Merge "configure ssl in deployment config"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
ba108d3016
@ -32,7 +32,9 @@ class ExistingCloud(engine.EngineFactory):
|
||||
"username": "admin",
|
||||
"password": "password",
|
||||
"tenant_name": "demo"
|
||||
}
|
||||
},
|
||||
"https_insecure": False,
|
||||
"https_cacert": "",
|
||||
}
|
||||
|
||||
Or, using keystone v3 API endpoint:
|
||||
@ -48,7 +50,9 @@ class ExistingCloud(engine.EngineFactory):
|
||||
"user_domain_name": "admin",
|
||||
"project_name": "admin",
|
||||
"project_domain_name": "admin",
|
||||
}
|
||||
},
|
||||
"https_insecure": False,
|
||||
"https_cacert": "",
|
||||
}
|
||||
"""
|
||||
|
||||
@ -91,6 +95,8 @@ class ExistingCloud(engine.EngineFactory):
|
||||
"enum": [consts.EndpointType.ADMIN,
|
||||
consts.EndpointType.INTERNAL,
|
||||
consts.EndpointType.PUBLIC]},
|
||||
"https_insecure": {"type": "boolean"},
|
||||
"https_cacert": {"type": "string"},
|
||||
},
|
||||
"anyOf": [
|
||||
{
|
||||
@ -120,7 +126,9 @@ class ExistingCloud(engine.EngineFactory):
|
||||
endpoint=common.get("endpoint"),
|
||||
domain_name=user.get("domain_name"),
|
||||
user_domain_name=user.get("user_domain_name", "Default"),
|
||||
project_domain_name=user.get("project_domain_name", "Default")
|
||||
project_domain_name=user.get("project_domain_name", "Default"),
|
||||
https_insecure=common.get("https_insecure", False),
|
||||
https_cacert=common.get("https_cacert")
|
||||
)
|
||||
|
||||
def deploy(self):
|
||||
|
||||
@ -22,7 +22,8 @@ class Endpoint(object):
|
||||
permission=consts.EndpointPermission.USER,
|
||||
region_name=None, endpoint_type=consts.EndpointType.PUBLIC,
|
||||
admin_port=None, domain_name=None, endpoint=None,
|
||||
user_domain_name="Default", project_domain_name="Default"):
|
||||
user_domain_name="Default", project_domain_name="Default",
|
||||
https_insecure=None, https_cacert=None):
|
||||
self.auth_url = auth_url
|
||||
self.username = username
|
||||
self.password = password
|
||||
@ -34,6 +35,8 @@ class Endpoint(object):
|
||||
self.user_domain_name = user_domain_name
|
||||
self.project_domain_name = project_domain_name
|
||||
self.endpoint = endpoint
|
||||
self.insecure = https_insecure
|
||||
self.cacert = https_cacert
|
||||
if admin_port:
|
||||
import warnings
|
||||
warnings.warn("'admin_port' argument is deprecated and will "
|
||||
@ -46,6 +49,8 @@ class Endpoint(object):
|
||||
"endpoint_type": self.endpoint_type,
|
||||
"domain_name": self.domain_name,
|
||||
"endpoint": self.endpoint,
|
||||
"https_insecure": self.insecure,
|
||||
"https_cacert": self.cacert,
|
||||
"user_domain_name": self.user_domain_name,
|
||||
"project_domain_name": self.project_domain_name}
|
||||
if include_permission:
|
||||
|
||||
@ -30,9 +30,11 @@ OSCLIENTS_OPTS = [
|
||||
cfg.FloatOpt("openstack_client_http_timeout", default=180.0,
|
||||
help="HTTP timeout for any of OpenStack service in seconds"),
|
||||
cfg.BoolOpt("https_insecure", default=False,
|
||||
help="Use SSL for all OpenStack API interfaces"),
|
||||
help="Use SSL for all OpenStack API interfaces",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt("https_cacert", default=None,
|
||||
help="Path to CA server cetrificate for SSL")
|
||||
help="Path to CA server cetrificate for SSL",
|
||||
deprecated_for_removal=True)
|
||||
]
|
||||
CONF.register_opts(OSCLIENTS_OPTS)
|
||||
|
||||
@ -73,6 +75,12 @@ class Clients(object):
|
||||
|
||||
def __init__(self, endpoint):
