openstack/rally
Code Issues Proposed changes

Merge "configure ssl in deployment config"

Browse Source
This commit is contained in:
Jenkins 2015-04-04 06:35:45 +00:00 committed by Gerrit Code Review
commit ba108d3016
10 changed files with 79 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
rally/deploy/engines/existing.py
View File

@ -32,7 +32,9 @@ class ExistingCloud(engine.EngineFactory):
"username": "admin", "username": "admin",
"password": "password", "password": "password",
"tenant_name": "demo" "tenant_name": "demo"
} },
"https_insecure": False,
"https_cacert": "",
} }
Or, using keystone v3 API endpoint: Or, using keystone v3 API endpoint:
@ -48,7 +50,9 @@ class ExistingCloud(engine.EngineFactory):
"user_domain_name": "admin", "user_domain_name": "admin",
"project_name": "admin", "project_name": "admin",
"project_domain_name": "admin", "project_domain_name": "admin",
} },
"https_insecure": False,
"https_cacert": "",
} }
""" """
@ -91,6 +95,8 @@ class ExistingCloud(engine.EngineFactory):
"enum": [consts.EndpointType.ADMIN, "enum": [consts.EndpointType.ADMIN,
consts.EndpointType.INTERNAL, consts.EndpointType.INTERNAL,
consts.EndpointType.PUBLIC]}, consts.EndpointType.PUBLIC]},
"https_insecure": {"type": "boolean"},
"https_cacert": {"type": "string"},
}, },
"anyOf": [ "anyOf": [
{ {
@ -120,7 +126,9 @@ class ExistingCloud(engine.EngineFactory):
endpoint=common.get("endpoint"), endpoint=common.get("endpoint"),
domain_name=user.get("domain_name"), domain_name=user.get("domain_name"),
user_domain_name=user.get("user_domain_name", "Default"), user_domain_name=user.get("user_domain_name", "Default"),
project_domain_name=user.get("project_domain_name", "Default") project_domain_name=user.get("project_domain_name", "Default"),
https_insecure=common.get("https_insecure", False),
https_cacert=common.get("https_cacert")
) )
def deploy(self): def deploy(self):

7
rally/objects/endpoint.py
View File

@ -22,7 +22,8 @@ class Endpoint(object):
permission=consts.EndpointPermission.USER, permission=consts.EndpointPermission.USER,
region_name=None, endpoint_type=consts.EndpointType.PUBLIC, region_name=None, endpoint_type=consts.EndpointType.PUBLIC,
admin_port=None, domain_name=None, endpoint=None, admin_port=None, domain_name=None, endpoint=None,
user_domain_name="Default", project_domain_name="Default"): user_domain_name="Default", project_domain_name="Default",
https_insecure=None, https_cacert=None):
self.auth_url = auth_url self.auth_url = auth_url
self.username = username self.username = username
self.password = password self.password = password
@ -34,6 +35,8 @@ class Endpoint(object):
self.user_domain_name = user_domain_name self.user_domain_name = user_domain_name
self.project_domain_name = project_domain_name self.project_domain_name = project_domain_name
self.endpoint = endpoint self.endpoint = endpoint
self.insecure = https_insecure
self.cacert = https_cacert
if admin_port: if admin_port:
import warnings import warnings
warnings.warn("'admin_port' argument is deprecated and will " warnings.warn("'admin_port' argument is deprecated and will "
@ -46,6 +49,8 @@ class Endpoint(object):
"endpoint_type": self.endpoint_type, "endpoint_type": self.endpoint_type,
"domain_name": self.domain_name, "domain_name": self.domain_name,
"endpoint": self.endpoint, "endpoint": self.endpoint,
"https_insecure": self.insecure,
"https_cacert": self.cacert,
"user_domain_name": self.user_domain_name, "user_domain_name": self.user_domain_name,
"project_domain_name": self.project_domain_name} "project_domain_name": self.project_domain_name}
if include_permission: if include_permission:

