Merge "Adding certfile/keyfile to authentication"
This commit is contained in:
commit
9cf16cc928
|
@ -9,6 +9,7 @@
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
from keystoneauth1 import loading as ks_loading
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
from senlin.common.i18n import _
|
from senlin.common.i18n import _
|
||||||
|
@ -37,6 +38,7 @@ AUTHENTICATION_OPTS = [
|
||||||
def register_opts(conf):
|
def register_opts(conf):
|
||||||
conf.register_group(AUTHENTICATION_GROUP)
|
conf.register_group(AUTHENTICATION_GROUP)
|
||||||
conf.register_opts(AUTHENTICATION_OPTS, group=AUTHENTICATION_GROUP)
|
conf.register_opts(AUTHENTICATION_OPTS, group=AUTHENTICATION_GROUP)
|
||||||
|
ks_loading.register_session_conf_options(cfg.CONF, 'authentication')
|
||||||
|
|
||||||
|
|
||||||
def list_opts():
|
def list_opts():
|
||||||
|
|
|
@ -123,6 +123,13 @@ class KeystoneClient(base.DriverBase):
|
||||||
'verify': cfg.CONF.authentication.verify_ssl,
|
'verify': cfg.CONF.authentication.verify_ssl,
|
||||||
'interface': cfg.CONF.authentication.interface,
|
'interface': cfg.CONF.authentication.interface,
|
||||||
}
|
}
|
||||||
|
if cfg.CONF.authentication.certfile and \
|
||||||
|
cfg.CONF.authentication.keyfile:
|
||||||
|
creds['cert'] = cfg.CONF.authentication.certfile
|
||||||
|
creds['key'] = cfg.CONF.authentication.keyfile
|
||||||
|
if cfg.CONF.authentication.cafile:
|
||||||
|
creds['cacert'] = cfg.CONF.authentication.cafile
|
||||||
|
|
||||||
creds.update(**kwargs)
|
creds.update(**kwargs)
|
||||||
return creds
|
return creds
|
||||||
|
|
||||||
|
|
|
@ -123,6 +123,16 @@ def create_connection(params=None):
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
raise parse_exception(ex)
|
raise parse_exception(ex)
|
||||||
|
|
||||||
|
if cfg.CONF.authentication.certfile and \
|
||||||
|
cfg.CONF.authentication.keyfile:
|
||||||
|
conn.session.cert = (cfg.CONF.authentication.certfile,
|
||||||
|
cfg.CONF.authentication.keyfile)
|
||||||
|
if cfg.CONF.authentication.verify_ssl:
|
||||||
|
if cfg.CONF.authentication.cafile:
|
||||||
|
conn.session.verify = cfg.CONF.authentication.cafile
|
||||||
|
else:
|
||||||
|
conn.session.verify = cfg.CONF.authentication.verify_ssl
|
||||||
|
|
||||||
return conn
|
return conn
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -175,6 +175,52 @@ class TestKeystoneV3(base.SenlinTestCase):
|
||||||
mock_auth.assert_called_once_with(key='value')
|
mock_auth.assert_called_once_with(key='value')
|
||||||
self.assertEqual('abc', user_id)
|
self.assertEqual('abc', user_id)
|
||||||
|
|
||||||
|
def test_get_service_credentials_with_tls(self, mock_create):
|
||||||
|
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
|
||||||
|
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('service_password', 'FAKE_PASSWORD',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('service_project_name', 'FAKE_PROJECT',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('service_user_domain', 'FAKE_DOMAIN_1',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('service_project_domain', 'FAKE_DOMAIN_2',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('interface', 'internal',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('cafile', '/fake/capath',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('certfile', '/fake/certpath',
|
||||||
|
group='authentication')
|
||||||
|
cfg.CONF.set_override('keyfile', '/fake/keypath',
|
||||||
|
group='authentication')
|
||||||
|
expected = {
|
||||||
|
'auth_url': 'FAKE_URL',
|
||||||
|
'username': 'FAKE_USERNAME',
|
||||||
|
'password': 'FAKE_PASSWORD',
|
||||||
|
'project_name': 'FAKE_PROJECT',
|
||||||
|
'user_domain_name': 'FAKE_DOMAIN_1',
|
||||||
|
'project_domain_name': 'FAKE_DOMAIN_2',
|
||||||
|
'interface': 'internal',
|
||||||
|
'cert': '/fake/certpath',
|
||||||
|
'key': '/fake/keypath',
|
||||||
|
'cacert': '/fake/capath',
|
||||||
|
'verify': True
|
||||||
|
}
|
||||||
|
actual = kv3.KeystoneClient.get_service_credentials()
|
||||||
|
|
||||||
|
self.assertEqual(expected, actual)
|
||||||
|
|
||||||
|
new_expected = copy.copy(expected)
|
||||||
|
new_expected['key1'] = 'value1'
|
||||||
|
new_expected['password'] = 'NEW_PASSWORD'
|
||||||
|
|
||||||
|
actual = kv3.KeystoneClient.get_service_credentials(
|
||||||
|
key1='value1', password='NEW_PASSWORD')
|
||||||
|
|
||||||
|
self.assertEqual(new_expected, actual)
|
||||||
|
|
||||||
def test_get_service_credentials(self, mock_create):
|
def test_get_service_credentials(self, mock_create):
|
||||||
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
|
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
|
||||||
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',
|
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',
|
||||||
|
|
Loading…
Reference in New Issue