Merge "honor api_insecure parameters"
This commit is contained in:
commit
840b794fe2
3
releasenotes/notes/api-insecure-cbd4fd5da71b29a3.yaml
Normal file
3
releasenotes/notes/api-insecure-cbd4fd5da71b29a3.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
fixes:
|
||||
- Fixed api_insecure handling in sessions. Closed bug 1539498.
|
@ -133,7 +133,6 @@ def list_opts():
|
||||
from sahara.service.heat import heat_engine
|
||||
from sahara.service.heat import templates
|
||||
from sahara.service import periodic
|
||||
from sahara.service import sessions
|
||||
from sahara.swift import swift_helper
|
||||
from sahara.utils import cluster_progress_ops as cpo
|
||||
from sahara.utils.openstack import base
|
||||
@ -164,7 +163,6 @@ def list_opts():
|
||||
base.opts,
|
||||
heat_engine.heat_engine_opts,
|
||||
templates.heat_engine_opts,
|
||||
sessions.sessions_opts,
|
||||
ssh_remote.ssh_config_options,
|
||||
castellan.opts)),
|
||||
(poll_utils.timeouts.name,
|
||||
|
@ -25,21 +25,13 @@ from sahara.i18n import _LE
|
||||
CONF = cfg.CONF
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
sessions_opts = [
|
||||
cfg.BoolOpt(
|
||||
'generic_session_verify', default=True,
|
||||
help='Option to configure verification of a certificate for generic '
|
||||
'sessions')
|
||||
]
|
||||
CONF.register_opts(sessions_opts)
|
||||
|
||||
_SESSION_CACHE = None
|
||||
|
||||
SESSION_TYPE_CINDER = 'cinder'
|
||||
SESSION_TYPE_GENERIC = 'generic'
|
||||
SESSION_TYPE_KEYSTONE = 'keystone'
|
||||
SESSION_TYPE_NEUTRON = 'neutron'
|
||||
SESSION_TYPE_NOVA = 'nova'
|
||||
SESSION_TYPE_INSECURE = 'insecure'
|
||||
|
||||
|
||||
def cache():
|
||||
@ -66,10 +58,10 @@ class SessionCache(object):
|
||||
self._sessions = {}
|
||||
self._session_funcs = {
|
||||
SESSION_TYPE_CINDER: self.get_cinder_session,
|
||||
SESSION_TYPE_GENERIC: self.get_generic_session,
|
||||
SESSION_TYPE_KEYSTONE: self.get_keystone_session,
|
||||
SESSION_TYPE_NEUTRON: self.get_neutron_session,
|
||||
SESSION_TYPE_NOVA: self.get_nova_session,
|
||||
SESSION_TYPE_INSECURE: self.get_insecure_session,
|
||||
}
|
||||
|
||||
def _set_session(self, session_type, session):
|
||||
@ -81,10 +73,10 @@ class SessionCache(object):
|
||||
'''
|
||||
self._sessions[session_type] = session
|
||||
|
||||
def get_session(self, session_type=SESSION_TYPE_GENERIC):
|
||||
def get_session(self, session_type=SESSION_TYPE_INSECURE):
|
||||
'''Return a Session for the requested type
|
||||
|
||||
:param session_type: the type of Session to get, if None a generic
|
||||
:param session_type: the type of Session to get, if None an insecure
|
||||
session will be returned.
|
||||
|
||||
:raises SaharaException: if the requested session type is not
|
||||
@ -101,57 +93,57 @@ class SessionCache(object):
|
||||
_('Session type {type} not recognized').