56
rally/osclients.py
View File

@ -30,9 +30,11 @@ OSCLIENTS_OPTS = [
cfg.FloatOpt("openstack_client_http_timeout", default=180.0, cfg.FloatOpt("openstack_client_http_timeout", default=180.0,
help="HTTP timeout for any of OpenStack service in seconds"), help="HTTP timeout for any of OpenStack service in seconds"),
cfg.BoolOpt("https_insecure", default=False, cfg.BoolOpt("https_insecure", default=False,
help="Use SSL for all OpenStack API interfaces"), help="Use SSL for all OpenStack API interfaces",
deprecated_for_removal=True),
cfg.StrOpt("https_cacert", default=None, cfg.StrOpt("https_cacert", default=None,
help="Path to CA server cetrificate for SSL") help="Path to CA server cetrificate for SSL",
deprecated_for_removal=True)
] ]
CONF.register_opts(OSCLIENTS_OPTS) CONF.register_opts(OSCLIENTS_OPTS)
@ -73,6 +75,12 @@ class Clients(object):
def __init__(self, endpoint): def __init__(self, endpoint):
self.endpoint = endpoint self.endpoint = endpoint
# NOTE(kun) Apply insecure/cacert settings from rally.conf if those are
# not set in deployment config. Remove it when invaild.
if self.endpoint.insecure is None:
self.endpoint.insecure = CONF.https_insecure
if self.endpoint.cacert is None:
self.endpoint.cacert = CONF.https_cacert
self.cache = {} self.cache = {}
@classmethod @classmethod
@ -95,7 +103,7 @@ class Clients(object):
"""Return keystone client.""" """Return keystone client."""
new_kw = { new_kw = {
"timeout": CONF.openstack_client_http_timeout, "timeout": CONF.openstack_client_http_timeout,
"insecure": CONF.https_insecure, "cacert": CONF.https_cacert "insecure": self.endpoint.insecure, "cacert": self.endpoint.cacert
} }
kw = self.endpoint.to_dict() kw = self.endpoint.to_dict()
kw.update(new_kw) kw.update(new_kw)
@ -137,8 +145,8 @@ class Clients(object):
auth_token=kc.auth_token, auth_token=kc.auth_token,
http_log_debug=logging.is_debug(), http_log_debug=logging.is_debug(),
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
client.set_management_url(compute_api_url) client.set_management_url(compute_api_url)
return client return client
@ -155,8 +163,8 @@ class Clients(object):
token=kc.auth_token, token=kc.auth_token,
endpoint_url=network_api_url, endpoint_url=network_api_url,
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
ca_cert=CONF.https_cacert) ca_cert=self.endpoint.cacert)
return client return client
@cached @cached
@ -172,8 +180,8 @@ class Clients(object):
endpoint=image_api_url, endpoint=image_api_url,
token=kc.auth_token, token=kc.auth_token,
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
return client return client
@cached @cached
@ -189,8 +197,8 @@ class Clients(object):
endpoint=orchestration_api_url, endpoint=orchestration_api_url,
token=kc.auth_token, token=kc.auth_token,
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
return client return client
@cached @cached
@ -200,8 +208,8 @@ class Clients(object):
client = cinder.Client(version, None, None, client = cinder.Client(version, None, None,
http_log_debug=logging.is_debug(), http_log_debug=logging.is_debug(),
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
kc = self.keystone() kc = self.keystone()
volume_api_url = kc.service_catalog.url_for( volume_api_url = kc.service_catalog.url_for(
service_type="volume", service_type="volume",
@ -230,8 +238,8 @@ class Clients(object):
os_endpoint=metering_api_url, os_endpoint=metering_api_url,
token=auth_token, token=auth_token,
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
return client return client
@cached @cached
@ -247,8 +255,8 @@ class Clients(object):
os_auth_token=kc.auth_token, os_auth_token=kc.auth_token,
ironic_url=baremetal_api_url, ironic_url=baremetal_api_url,
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
return client return client
@cached @cached
@ -278,7 +286,7 @@ class Clients(object):
"os_project_name": self.endpoint.tenant_name, "os_project_name": self.endpoint.tenant_name,
"os_project_id": kc.auth_tenant_id, "os_project_id": kc.auth_tenant_id,
"os_auth_url": self.endpoint.auth_url, "os_auth_url": self.endpoint.auth_url,
"insecure": CONF.https_insecure, "insecure": self.endpoint.insecure,
}}} }}}
client = zaqar.Client(url=messaging_api_url, client = zaqar.Client(url=messaging_api_url,
version=version, version=version,
@ -313,7 +321,7 @@ class Clients(object):
client = designate.Client( client = designate.Client(
endpoint=dns_api_url, endpoint=dns_api_url,
token=kc.auth_token, token=kc.auth_token,
insecure=CONF.https_insecure) insecure=self.endpoint.insecure)
return client return client
@cached @cached
@ -327,8 +335,8 @@ class Clients(object):
auth_url=self.endpoint.auth_url, auth_url=self.endpoint.auth_url,
region_name=self.endpoint.region_name, region_name=self.endpoint.region_name,
timeout=CONF.openstack_client_http_timeout, timeout=CONF.openstack_client_http_timeout,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
return client return client
@cached @cached
@ -359,8 +367,8 @@ class Clients(object):
client = swift.Connection(retries=1, client = swift.Connection(retries=1,
preauthurl=object_api_url, preauthurl=object_api_url,
preauthtoken=kc.auth_token, preauthtoken=kc.auth_token,
insecure=CONF.https_insecure, insecure=self.endpoint.insecure,
cacert=CONF.https_cacert) cacert=self.endpoint.cacert)
return client return client
@cached @cached
@ -382,7 +390,7 @@ class Clients(object):
url=ec2_api_url, url=ec2_api_url,
aws_access_key_id=ec2_credential.access, aws_access_key_id=ec2_credential.access,
aws_secret_access_key=ec2_credential.secret, aws_secret_access_key=ec2_credential.secret,
is_secure=CONF.https_insecure) is_secure=self.endpoint.insecure)
return client return client
@cached @cached

