openstack
/
sahara
Code Issues Proposed changes

Merge "honor api_insecure parameters"

This commit is contained in:
Jenkins 2016-02-29 13:59:17 +00:00 committed by Gerrit Code Review
parent 491c03d885 c1d3149c1e
commit 840b794fe2
4 changed files with 45 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
releasenotes/notes/api-insecure-cbd4fd5da71b29a3.yaml Normal file
View File

@ -0,0 +1,3 @@
---
fixes:
- Fixed api_insecure handling in sessions. Closed bug 1539498.

2
sahara/config.py
View File

@ -133,7 +133,6 @@ def list_opts():
from sahara.service.heat import heat_engine
from sahara.service.heat import templates
from sahara.service import periodic
from sahara.service import sessions
from sahara.swift import swift_helper
from sahara.utils import cluster_progress_ops as cpo
from sahara.utils.openstack import base
@ -164,7 +163,6 @@ def list_opts():
base.opts,
heat_engine.heat_engine_opts,
templates.heat_engine_opts,
sessions.sessions_opts,
ssh_remote.ssh_config_options,
castellan.opts)),
(poll_utils.timeouts.name,

64
sahara/service/sessions.py
View File

@ -25,21 +25,13 @@ from sahara.i18n import _LE
CONF = cfg.CONF
LOG = logging.getLogger(__name__)
sessions_opts = [
cfg.BoolOpt(
'generic_session_verify', default=True,
help='Option to configure verification of a certificate for generic '
'sessions')
]
CONF.register_opts(sessions_opts)
_SESSION_CACHE = None
SESSION_TYPE_CINDER = 'cinder'
SESSION_TYPE_GENERIC = 'generic'
SESSION_TYPE_KEYSTONE = 'keystone'
SESSION_TYPE_NEUTRON = 'neutron'
SESSION_TYPE_NOVA = 'nova'
SESSION_TYPE_INSECURE = 'insecure'
def cache():
@ -66,10 +58,10 @@ class SessionCache(object):
self._sessions = {}
self._session_funcs = {
SESSION_TYPE_CINDER: self.get_cinder_session,
SESSION_TYPE_GENERIC: self.get_generic_session,
SESSION_TYPE_KEYSTONE: self.get_keystone_session,
SESSION_TYPE_NEUTRON: self.get_neutron_session,
SESSION_TYPE_NOVA: self.get_nova_session,
SESSION_TYPE_INSECURE: self.get_insecure_session,
}
def _set_session(self, session_type, session):
@ -81,10 +73,10 @@ class SessionCache(object):
'''
self._sessions[session_type] = session
def get_session(self, session_type=SESSION_TYPE_GENERIC):
def get_session(self, session_type=SESSION_TYPE_INSECURE):
'''Return a Session for the requested type
:param session_type: the type of Session to get, if None a generic
:param session_type: the type of Session to get, if None an insecure
session will be returned.
:raises SaharaException: if the requested session type is not
@ -101,57 +93,57 @@ class SessionCache(object):
_('Session type {type} not recognized').
format(type=session_type))
def get_insecure_session(self):
session = self._sessions.get(SESSION_TYPE_INSECURE)
if not session:
session = keystone.Session(verify=False)
self._set_session(SESSION_TYPE_INSECURE, session)
return session
def get_cinder_session(self):
session = self._sessions.get(SESSION_TYPE_CINDER)
if not session:
if CONF.cinder.ca_file:
session = keystone.Session(cert=CONF.cinder.ca_file,
verify=CONF.cinder.api_insecure)
if not CONF.cinder.api_insecure and CONF.cinder.ca_file:
session = keystone.Session(
cert=CONF.cinder.ca_file, verify=True)
else:
session = self.get_generic_session()
session = self.get_insecure_session()
self._set_session(SESSION_TYPE_CINDER, session)
return session
def get_generic_session(self):
session = self._sessions.get(SESSION_TYPE_GENERIC)
if not session:
session = keystone.Session(verify=CONF.generic_session_verify)
self._set_session(SESSION_TYPE_GENERIC, session)
return session
def get_keystone_session(self):
session = self._sessions.get(SESSION_TYPE_KEYSTONE)
if not session:
if CONF.keystone.ca_file:
session = keystone.Session(cert=CONF.keystone.ca_file,
verify=CONF.keystone.api_insecure)
if not CONF.keystone.api_insecure and CONF.keystone.ca_file:
session = keystone.Session(
cert=CONF.keystone.ca_file, verify=True)
else:
session = self.get_generic_session()
session = self.get_insecure_session()
self._set_session(SESSION_TYPE_KEYSTONE, session)
return session
def get_neutron_session(self):
session = self._sessions.get(SESSION_TYPE_NEUTRON)
if not session:
if CONF.neutron.ca_file:
session = keystone.Session(cert=CONF.neutron.ca_file,
verify=CONF.neutron.api_insecure)
if not CONF.neutron.api_insecure and CONF.neutron.ca_file:
session = keystone.Session(
cert=CONF.neutron.ca_file, verify=True)
else:
session = self.get_generic_session()
session = self.get_insecure_session()
self._set_session(SESSION_TYPE_NEUTRON, session)
return session
def get_nova_session(self):
session = self._sessions.get(SESSION_TYPE_NOVA)
if not session:
if CONF.nova.ca_file:
session = keystone.Session(cert=CONF.nova.ca_file,
verify=CONF.nova.api_insecure)
if not CONF.nova.api_insecure and CONF.nova.ca_file:
session = keystone.Session(
cert=CONF.nova.ca_file, verify=True)
else:
session = self.get_generic_session()
session = self.get_insecure_session()
self._set_session(SESSION_TYPE_NOVA, session)
return session
def token_for_auth(self, auth):
return self.get_generic_session().get_auth_headers(auth).get(
return self.get_keystone_session().get_auth_headers(auth).get(
'X-Auth-Token')

