openstack
/
senlin
Code Issues Proposed changes

Adding certfile/keyfile to authentication 

construct tls connection through SDK the cert/key file
options will be used to construct the tls connection

Closes-Bug: 1909148
Change-Id: I7e905e9fe37a3357b41670eccb1094be5c29b865
This commit is contained in:
hamalq 2020-12-23 21:02:02 +00:00 committed by hamza
parent 5238a34c7d
commit bdd92b144f
4 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
senlin/conf/authentication.py
View File

@ -9,6 +9,7 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
from senlin.common.i18n import _
@ -37,6 +38,7 @@ AUTHENTICATION_OPTS = [
def register_opts(conf):
conf.register_group(AUTHENTICATION_GROUP)
conf.register_opts(AUTHENTICATION_OPTS, group=AUTHENTICATION_GROUP)
ks_loading.register_session_conf_options(cfg.CONF, 'authentication')
def list_opts():

7
senlin/drivers/os/keystone_v3.py
View File

@ -123,6 +123,13 @@ class KeystoneClient(base.DriverBase):
'verify': cfg.CONF.authentication.verify_ssl,
'interface': cfg.CONF.authentication.interface,
}
if cfg.CONF.authentication.certfile and \
cfg.CONF.authentication.keyfile:
creds['cert'] = cfg.CONF.authentication.certfile
creds['key'] = cfg.CONF.authentication.keyfile
if cfg.CONF.authentication.cafile:
creds['cacert'] = cfg.CONF.authentication.cafile
creds.update(**kwargs)
return creds

10
senlin/drivers/sdk.py
View File

@ -123,6 +123,16 @@ def create_connection(params=None):
except Exception as ex:
raise parse_exception(ex)
if cfg.CONF.authentication.certfile and \
cfg.CONF.authentication.keyfile:
conn.session.cert = (cfg.CONF.authentication.certfile,
cfg.CONF.authentication.keyfile)
if cfg.CONF.authentication.verify_ssl:
if cfg.CONF.authentication.cafile:
conn.session.verify = cfg.CONF.authentication.cafile
else:
conn.session.verify = cfg.CONF.authentication.verify_ssl
return conn

46
senlin/tests/unit/drivers/test_keystone_v3.py
View File

@ -175,6 +175,52 @@ class TestKeystoneV3(base.SenlinTestCase):
mock_auth.assert_called_once_with(key='value')
self.assertEqual('abc', user_id)
def test_get_service_credentials_with_tls(self, mock_create):
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',
group='authentication')
cfg.CONF.set_override('service_password', 'FAKE_PASSWORD',
group='authentication')
cfg.CONF.set_override('service_project_name', 'FAKE_PROJECT',
group='authentication')
cfg.CONF.set_override('service_user_domain', 'FAKE_DOMAIN_1',
group='authentication')
cfg.CONF.set_override('service_project_domain', 'FAKE_DOMAIN_2',
group='authentication')
cfg.CONF.set_override('interface', 'internal',
group='authentication')
cfg.CONF.set_override('cafile', '/fake/capath',
group='authentication')
cfg.CONF.set_override('certfile', '/fake/certpath',
group='authentication')
cfg.CONF.set_override('keyfile', '/fake/keypath',
group='authentication')
expected = {
'auth_url': 'FAKE_URL',
'username': 'FAKE_USERNAME',
'password': 'FAKE_PASSWORD',
'project_name': 'FAKE_PROJECT',
'user_domain_name': 'FAKE_DOMAIN_1',
'project_domain_name': 'FAKE_DOMAIN_2',
'interface': 'internal',
'cert': '/fake/certpath',
'key': '/fake/keypath',
'cacert': '/fake/capath',
'verify': True
}
actual = kv3.KeystoneClient.get_service_credentials()
self.assertEqual(expected, actual)
new_expected = copy.copy(expected)
new_expected['key1'] = 'value1'
new_expected['password'] = 'NEW_PASSWORD'
actual = kv3.KeystoneClient.get_service_credentials(
key1='value1', password='NEW_PASSWORD')
self.assertEqual(new_expected, actual)
def test_get_service_credentials(self, mock_create):
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',