Adding certfile/keyfile to authentication
construct tls connection through SDK the cert/key file options will be used to construct the tls connection Closes-Bug: 1909148 Change-Id: I7e905e9fe37a3357b41670eccb1094be5c29b865
This commit is contained in:
parent
5238a34c7d
commit
bdd92b144f
|
@ -9,6 +9,7 @@
|
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
from keystoneauth1 import loading as ks_loading
|
||||
from oslo_config import cfg
|
||||
|
||||
from senlin.common.i18n import _
|
||||
|
@ -37,6 +38,7 @@ AUTHENTICATION_OPTS = [
|
|||
def register_opts(conf):
|
||||
conf.register_group(AUTHENTICATION_GROUP)
|
||||
conf.register_opts(AUTHENTICATION_OPTS, group=AUTHENTICATION_GROUP)
|
||||
ks_loading.register_session_conf_options(cfg.CONF, 'authentication')
|
||||
|
||||
|
||||
def list_opts():
|
||||
|
|
|
@ -123,6 +123,13 @@ class KeystoneClient(base.DriverBase):
|
|||
'verify': cfg.CONF.authentication.verify_ssl,
|
||||
'interface': cfg.CONF.authentication.interface,
|
||||
}
|
||||
if cfg.CONF.authentication.certfile and \
|
||||
cfg.CONF.authentication.keyfile:
|
||||
creds['cert'] = cfg.CONF.authentication.certfile
|
||||
creds['key'] = cfg.CONF.authentication.keyfile
|
||||
if cfg.CONF.authentication.cafile:
|
||||
creds['cacert'] = cfg.CONF.authentication.cafile
|
||||
|
||||
creds.update(**kwargs)
|
||||
return creds
|
||||
|
||||
|
|
|
@ -123,6 +123,16 @@ def create_connection(params=None):
|
|||
except Exception as ex:
|
||||
raise parse_exception(ex)
|
||||
|
||||
if cfg.CONF.authentication.certfile and \
|
||||
cfg.CONF.authentication.keyfile:
|
||||
conn.session.cert = (cfg.CONF.authentication.certfile,
|
||||
cfg.CONF.authentication.keyfile)
|
||||
if cfg.CONF.authentication.verify_ssl:
|
||||
if cfg.CONF.authentication.cafile:
|
||||
conn.session.verify = cfg.CONF.authentication.cafile
|
||||
else:
|
||||
conn.session.verify = cfg.CONF.authentication.verify_ssl
|
||||
|
||||
return conn
|
||||
|
||||
|
||||
|
|
|
@ -175,6 +175,52 @@ class TestKeystoneV3(base.SenlinTestCase):
|
|||
mock_auth.assert_called_once_with(key='value')
|
||||
self.assertEqual('abc', user_id)
|
||||
|
||||
def test_get_service_credentials_with_tls(self, mock_create):
|
||||
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
|
||||
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('service_password', 'FAKE_PASSWORD',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('service_project_name', 'FAKE_PROJECT',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('service_user_domain', 'FAKE_DOMAIN_1',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('service_project_domain', 'FAKE_DOMAIN_2',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('interface', 'internal',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('cafile', '/fake/capath',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('certfile', '/fake/certpath',
|
||||
group='authentication')
|
||||
cfg.CONF.set_override('keyfile', '/fake/keypath',
|
||||
group='authentication')
|
||||
expected = {
|
||||
'auth_url': 'FAKE_URL',
|
||||
'username': 'FAKE_USERNAME',
|
||||
'password': 'FAKE_PASSWORD',
|
||||
'project_name': 'FAKE_PROJECT',
|
||||
'user_domain_name': 'FAKE_DOMAIN_1',
|
||||
'project_domain_name': 'FAKE_DOMAIN_2',
|
||||
'interface': 'internal',
|
||||
'cert': '/fake/certpath',
|
||||
'key': '/fake/keypath',
|
||||
'cacert': '/fake/capath',
|
||||
'verify': True
|
||||
}
|
||||
actual = kv3.KeystoneClient.get_service_credentials()
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
|
||||
new_expected = copy.copy(expected)
|
||||
new_expected['key1'] = 'value1'
|
||||
new_expected['password'] = 'NEW_PASSWORD'
|
||||
|
||||
actual = kv3.KeystoneClient.get_service_credentials(
|
||||
key1='value1', password='NEW_PASSWORD')
|
||||
|
||||
self.assertEqual(new_expected, actual)
|
||||
|
||||
def test_get_service_credentials(self, mock_create):
|
||||
cfg.CONF.set_override('auth_url', 'FAKE_URL', group='authentication')
|
||||
cfg.CONF.set_override('service_username', 'FAKE_USERNAME',
|
||||
|
|
Loading…
Reference in New Issue