29
sahara/tests/unit/service/test_sessions.py
View File

@ -36,7 +36,7 @@ class TestSessionCache(base.SaharaTestCase):
def test_get_keystone_session(self, keystone_session):
sc = sessions.SessionCache()
self.override_config('ca_file', '/some/cacert', group='keystone')
self.override_config('api_insecure', True, group='keystone')
self.override_config('api_insecure', False, group='keystone')
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
keystone_session.assert_called_once_with(cert='/some/cacert',
verify=True)
@ -44,9 +44,9 @@ class TestSessionCache(base.SaharaTestCase):
sc = sessions.SessionCache()
keystone_session.reset_mock()
self.override_config('ca_file', None, group='keystone')
self.override_config('api_insecure', None, group='keystone')
self.override_config('api_insecure', True, group='keystone')
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
keystone_session.assert_called_once_with(verify=True)
keystone_session.assert_called_once_with(verify=False)
keystone_session.reset_mock()
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
@ -56,7 +56,7 @@ class TestSessionCache(base.SaharaTestCase):
def test_get_nova_session(self, keystone_session):
sc = sessions.SessionCache()
self.override_config('ca_file', '/some/cacert', group='nova')
self.override_config('api_insecure', True, group='nova')
self.override_config('api_insecure', False, group='nova')
sc.get_session(sessions.SESSION_TYPE_NOVA)
keystone_session.assert_called_once_with(cert='/some/cacert',
verify=True)
@ -64,9 +64,9 @@ class TestSessionCache(base.SaharaTestCase):
sc = sessions.SessionCache()
keystone_session.reset_mock()
self.override_config('ca_file', None, group='nova')
self.override_config('api_insecure', None, group='nova')
self.override_config('api_insecure', True, group='nova')
sc.get_session(sessions.SESSION_TYPE_NOVA)
keystone_session.assert_called_once_with(verify=True)
keystone_session.assert_called_once_with(verify=False)
keystone_session.reset_mock()
sc.get_session(sessions.SESSION_TYPE_NOVA)
@ -76,7 +76,7 @@ class TestSessionCache(base.SaharaTestCase):
def test_get_cinder_session(self, keystone_session):
sc = sessions.SessionCache()
self.override_config('ca_file', '/some/cacert', group='cinder')
self.override_config('api_insecure', True, group='cinder')
self.override_config('api_insecure', False, group='cinder')
sc.get_session(sessions.SESSION_TYPE_CINDER)
keystone_session.assert_called_once_with(cert='/some/cacert',
verify=True)
@ -84,9 +84,9 @@ class TestSessionCache(base.SaharaTestCase):
sc = sessions.SessionCache()
keystone_session.reset_mock()
self.override_config('ca_file', None, group='cinder')
self.override_config('api_insecure', None, group='cinder')
self.override_config('api_insecure', True, group='cinder')
sc.get_session(sessions.SESSION_TYPE_CINDER)
keystone_session.assert_called_once_with(verify=True)
keystone_session.assert_called_once_with(verify=False)
keystone_session.reset_mock()
sc.get_session(sessions.SESSION_TYPE_CINDER)
@ -96,7 +96,7 @@ class TestSessionCache(base.SaharaTestCase):
def test_get_neutron_session(self, keystone_session):
sc = sessions.SessionCache()
self.override_config('ca_file', '/some/cacert', group='neutron')
self.override_config('api_insecure', True, group='neutron')
self.override_config('api_insecure', False, group='neutron')
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
keystone_session.assert_called_once_with(cert='/some/cacert',
verify=True)
@ -104,17 +104,16 @@ class TestSessionCache(base.SaharaTestCase):
sc = sessions.SessionCache()
keystone_session.reset_mock()
self.override_config('ca_file', None, group='neutron')
self.override_config('api_insecure', None, group='neutron')
self.override_config('api_insecure', True, group='neutron')
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
keystone_session.assert_called_once_with(verify=True)
keystone_session.assert_called_once_with(verify=False)
keystone_session.reset_mock()
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
self.assertFalse(keystone_session.called)
@mock.patch('keystoneclient.session.Session')
def test_generic_session_no_verify(self, session):
def test_insecure_session(self, session):
sc = sessions.SessionCache()
self.override_config('generic_session_verify', False)
sc.get_session(sessions.SESSION_TYPE_GENERIC)
sc.get_session(sessions.SESSION_TYPE_INSECURE)
session.assert_called_once_with(verify=False)