|
||||
format(type=session_type))
|
||||
|
||||
def get_insecure_session(self):
|
||||
session = self._sessions.get(SESSION_TYPE_INSECURE)
|
||||
if not session:
|
||||
session = keystone.Session(verify=False)
|
||||
self._set_session(SESSION_TYPE_INSECURE, session)
|
||||
return session
|
||||
|
||||
def get_cinder_session(self):
|
||||
session = self._sessions.get(SESSION_TYPE_CINDER)
|
||||
if not session:
|
||||
if CONF.cinder.ca_file:
|
||||
session = keystone.Session(cert=CONF.cinder.ca_file,
|
||||
verify=CONF.cinder.api_insecure)
|
||||
if not CONF.cinder.api_insecure and CONF.cinder.ca_file:
|
||||
session = keystone.Session(
|
||||
cert=CONF.cinder.ca_file, verify=True)
|
||||
else:
|
||||
session = self.get_generic_session()
|
||||
session = self.get_insecure_session()
|
||||
self._set_session(SESSION_TYPE_CINDER, session)
|
||||
return session
|
||||
|
||||
def get_generic_session(self):
|
||||
session = self._sessions.get(SESSION_TYPE_GENERIC)
|
||||
if not session:
|
||||
session = keystone.Session(verify=CONF.generic_session_verify)
|
||||
self._set_session(SESSION_TYPE_GENERIC, session)
|
||||
return session
|
||||
|
||||
def get_keystone_session(self):
|
||||
session = self._sessions.get(SESSION_TYPE_KEYSTONE)
|
||||
if not session:
|
||||
if CONF.keystone.ca_file:
|
||||
session = keystone.Session(cert=CONF.keystone.ca_file,
|
||||
verify=CONF.keystone.api_insecure)
|
||||
if not CONF.keystone.api_insecure and CONF.keystone.ca_file:
|
||||
session = keystone.Session(
|
||||
cert=CONF.keystone.ca_file, verify=True)
|
||||
else:
|
||||
session = self.get_generic_session()
|
||||
session = self.get_insecure_session()
|
||||
self._set_session(SESSION_TYPE_KEYSTONE, session)
|
||||
return session
|
||||
|
||||
def get_neutron_session(self):
|
||||
session = self._sessions.get(SESSION_TYPE_NEUTRON)
|
||||
if not session:
|
||||
if CONF.neutron.ca_file:
|
||||
session = keystone.Session(cert=CONF.neutron.ca_file,
|
||||
verify=CONF.neutron.api_insecure)
|
||||
if not CONF.neutron.api_insecure and CONF.neutron.ca_file:
|
||||
session = keystone.Session(
|
||||
cert=CONF.neutron.ca_file, verify=True)
|
||||
else:
|
||||
session = self.get_generic_session()
|
||||
session = self.get_insecure_session()
|
||||
self._set_session(SESSION_TYPE_NEUTRON, session)
|
||||
return session
|
||||
|
||||
def get_nova_session(self):
|
||||
session = self._sessions.get(SESSION_TYPE_NOVA)
|
||||
if not session:
|
||||
if CONF.nova.ca_file:
|
||||
session = keystone.Session(cert=CONF.nova.ca_file,
|
||||
verify=CONF.nova.api_insecure)
|
||||
if not CONF.nova.api_insecure and CONF.nova.ca_file:
|
||||
session = keystone.Session(
|
||||
cert=CONF.nova.ca_file, verify=True)
|
||||
else:
|
||||
session = self.get_generic_session()
|
||||
session = self.get_insecure_session()
|
||||
self._set_session(SESSION_TYPE_NOVA, session)
|
||||
return session
|
||||
|
||||
def token_for_auth(self, auth):
|
||||
return self.get_generic_session().get_auth_headers(auth).get(
|
||||
return self.get_keystone_session().get_auth_headers(auth).get(
|
||||
'X-Auth-Token')
|
||||
|
@ -36,7 +36,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
def test_get_keystone_session(self, keystone_session):
|
||||
sc = sessions.SessionCache()
|
||||
self.override_config('ca_file', '/some/cacert', group='keystone')
|
||||
self.override_config('api_insecure', True, group='keystone')
|
||||
self.override_config('api_insecure', False, group='keystone')
|
||||
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||
verify=True)
|
||||
@ -44,9 +44,9 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
sc = sessions.SessionCache()
|
||||
keystone_session.reset_mock()
|
||||
self.override_config('ca_file', None, group='keystone')
|
||||
self.override_config('api_insecure', None, group='keystone')
|
||||
self.override_config('api_insecure', True, group='keystone')
|
||||
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
||||
