openstack/tacker
Code Issues Proposed changes

Merge "Fix to enable NovaClient to use TLS verification"

Browse Source
This commit is contained in:
Zuul 2024-09-11 00:43:25 +00:00 committed by Gerrit Code Review
commit e1dcc503f8
3 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tacker/sol_refactored/common/config.py
View File

@ -134,7 +134,15 @@ VNFM_OPTS = [
cfg.StrOpt('tf_file_dir',
default='/var/lib/tacker/terraform',
help=_('Temporary directory for Terraform infra-driver to '
'store terraform config files'))
'store terraform config files')),
cfg.BoolOpt('nova_verify_cert',
default=False,
help=_('Enable certificate verification during SSL/TLS '
'communication to nova server.')),
cfg.StrOpt('nova_ca_cert_file',
default='',
help=_('Specifies the root CA certificate to use when the '
'nova_verify_cert option is True.'))
]
CONF.register_opts(VNFM_OPTS, 'v2_vnfm')

9
tacker/sol_refactored/infra_drivers/openstack/nova_utils.py
View File

@ -15,22 +15,29 @@
from oslo_log import log as logging
from tacker.sol_refactored.common import config
from tacker.sol_refactored.common import http_client
LOG = logging.getLogger(__name__)
CONF = config.CONF
class NovaClient(object):
def __init__(self, vim_info):
verify = CONF.v2_vnfm.nova_verify_cert
if verify and CONF.v2_vnfm.nova_ca_cert_file:
verify = CONF.v2_vnfm.nova_ca_cert_file
auth = http_client.KeystonePasswordAuthHandle(
auth_url=vim_info.interfaceInfo['endpoint'],
username=vim_info.accessInfo['username'],
password=vim_info.accessInfo['password'],
project_name=vim_info.accessInfo['project'],
user_domain_name=vim_info.accessInfo['userDomain'],
project_domain_name=vim_info.accessInfo['projectDomain']
project_domain_name=vim_info.accessInfo['projectDomain'],
verify=verify
)
self.client = http_client.HttpClient(auth,
service_type='compute')

44
tacker/tests/unit/sol_refactored/infra_drivers/openstack/test_openstack.py
View File

@ -24,6 +24,7 @@ from tacker import context
from tacker.sol_refactored.common import config
from tacker.sol_refactored.common import exceptions as sol_ex
from tacker.sol_refactored.common import vnfd_utils
from tacker.sol_refactored.infra_drivers.openstack import nova_utils
from tacker.sol_refactored.infra_drivers.openstack import openstack
from tacker.sol_refactored import objects
from tacker.sol_refactored.objects.v2 import fields
@ -4758,3 +4759,46 @@ class TestOpenstack(base.BaseTestCase):
# execute
result = self.driver._get_additional_vdu_id(grant_req, inst)
self.assertEqual({'VDU1-1', 'VDU1-2'}, result)
def test_nova_utils_init_no_verify(self):
"""Test in case `verify` is False.
`verify` is False when not specifying `nova_verify_cert` and
`nova_ca_cert_file`.
"""
vim_info = objects.VimConnectionInfo.from_dict(
_vim_connection_info_example)
nova_client = nova_utils.NovaClient(vim_info)
verify = nova_client.client.auth_handle.verify
self.assertEqual(False, verify)
def test_nova_utils_init_verify(self):
"""Test in case `verify` is ca_cert path.
`verify` is ca_cert path when specifying `nova_verify_cert` and
`nova_ca_cert_file`.
"""
CONF.v2_vnfm.nova_verify_cert = True
ca_cert_path = 'ca_cert_path'
CONF.v2_vnfm.nova_ca_cert_file = ca_cert_path
vim_info = objects.VimConnectionInfo.from_dict(
_vim_connection_info_example)
nova_client = nova_utils.NovaClient(vim_info)
verify = nova_client.client.auth_handle.verify
self.assertEqual(ca_cert_path, verify)
def test_nova_utils_init_verify_no_ca_cert_file(self):
"""Test in case `verify` is True.
`verify` is True when specifying `nova_verify_cert` but
not specifying `nova_ca_cert_file`.
"""
CONF.v2_vnfm.nova_verify_cert = True
CONF.v2_vnfm.nova_ca_cert_file = ''
vim_info = objects.VimConnectionInfo.from_dict(
_vim_connection_info_example)
nova_client = nova_utils.NovaClient(vim_info)
verify = nova_client.client.auth_handle.verify
self.assertEqual(True, verify)