|
||||
self.endpoint = endpoint
|
||||
# NOTE(kun) Apply insecure/cacert settings from rally.conf if those are
|
||||
# not set in deployment config. Remove it when invaild.
|
||||
if self.endpoint.insecure is None:
|
||||
self.endpoint.insecure = CONF.https_insecure
|
||||
if self.endpoint.cacert is None:
|
||||
self.endpoint.cacert = CONF.https_cacert
|
||||
self.cache = {}
|
||||
|
||||
@classmethod
|
||||
@ -95,7 +103,7 @@ class Clients(object):
|
||||
"""Return keystone client."""
|
||||
new_kw = {
|
||||
"timeout": CONF.openstack_client_http_timeout,
|
||||
"insecure": CONF.https_insecure, "cacert": CONF.https_cacert
|
||||
"insecure": self.endpoint.insecure, "cacert": self.endpoint.cacert
|
||||
}
|
||||
kw = self.endpoint.to_dict()
|
||||
kw.update(new_kw)
|
||||
@ -137,8 +145,8 @@ class Clients(object):
|
||||
auth_token=kc.auth_token,
|
||||
http_log_debug=logging.is_debug(),
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
client.set_management_url(compute_api_url)
|
||||
return client
|
||||
|
||||
@ -155,8 +163,8 @@ class Clients(object):
|
||||
token=kc.auth_token,
|
||||
endpoint_url=network_api_url,
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
ca_cert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
ca_cert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -172,8 +180,8 @@ class Clients(object):
|
||||
endpoint=image_api_url,
|
||||
token=kc.auth_token,
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -189,8 +197,8 @@ class Clients(object):
|
||||
endpoint=orchestration_api_url,
|
||||
token=kc.auth_token,
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -200,8 +208,8 @@ class Clients(object):
|
||||
client = cinder.Client(version, None, None,
|
||||
http_log_debug=logging.is_debug(),
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
kc = self.keystone()
|
||||
volume_api_url = kc.service_catalog.url_for(
|
||||
service_type="volume",
|
||||
@ -230,8 +238,8 @@ class Clients(object):
|
||||
os_endpoint=metering_api_url,
|
||||
token=auth_token,
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -247,8 +255,8 @@ class Clients(object):
|
||||
os_auth_token=kc.auth_token,
|
||||
ironic_url=baremetal_api_url,
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -278,7 +286,7 @@ class Clients(object):
|
||||
"os_project_name": self.endpoint.tenant_name,
|
||||
"os_project_id": kc.auth_tenant_id,
|
||||
"os_auth_url": self.endpoint.auth_url,
|
||||
"insecure": CONF.https_insecure,
|
||||
"insecure": self.endpoint.insecure,
|
||||
}}}
|
||||
client = zaqar.Client(url=messaging_api_url,
|
||||
version=version,
|
||||
@ -313,7 +321,7 @@ class Clients(object):
|
||||
client = designate.Client(
|
||||
endpoint=dns_api_url,
|
||||
token=kc.auth_token,
|
||||
insecure=CONF.https_insecure)
|
||||
insecure=self.endpoint.insecure)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -327,8 +335,8 @@ class Clients(object):
|
||||
auth_url=self.endpoint.auth_url,
|
||||
region_name=self.endpoint.region_name,
|
||||
timeout=CONF.openstack_client_http_timeout,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -359,8 +367,8 @@ class Clients(object):
|
||||
client = swift.Connection(retries=1,
|
||||
