Merge "honor api_insecure parameters"
This commit is contained in:
commit
840b794fe2
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- Fixed api_insecure handling in sessions. Closed bug 1539498.
|
|
@ -133,7 +133,6 @@ def list_opts():
|
||||||
from sahara.service.heat import heat_engine
|
from sahara.service.heat import heat_engine
|
||||||
from sahara.service.heat import templates
|
from sahara.service.heat import templates
|
||||||
from sahara.service import periodic
|
from sahara.service import periodic
|
||||||
from sahara.service import sessions
|
|
||||||
from sahara.swift import swift_helper
|
from sahara.swift import swift_helper
|
||||||
from sahara.utils import cluster_progress_ops as cpo
|
from sahara.utils import cluster_progress_ops as cpo
|
||||||
from sahara.utils.openstack import base
|
from sahara.utils.openstack import base
|
||||||
|
@ -164,7 +163,6 @@ def list_opts():
|
||||||
base.opts,
|
base.opts,
|
||||||
heat_engine.heat_engine_opts,
|
heat_engine.heat_engine_opts,
|
||||||
templates.heat_engine_opts,
|
templates.heat_engine_opts,
|
||||||
sessions.sessions_opts,
|
|
||||||
ssh_remote.ssh_config_options,
|
ssh_remote.ssh_config_options,
|
||||||
castellan.opts)),
|
castellan.opts)),
|
||||||
(poll_utils.timeouts.name,
|
(poll_utils.timeouts.name,
|
||||||
|
|
|
@ -25,21 +25,13 @@ from sahara.i18n import _LE
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
sessions_opts = [
|
|
||||||
cfg.BoolOpt(
|
|
||||||
'generic_session_verify', default=True,
|
|
||||||
help='Option to configure verification of a certificate for generic '
|
|
||||||
'sessions')
|
|
||||||
]
|
|
||||||
CONF.register_opts(sessions_opts)
|
|
||||||
|
|
||||||
_SESSION_CACHE = None
|
_SESSION_CACHE = None
|
||||||
|
|
||||||
SESSION_TYPE_CINDER = 'cinder'
|
SESSION_TYPE_CINDER = 'cinder'
|
||||||
SESSION_TYPE_GENERIC = 'generic'
|
|
||||||
SESSION_TYPE_KEYSTONE = 'keystone'
|
SESSION_TYPE_KEYSTONE = 'keystone'
|
||||||
SESSION_TYPE_NEUTRON = 'neutron'
|
SESSION_TYPE_NEUTRON = 'neutron'
|
||||||
SESSION_TYPE_NOVA = 'nova'
|
SESSION_TYPE_NOVA = 'nova'
|
||||||
|
SESSION_TYPE_INSECURE = 'insecure'
|
||||||
|
|
||||||
|
|
||||||
def cache():
|
def cache():
|
||||||
|
@ -66,10 +58,10 @@ class SessionCache(object):
|
||||||
self._sessions = {}
|
self._sessions = {}
|
||||||
self._session_funcs = {
|
self._session_funcs = {
|
||||||
SESSION_TYPE_CINDER: self.get_cinder_session,
|
SESSION_TYPE_CINDER: self.get_cinder_session,
|
||||||
SESSION_TYPE_GENERIC: self.get_generic_session,
|
|
||||||
SESSION_TYPE_KEYSTONE: self.get_keystone_session,
|
SESSION_TYPE_KEYSTONE: self.get_keystone_session,
|
||||||
SESSION_TYPE_NEUTRON: self.get_neutron_session,
|
SESSION_TYPE_NEUTRON: self.get_neutron_session,
|
||||||
SESSION_TYPE_NOVA: self.get_nova_session,
|
SESSION_TYPE_NOVA: self.get_nova_session,
|
||||||
|
SESSION_TYPE_INSECURE: self.get_insecure_session,
|
||||||
}
|
}
|
||||||
|
|
||||||
def _set_session(self, session_type, session):
|
def _set_session(self, session_type, session):
|
||||||
|
@ -81,10 +73,10 @@ class SessionCache(object):
|
||||||
'''
|
'''
|
||||||
self._sessions[session_type] = session
|
self._sessions[session_type] = session
|
||||||
|
|
||||||
def get_session(self, session_type=SESSION_TYPE_GENERIC):
|
def get_session(self, session_type=SESSION_TYPE_INSECURE):
|
||||||
'''Return a Session for the requested type
|
'''Return a Session for the requested type
|
||||||
|
|
||||||
:param session_type: the type of Session to get, if None a generic
|
:param session_type: the type of Session to get, if None an insecure
|
||||||
session will be returned.
|
session will be returned.
|
||||||
|
|
||||||
:raises SaharaException: if the requested session type is not
|
:raises SaharaException: if the requested session type is not
|
||||||
|
@ -101,57 +93,57 @@ class SessionCache(object):
|
||||||
_('Session type {type} not recognized').