4
samples/deployments/existing-keystone-v3.json
View File

@ -9,5 +9,7 @@
"user_domain_name": "admin", "user_domain_name": "admin",
"project_name": "admin", "project_name": "admin",
"project_domain_name": "admin", "project_domain_name": "admin",
} },
"https_insecure": False,
"https_cacert": "",
} }

4
samples/deployments/existing-with-given-endpoint.json
View File

@ -8,5 +8,7 @@
"username": "admin", "username": "admin",
"password": "pa55word", "password": "pa55word",
"tenant_name": "demo" "tenant_name": "demo"
} },
"https_insecure": False,
"https_cacert": "",
} }

4
samples/deployments/existing.json
View File

@ -7,5 +7,7 @@
"username": "admin", "username": "admin",
"password": "myadminpass", "password": "myadminpass",
"tenant_name": "demo" "tenant_name": "demo"
} },
"https_insecure": False,
"https_cacert": "",
} }

2
tests/unit/deploy/engines/test_existing.py
View File

@ -32,6 +32,8 @@ class TestExistingCloud(test.TestCase):
"auth_url": "http://example.net:5000/v2.0/", "auth_url": "http://example.net:5000/v2.0/",
"region_name": "RegionOne", "region_name": "RegionOne",
"endpoint_type": consts.EndpointType.INTERNAL, "endpoint_type": consts.EndpointType.INTERNAL,
"https_insecure": False,
"https_cacert": None,
"admin": { "admin": {
"username": "admin", "username": "admin",
"password": "myadminpass", "password": "myadminpass",