keystone_session.assert_called_once_with(verify=True)
|
||||
keystone_session.assert_called_once_with(verify=False)
|
||||
|
||||
keystone_session.reset_mock()
|
||||
sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
|
||||
@ -56,7 +56,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
def test_get_nova_session(self, keystone_session):
|
||||
sc = sessions.SessionCache()
|
||||
self.override_config('ca_file', '/some/cacert', group='nova')
|
||||
self.override_config('api_insecure', True, group='nova')
|
||||
self.override_config('api_insecure', False, group='nova')
|
||||
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||
verify=True)
|
||||
@ -64,9 +64,9 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
sc = sessions.SessionCache()
|
||||
keystone_session.reset_mock()
|
||||
self.override_config('ca_file', None, group='nova')
|
||||
self.override_config('api_insecure', None, group='nova')
|
||||
self.override_config('api_insecure', True, group='nova')
|
||||
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
||||
keystone_session.assert_called_once_with(verify=True)
|
||||
keystone_session.assert_called_once_with(verify=False)
|
||||
|
||||
keystone_session.reset_mock()
|
||||
sc.get_session(sessions.SESSION_TYPE_NOVA)
|
||||
@ -76,7 +76,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
def test_get_cinder_session(self, keystone_session):
|
||||
sc = sessions.SessionCache()
|
||||
self.override_config('ca_file', '/some/cacert', group='cinder')
|
||||
self.override_config('api_insecure', True, group='cinder')
|
||||
self.override_config('api_insecure', False, group='cinder')
|
||||
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||
verify=True)
|
||||
@ -84,9 +84,9 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
sc = sessions.SessionCache()
|
||||
keystone_session.reset_mock()
|
||||
self.override_config('ca_file', None, group='cinder')
|
||||
self.override_config('api_insecure', None, group='cinder')
|
||||
self.override_config('api_insecure', True, group='cinder')
|
||||
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
||||
keystone_session.assert_called_once_with(verify=True)
|
||||
keystone_session.assert_called_once_with(verify=False)
|
||||
|
||||
keystone_session.reset_mock()
|
||||
sc.get_session(sessions.SESSION_TYPE_CINDER)
|
||||
@ -96,7 +96,7 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
def test_get_neutron_session(self, keystone_session):
|
||||
sc = sessions.SessionCache()
|
||||
self.override_config('ca_file', '/some/cacert', group='neutron')
|
||||
self.override_config('api_insecure', True, group='neutron')
|
||||
self.override_config('api_insecure', False, group='neutron')
|
||||
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||
keystone_session.assert_called_once_with(cert='/some/cacert',
|
||||
verify=True)
|
||||
@ -104,17 +104,16 @@ class TestSessionCache(base.SaharaTestCase):
|
||||
sc = sessions.SessionCache()
|
||||
keystone_session.reset_mock()
|
||||
self.override_config('ca_file', None, group='neutron')
|
||||
self.override_config('api_insecure', None, group='neutron')
|
||||
self.override_config('api_insecure', True, group='neutron')
|
||||
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||
keystone_session.assert_called_once_with(verify=True)
|
||||
keystone_session.assert_called_once_with(verify=False)
|
||||
|
||||
keystone_session.reset_mock()
|
||||
sc.get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||
self.assertFalse(keystone_session.called)
|
||||
|
||||
@mock.patch('keystoneclient.session.Session')
|
||||
def test_generic_session_no_verify(self, session):
|
||||
def test_insecure_session(self, session):
|
||||
sc = sessions.SessionCache()
|
||||
self.override_config('generic_session_verify', False)
|
||||
sc.get_session(sessions.SESSION_TYPE_GENERIC)
|
||||
sc.get_session(sessions.SESSION_TYPE_INSECURE)
|
||||
session.assert_called_once_with(verify=False)
|
||||
|
Loading…
Reference in New Issue
Block a user