was hardcoded. This was not the right thing to do,
since we do have the ability to provide our own cert for TripleO.
python-openstackclient already has a way for us to know what certificate
was used. This is provided via the OS_CACERT environment variable (or
the --os-cacert command line argument). So we use this instead.
Change-Id: Ib7b3860378fce2cda7f80c1ad8b8dd14a4b22581
Closes-Bug: #1817634
(cherry picked from commit 24ac1f137c
)
This commit is contained in:
parent
7f8d8999d3
commit
d38a5c1dc7
|
@ -26,8 +26,6 @@ import websocket
|
|||
|
||||
from tripleoclient import exceptions
|
||||
|
||||
from tripleoclient import constants
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
DEFAULT_TRIPLEOCLIENT_API_VERSION = '1'
|
||||
|
@ -69,7 +67,7 @@ def build_option_parser(parser):
|
|||
|
||||
class WebsocketClient(object):
|
||||
|
||||
def __init__(self, instance, queue_name="tripleo"):
|
||||
def __init__(self, instance, queue_name="tripleo", cacert=None):
|
||||
self._project_id = None
|
||||
self._ws = None
|
||||
self._websocket_client_id = None
|
||||
|
@ -85,8 +83,8 @@ class WebsocketClient(object):
|
|||
|
||||
LOG.debug('Instantiating messaging websocket client: %s', endpoint)
|
||||
try:
|
||||
if 'wss:' in endpoint:
|
||||
OS_CACERT = {"ca_certs": constants.LOCAL_CACERT_PATH}
|
||||
if 'wss:' in endpoint and cacert:
|
||||
OS_CACERT = {"ca_certs": cacert}
|
||||
self._ws = websocket.create_connection(endpoint,
|
||||
sslopt=OS_CACERT)
|
||||
else:
|
||||
|
@ -209,7 +207,8 @@ class ClientWrapper(object):
|
|||
|
||||
def messaging_websocket(self, queue_name='tripleo'):
|
||||
"""Returns a websocket for the messaging service"""
|
||||
return WebsocketClient(self._instance, queue_name)
|
||||
return WebsocketClient(self._instance, queue_name,
|
||||
cacert=self._instance.cacert)
|
||||
|
||||
@property
|
||||
def object_store(self):
|
||||
|
|
|
@ -30,6 +30,7 @@ class TestPlugin(base.TestCase):
|
|||
|
||||
clientmgr.auth.get_token.return_value = "TOKEN"
|
||||
clientmgr.auth_ref.project_id = "ID"
|
||||
clientmgr.cacert = None
|
||||
ws_create_connection.return_value.recv.return_value = json.dumps({
|
||||
"headers": {
|
||||
"status": 200
|
||||
|
@ -74,6 +75,7 @@ class TestPlugin(base.TestCase):
|
|||
clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL
|
||||
clientmgr.auth.get_token.return_value = "TOKEN"
|
||||
clientmgr.auth_ref.project_id = "ID"
|
||||
clientmgr.cacert = None
|
||||
|
||||
client = plugin.make_client(clientmgr)
|
||||
|
||||
|
@ -98,6 +100,7 @@ class TestPlugin(base.TestCase):
|
|||
clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL
|
||||
clientmgr.auth.get_token.return_value = "TOKEN"
|
||||
clientmgr.auth_ref.project_id = "ID"
|
||||
clientmgr.cacert = None
|
||||
|
||||
client = plugin.make_client(clientmgr)
|
||||
|
||||
|
@ -114,6 +117,7 @@ class TestPlugin(base.TestCase):
|
|||
|
||||
clientmgr.auth.get_token.return_value = "TOKEN"
|
||||
clientmgr.auth_ref.project_id = "ID"
|
||||
clientmgr.cacert = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
|
||||
ws_create_connection.return_value.recv.return_value = json.dumps({
|
||||
"headers": {
|
||||
"status": 200
|
||||
|
|
Loading…
Reference in New Issue