6
tests/unit/objects/test_endpoint.py
View File

@ -33,6 +33,8 @@ class EndpointTestCase(test.TestCase):
"domain_name": None, "domain_name": None,
"endpoint": None, "endpoint": None,
"endpoint_type": consts.EndpointType.PUBLIC, "endpoint_type": consts.EndpointType.PUBLIC,
"https_insecure": None,
"https_cacert": None,
"project_domain_name": "Default", "project_domain_name": "Default",
"user_domain_name": "Default"}) "user_domain_name": "Default"})
@ -50,6 +52,8 @@ class EndpointTestCase(test.TestCase):
"endpoint": None, "endpoint": None,
"permission": consts.EndpointPermission.ADMIN, "permission": consts.EndpointPermission.ADMIN,
"endpoint_type": consts.EndpointType.PUBLIC, "endpoint_type": consts.EndpointType.PUBLIC,
"https_insecure": None,
"https_cacert": None,
"project_domain_name": "Default", "project_domain_name": "Default",
"user_domain_name": "Default"}) "user_domain_name": "Default"})
@ -67,5 +71,7 @@ class EndpointTestCase(test.TestCase):
"domain_name": None, "domain_name": None,
"endpoint": "foo_endpoint", "endpoint": "foo_endpoint",
"endpoint_type": consts.EndpointType.PUBLIC, "endpoint_type": consts.EndpointType.PUBLIC,
"https_insecure": None,
"https_cacert": None,
"project_domain_name": "Default", "project_domain_name": "Default",
"user_domain_name": "Default"}) "user_domain_name": "Default"})

2
tests/unit/test_api.py
View File

@ -177,6 +177,8 @@ class BaseDeploymentTestCase(test.TestCase):
admin_endpoint["endpoint"] = None admin_endpoint["endpoint"] = None
admin_endpoint.update(admin_endpoint.pop("admin")) admin_endpoint.update(admin_endpoint.pop("admin"))
admin_endpoint["permission"] = consts.EndpointPermission.ADMIN admin_endpoint["permission"] = consts.EndpointPermission.ADMIN
admin_endpoint["https_insecure"] = False
admin_endpoint["https_cacert"] = None
self.endpoints = {"admin": admin_endpoint, "users": []} self.endpoints = {"admin": admin_endpoint, "users": []}
self.deployment = { self.deployment = {
"uuid": self.deployment_uuid, "uuid": self.deployment_uuid,