|
_('Session type {type} not recognized').
|
||||||
format(type=session_type))
|
format(type=session_type))
|
||||||
|
|
||||||
|
def get_insecure_session(self):
|
||||||
|
session = self._sessions.get(SESSION_TYPE_INSECURE)
|
||||||
|
if not session:
|
||||||
|
session = keystone.Session(verify=False)
|
||||||
|
self._set_session(SESSION_TYPE_INSECURE, session)
|
||||||
|
return session
|
||||||
|
|
||||||
def get_cinder_session(self):
|
def get_cinder_session(self):
|
||||||
session = self._sessions.get(SESSION_TYPE_CINDER)
|
session = self._sessions.get(SESSION_TYPE_CINDER)
|
||||||
if not session:
|
if not session:
|
||||||
if CONF.cinder.ca_file:
|
if not CONF.cinder.api_insecure and CONF.cinder.ca_file:
|
||||||
session = keystone.Session(cert=CONF.cinder.ca_file,
|
session = keystone.Session(
|
||||||
verify=CONF.cinder.api_insecure)
|
cert=CONF.cinder.ca_file, verify=True)
|
||||||
else:
|
else:
|
||||||
session = self.get_generic_session()
|
session = self.get_insecure_session()
|
||||||
self._set_session(SESSION_TYPE_CINDER, session)
|
self._set_session(SESSION_TYPE_CINDER, session)
|
||||||
return session
|
return session
|
||||||
|
|
||||||
def get_generic_session(self):
|
|
||||||
session = self._sessions.get(SESSION_TYPE_GENERIC)
|
|
||||||
if not session:
|
|
||||||
session = keystone.Session(verify=CONF.generic_session_verify)
|
|
||||||
self._set_session(SESSION_TYPE_GENERIC, session)
|
|
||||||
return session
|
|
||||||
|
|
||||||
def get_keystone_session(self):
|
def get_keystone_session(self):
|
||||||
session = self._sessions.get(SESSION_TYPE_KEYSTONE)
|
session = self._sessions.get(SESSION_TYPE_KEYSTONE)
|
||||||
if not session:
|
if not session:
|
||||||
if CONF.keystone.ca_file:
|
if not CONF.keystone.api_insecure and CONF.keystone.ca_file:
|
||||||
session = keystone.Session(cert=CONF.keystone.ca_file,
|
session = keystone.Session(
|
||||||
verify=CONF.keystone.api_insecure)
|
cert=CONF.keystone.ca_file, verify=True)
|
||||||
else:
|
else:
|
||||||
session = self.get_generic_session()
|
session = self.get_insecure_session()
|
||||||
self._set_session(SESSION_TYPE_KEYSTONE, session)
|
self._set_session(SESSION_TYPE_KEYSTONE, session)
|
||||||
return session
|
return session
|
||||||
|
|
||||||
def get_neutron_session(self):
|
def get_neutron_session(self):
|
||||||
session = self._sessions.get(SESSION_TYPE_NEUTRON)
|
session = self._sessions.get(SESSION_TYPE_NEUTRON)
|
||||||
if not session:
|
if not session:
|
||||||
if CONF.neutron.ca_file:
|
if not CONF.neutron.api_insecure and CONF.neutron.ca_file:
|
||||||
session = keystone.Session(cert=CONF.neutron.ca_file,
|
session = keystone.Session(
|
||||||
verify=CONF.neutron.api_insecure)
|
cert=CONF.neutron.ca_file, verify=True)
|
||||||
else:
|
else:
|
||||||
session = self.get_generic_session()
|
session = self.get_insecure_session()
|
||||||
self._set_session(SESSION_TYPE_NEUTRON, session)
|
self._set_session(SESSION_TYPE_NEUTRON, session)
|
||||||
return session
|
return session
|
||||||
|
|
||||||
def get_nova_session(self):
|
def get_nova_session(self):
|
||||||
session = self._sessions.get(SESSION_TYPE_NOVA)
|
session = self._sessions.get(SESSION_TYPE_NOVA)
|
||||||
if not session:
|
if not session:
|
||||||
if CONF.nova.ca_file:
|
if not CONF.nova.api_insecure and CONF.nova.ca_file:
|
||||||
session = keystone.Session(cert=CONF.nova.ca_file,
|
session = keystone.Session(
|
||||||
verify=CONF.nova.api_insecure)
|
cert=CONF.nova.ca_file, verify=True)
|
||||||
else:
|
else:
|
||||||
session = self.get_generic_session()
|
session = self.get_insecure_session()
|
||||||
self._set_session(SESSION_TYPE_NOVA, session)
|
self._set_session(SESSION_TYPE_NOVA, session)
|
||||||
return session
|
return session
|
||||||
|
|
||||||
def token_for_auth(self, auth):
|
def token_for_auth(self, auth):
|
||||||
return self.get_generic_session().get_auth_headers(auth).get(
|
return self.get_keystone_session().get_auth_headers(auth).get(
|
||||||
'X-Auth-Token')
|
'X-Auth-Token')
|
||||||
|
|
|
@ -36,7 +36,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
def test_get_keystone_session(self, keystone_session):
|
def test_get_keystone_session(self, keystone_session):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
self.override_config('ca_file', '/some/cacert', group='keystone')
|
self.override_config('ca_file', '/some/cacert', group='keystone')
|
||||||
self.override_config('api_insecure', True, group='keystone')
|
self.override_config('api_insecure', False, group='keystone')
|
||||||
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
||||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||||
verify=True)
|
verify=True)
|
||||||
|
@ -44,9 +44,9 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
self.override_config('ca_file', None, group='keystone')
|