preauthurl=object_api_url,
|
||||
preauthtoken=kc.auth_token,
|
||||
insecure=CONF.https_insecure,
|
||||
cacert=CONF.https_cacert)
|
||||
insecure=self.endpoint.insecure,
|
||||
cacert=self.endpoint.cacert)
|
||||
return client
|
||||
|
||||
@cached
|
||||
@ -382,7 +390,7 @@ class Clients(object):
|
||||
url=ec2_api_url,
|
||||
aws_access_key_id=ec2_credential.access,
|
||||
aws_secret_access_key=ec2_credential.secret,
|
||||
is_secure=CONF.https_insecure)
|
||||
is_secure=self.endpoint.insecure)
|
||||
return client
|
||||
|
||||
@cached
|
||||
|
||||
@ -9,5 +9,7 @@
|
||||
"user_domain_name": "admin",
|
||||
"project_name": "admin",
|
||||
"project_domain_name": "admin",
|
||||
}
|
||||
},
|
||||
"https_insecure": False,
|
||||
"https_cacert": "",
|
||||
}
|
||||
|
||||
@ -8,5 +8,7 @@
|
||||
"username": "admin",
|
||||
"password": "pa55word",
|
||||
"tenant_name": "demo"
|
||||
}
|
||||
},
|
||||
"https_insecure": False,
|
||||
"https_cacert": "",
|
||||
}
|
||||
|
||||
@ -7,5 +7,7 @@
|
||||
"username": "admin",
|
||||
"password": "myadminpass",
|
||||
"tenant_name": "demo"
|
||||
}
|
||||
},
|
||||
"https_insecure": False,
|
||||
"https_cacert": "",
|
||||
}
|
||||
|
||||
@ -32,6 +32,8 @@ class TestExistingCloud(test.TestCase):
|
||||
"auth_url": "http://example.net:5000/v2.0/",
|
||||
"region_name": "RegionOne",
|
||||
"endpoint_type": consts.EndpointType.INTERNAL,
|
||||
"https_insecure": False,
|
||||
"https_cacert": None,
|
||||
"admin": {
|
||||
"username": "admin",
|
||||
"password": "myadminpass",
|
||||
|
||||
@ -33,6 +33,8 @@ class EndpointTestCase(test.TestCase):
|
||||
"domain_name": None,
|
||||
"endpoint": None,
|
||||
"endpoint_type": consts.EndpointType.PUBLIC,
|
||||
"https_insecure": None,
|
||||
"https_cacert": None,
|
||||
"project_domain_name": "Default",
|
||||
"user_domain_name": "Default"})
|
||||
|
||||
@ -50,6 +52,8 @@ class EndpointTestCase(test.TestCase):
|
||||
"endpoint": None,
|
||||
"permission": consts.EndpointPermission.ADMIN,
|
||||
"endpoint_type": consts.EndpointType.PUBLIC,
|
||||
"https_insecure": None,
|
||||
"https_cacert": None,
|
||||
"project_domain_name": "Default",
|
||||
"user_domain_name": "Default"})
|
||||
|
||||
@ -67,5 +71,7 @@ class EndpointTestCase(test.TestCase):
|
||||
"domain_name": None,
|
||||
"endpoint": "foo_endpoint",
|
||||
"endpoint_type": consts.EndpointType.PUBLIC,
|
||||
"https_insecure": None,
|
||||
"https_cacert": None,
|
||||
"project_domain_name": "Default",
|
||||
"user_domain_name": "Default"})
|
||||
|
||||
@ -177,6 +177,8 @@ class BaseDeploymentTestCase(test.TestCase):
|
||||
admin_endpoint["endpoint"] = None
|
||||
admin_endpoint.update(admin_endpoint.pop("admin"))
|
||||
admin_endpoint["permission"] = consts.EndpointPermission.ADMIN
|
||||
admin_endpoint["https_insecure"] = False
|
||||
admin_endpoint["https_cacert"] = None
|
||||
self.endpoints = {"admin": admin_endpoint, "users": []}
|
||||
self.deployment = {
|
||||
"uuid": self.deployment_uuid,
|
||||
|
||||
@ -31,7 +31,8 @@ class TestCreateKeystoneClient(test.TestCase):
|
||||
def setUp(self):
|
||||
super(TestCreateKeystoneClient, self).setUp()
|
||||
self.kwargs = {"auth_url": "http://auth_url", "username": "user",