21
tests/unit/test_osclients.py
View File

@ -31,7 +31,8 @@ class TestCreateKeystoneClient(test.TestCase):
def setUp(self): def setUp(self):
super(TestCreateKeystoneClient, self).setUp() super(TestCreateKeystoneClient, self).setUp()
self.kwargs = {"auth_url": "http://auth_url", "username": "user", self.kwargs = {"auth_url": "http://auth_url", "username": "user",
"password": "password", "tenant_name": "tenant"} "password": "password", "tenant_name": "tenant",
"https_insecure": False, "https_cacert": None}
def test_create_keystone_client_v2(self): def test_create_keystone_client_v2(self):
mock_keystone = mock.MagicMock() mock_keystone = mock.MagicMock()
@ -179,8 +180,8 @@ class OSClientsTestCase(test.TestCase):
"token": self.fake_keystone.auth_token, "token": self.fake_keystone.auth_token,
"endpoint_url": self.service_catalog.url_for.return_value, "endpoint_url": self.service_catalog.url_for.return_value,
"timeout": cfg.CONF.openstack_client_http_timeout, "timeout": cfg.CONF.openstack_client_http_timeout,
"insecure": cfg.CONF.https_insecure, "insecure": self.endpoint.insecure,
"ca_cert": cfg.CONF.https_cacert "ca_cert": self.endpoint.cacert
} }
self.service_catalog.url_for.assert_called_once_with( self.service_catalog.url_for.assert_called_once_with(
service_type="network", service_type="network",
@ -270,8 +271,8 @@ class OSClientsTestCase(test.TestCase):
"os_auth_token": self.fake_keystone.auth_token, "os_auth_token": self.fake_keystone.auth_token,
"ironic_url": self.service_catalog.url_for.return_value, "ironic_url": self.service_catalog.url_for.return_value,
"timeout": cfg.CONF.openstack_client_http_timeout, "timeout": cfg.CONF.openstack_client_http_timeout,
"insecure": cfg.CONF.https_insecure, "insecure": self.endpoint.insecure,
"cacert": cfg.CONF.https_cacert "cacert": self.endpoint.cacert
} }
mock_ironic.client.get_client.assert_called_once_with("1.0", **kw) mock_ironic.client.get_client.assert_called_once_with("1.0", **kw)
self.assertEqual(fake_ironic, self.clients.cache["ironic"]) self.assertEqual(fake_ironic, self.clients.cache["ironic"])
@ -313,7 +314,7 @@ class OSClientsTestCase(test.TestCase):
"os_project_name": self.endpoint.tenant_name, "os_project_name": self.endpoint.tenant_name,
"os_project_id": self.fake_keystone.auth_tenant_id, "os_project_id": self.fake_keystone.auth_tenant_id,
"os_auth_url": self.endpoint.auth_url, "os_auth_url": self.endpoint.auth_url,
"insecure": cfg.CONF.https_insecure, "insecure": self.endpoint.insecure,
}}} }}}
mock_zaqar.client.Client.assert_called_once_with( mock_zaqar.client.Client.assert_called_once_with(
url=fake_zaqar_url, version=1.1, conf=conf) url=fake_zaqar_url, version=1.1, conf=conf)
@ -334,8 +335,8 @@ class OSClientsTestCase(test.TestCase):
"auth_url": self.endpoint.auth_url, "auth_url": self.endpoint.auth_url,
"region_name": self.endpoint.region_name, "region_name": self.endpoint.region_name,
"timeout": cfg.CONF.openstack_client_http_timeout, "timeout": cfg.CONF.openstack_client_http_timeout,
"insecure": cfg.CONF.https_insecure, "insecure": self.endpoint.insecure,
"cacert": cfg.CONF.https_cacert "cacert": self.endpoint.cacert
} }
mock_trove.client.Client.assert_called_once_with("1.0", **kw) mock_trove.client.Client.assert_called_once_with("1.0", **kw)
self.assertEqual(fake_trove, self.clients.cache["trove"]) self.assertEqual(fake_trove, self.clients.cache["trove"])
@ -405,7 +406,7 @@ class OSClientsTestCase(test.TestCase):
"url": "http://fake.to:1/fake", "url": "http://fake.to:1/fake",
"aws_access_key_id": "fake_access", "aws_access_key_id": "fake_access",
"aws_secret_access_key": "fake_secret", "aws_secret_access_key": "fake_secret",
"is_secure": cfg.CONF.https_insecure, "is_secure": self.endpoint.insecure,
} }
mock_boto.connect_ec2_endpoint.assert_called_once_with(**kw) mock_boto.connect_ec2_endpoint.assert_called_once_with(**kw)
self.assertEqual(fake_ec2, self.clients.cache["ec2"]) self.assertEqual(fake_ec2, self.clients.cache["ec2"])
@ -417,7 +418,7 @@ class OSClientsTestCase(test.TestCase):
"unknown_service": {}} "unknown_service": {}}
mock_keystone.return_value = mock.Mock(service_catalog=mock.Mock( mock_keystone.return_value = mock.Mock(service_catalog=mock.Mock(
get_endpoints=lambda: available_services)) get_endpoints=lambda: available_services))
clients = osclients.Clients({}) clients = osclients.Clients(self.endpoint)
self.assertEqual( self.assertEqual(
{consts.ServiceType.IDENTITY: consts.Service.KEYSTONE, {consts.ServiceType.IDENTITY: consts.Service.KEYSTONE,