self.override_config('ca_file', None, group='keystone')
|
||||||
self.override_config('api_insecure', None, group='keystone')
|
self.override_config('api_insecure', True, group='keystone')
|
||||||
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
||||||
keystone_session.assert_called_once_with(verify=True)
|
keystone_session.assert_called_once_with(verify=False)
|
||||||
|
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
||||||
|
@ -56,7 +56,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
def test_get_nova_session(self, keystone_session):
|
def test_get_nova_session(self, keystone_session):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
self.override_config('ca_file', '/some/cacert', group='nova')
|
self.override_config('ca_file', '/some/cacert', group='nova')
|
||||||
self.override_config('api_insecure', True, group='nova')
|
self.override_config('api_insecure', False, group='nova')
|
||||||
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
||||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||||
verify=True)
|
verify=True)
|
||||||
|
@ -64,9 +64,9 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
self.override_config('ca_file', None, group='nova')
|
self.override_config('ca_file', None, group='nova')
|
||||||
self.override_config('api_insecure', None, group='nova')
|
self.override_config('api_insecure', True, group='nova')
|
||||||
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
||||||
keystone_session.assert_called_once_with(verify=True)
|
keystone_session.assert_called_once_with(verify=False)
|
||||||
|
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
||||||
|
@ -76,7 +76,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
def test_get_cinder_session(self, keystone_session):
|
def test_get_cinder_session(self, keystone_session):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
self.override_config('ca_file', '/some/cacert', group='cinder')
|
self.override_config('ca_file', '/some/cacert', group='cinder')
|
||||||
self.override_config('api_insecure', True, group='cinder')
|
self.override_config('api_insecure', False, group='cinder')
|
||||||
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
||||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||||
verify=True)
|
verify=True)
|
||||||
|
@ -84,9 +84,9 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
self.override_config('ca_file', None, group='cinder')
|
self.override_config('ca_file', None, group='cinder')
|
||||||
self.override_config('api_insecure', None, group='cinder')
|
self.override_config('api_insecure', True, group='cinder')
|
||||||
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
||||||
keystone_session.assert_called_once_with(verify=True)
|
keystone_session.assert_called_once_with(verify=False)
|
||||||
|
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
||||||
|
@ -96,7 +96,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
def test_get_neutron_session(self, keystone_session):
|
def test_get_neutron_session(self, keystone_session):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
self.override_config('ca_file', '/some/cacert', group='neutron')
|
self.override_config('ca_file', '/some/cacert', group='neutron')
|
||||||
self.override_config('api_insecure', True, group='neutron')
|
self.override_config('api_insecure', False, group='neutron')
|
||||||
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||||
verify=True)
|
verify=True)
|
||||||
|
@ -104,17 +104,16 @@ class TestSessionCache(base.SaharaTestCase):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
self.override_config('ca_file', None, group='neutron')
|
self.override_config('ca_file', None, group='neutron')
|
||||||
self.override_config('api_insecure', None, group='neutron')
|
self.override_config('api_insecure', True, group='neutron')
|
||||||
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||||
keystone_session.assert_called_once_with(verify=True)
|
keystone_session.assert_called_once_with(verify=False)
|
||||||
|
|
||||||
keystone_session.reset_mock()
|
keystone_session.reset_mock()
|
||||||
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||||
self.assertFalse(keystone_session.called)
|
self.assertFalse(keystone_session.called)
|
||||||
|
|
||||||
@mock.patch('keystoneclient.session.Session')
|
@mock.patch('keystoneclient.session.Session')
|
||||||
def test_generic_session_no_verify(self, session):
|
def test_insecure_session(self, session):
|
||||||
sc = sessions.SessionCache()
|
sc = sessions.SessionCache()
|
||||||
self.override_config('generic_session_verify', False)
|
sc.get_session(sessions.SESSION_TYPE_INSECURE)
|
||||||
sc.get_session(sessions.SESSION_TYPE_GENERIC)
|
|
||||||
session.assert_called_once_with(verify=False)
|
session.assert_called_once_with(verify=False)
|
||||||
|
|
Loading…
Reference in New Issue