|
||||
"password": "password", "tenant_name": "tenant"}
|
||||
"password": "password", "tenant_name": "tenant",
|
||||
"https_insecure": False, "https_cacert": None}
|
||||
|
||||
def test_create_keystone_client_v2(self):
|
||||
mock_keystone = mock.MagicMock()
|
||||
@ -179,8 +180,8 @@ class OSClientsTestCase(test.TestCase):
|
||||
"token": self.fake_keystone.auth_token,
|
||||
"endpoint_url": self.service_catalog.url_for.return_value,
|
||||
"timeout": cfg.CONF.openstack_client_http_timeout,
|
||||
"insecure": cfg.CONF.https_insecure,
|
||||
"ca_cert": cfg.CONF.https_cacert
|
||||
"insecure": self.endpoint.insecure,
|
||||
"ca_cert": self.endpoint.cacert
|
||||
}
|
||||
self.service_catalog.url_for.assert_called_once_with(
|
||||
service_type="network",
|
||||
@ -270,8 +271,8 @@ class OSClientsTestCase(test.TestCase):
|
||||
"os_auth_token": self.fake_keystone.auth_token,
|
||||
"ironic_url": self.service_catalog.url_for.return_value,
|
||||
"timeout": cfg.CONF.openstack_client_http_timeout,
|
||||
"insecure": cfg.CONF.https_insecure,
|
||||
"cacert": cfg.CONF.https_cacert
|
||||
"insecure": self.endpoint.insecure,
|
||||
"cacert": self.endpoint.cacert
|
||||
}
|
||||
mock_ironic.client.get_client.assert_called_once_with("1.0", **kw)
|
||||
self.assertEqual(fake_ironic, self.clients.cache["ironic"])
|
||||
@ -313,7 +314,7 @@ class OSClientsTestCase(test.TestCase):
|
||||
"os_project_name": self.endpoint.tenant_name,
|
||||
"os_project_id": self.fake_keystone.auth_tenant_id,
|
||||
"os_auth_url": self.endpoint.auth_url,
|
||||
"insecure": cfg.CONF.https_insecure,
|
||||
"insecure": self.endpoint.insecure,
|
||||
}}}
|
||||
mock_zaqar.client.Client.assert_called_once_with(
|
||||
url=fake_zaqar_url, version=1.1, conf=conf)
|
||||
@ -334,8 +335,8 @@ class OSClientsTestCase(test.TestCase):
|
||||
"auth_url": self.endpoint.auth_url,
|
||||
"region_name": self.endpoint.region_name,
|
||||
"timeout": cfg.CONF.openstack_client_http_timeout,
|
||||
"insecure": cfg.CONF.https_insecure,
|
||||
"cacert": cfg.CONF.https_cacert
|
||||
"insecure": self.endpoint.insecure,
|
||||
"cacert": self.endpoint.cacert
|
||||
}
|
||||
mock_trove.client.Client.assert_called_once_with("1.0", **kw)
|
||||
self.assertEqual(fake_trove, self.clients.cache["trove"])
|
||||
@ -405,7 +406,7 @@ class OSClientsTestCase(test.TestCase):
|
||||
"url": "http://fake.to:1/fake",
|
||||
"aws_access_key_id": "fake_access",
|
||||
"aws_secret_access_key": "fake_secret",
|
||||
"is_secure": cfg.CONF.https_insecure,
|
||||
"is_secure": self.endpoint.insecure,
|
||||
}
|
||||
mock_boto.connect_ec2_endpoint.assert_called_once_with(**kw)
|
||||
self.assertEqual(fake_ec2, self.clients.cache["ec2"])
|
||||
@ -417,7 +418,7 @@ class OSClientsTestCase(test.TestCase):
|
||||
"unknown_service": {}}
|
||||
mock_keystone.return_value = mock.Mock(service_catalog=mock.Mock(
|
||||
get_endpoints=lambda: available_services))
|
||||
clients = osclients.Clients({})
|
||||
clients = osclients.Clients(self.endpoint)
|
||||
|
||||
self.assertEqual(
|
||||
{consts.ServiceType.IDENTITY: consts.Service.KEYSTONE,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user