diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample index 3cbe1b5bb1..d12da448ae 100644 --- a/etc/tempest.conf.sample +++ b/etc/tempest.conf.sample @@ -7,6 +7,9 @@ # custom Keystone service catalog implementation, you probably want to leave # this value as "identity" catalog_type = identity +# Ignore SSL certificate validation failures? Use when in testing +# environments that have self-signed SSL certs. +disable_ssl_certificate_validation = False # Set to True if your test environment's Keystone authentication service should # be accessed over HTTPS use_ssl = False diff --git a/tempest/common/rest_client.py b/tempest/common/rest_client.py index 287ef56493..7beef3fcd2 100644 --- a/tempest/common/rest_client.py +++ b/tempest/common/rest_client.py @@ -103,7 +103,8 @@ class RestClient(object): params['headers'] = {'User-Agent': 'Test-Client', 'X-Auth-User': user, 'X-Auth-Key': password} - self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True) + dscv = self.config.identity.disable_ssl_certificate_validation + self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) resp, body = self.http_obj.request(auth_url, 'GET', **params) try: return resp['x-auth-token'], resp['x-server-management-url'] @@ -125,7 +126,8 @@ class RestClient(object): } } - self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True) + dscv = self.config.identity.disable_ssl_certificate_validation + self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) headers = {'Content-Type': 'application/json'} body = json.dumps(creds) resp, body = self.http_obj.request(auth_url, 'POST', @@ -200,7 +202,8 @@ class RestClient(object): if (self.token is None) or (self.base_url is None): self._set_auth() - self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True) + dscv = self.config.identity.disable_ssl_certificate_validation + self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) if headers is None: headers = {} headers['X-Auth-Token'] = self.token diff --git a/tempest/config.py b/tempest/config.py index 8233dd5011..45e8bc4f79 100644 --- a/tempest/config.py +++ b/tempest/config.py @@ -31,6 +31,9 @@ IdentityGroup = [ cfg.StrOpt('catalog_type', default='identity', help="Catalog type of the Identity service."), + cfg.BoolOpt('disable_ssl_certificate_validation', + default=False, + help="Set to True if using self-signed SSL certificates."), cfg.StrOpt('host', default="127.0.0.1", help="Host IP for making Identity API requests."), diff --git a/tempest/manager.py b/tempest/manager.py index 513e5d9aaa..cfe8a5cb90 100644 --- a/tempest/manager.py +++ b/tempest/manager.py @@ -128,6 +128,7 @@ class DefaultClientManager(Manager): # Novaclient adds a /tokens/ part to the auth URL automatically auth_url = self.config.identity.auth_url.rstrip('tokens') + dscv = self.config.identity.disable_ssl_certificate_validation client_args = (username, password, tenant_name, auth_url) @@ -136,14 +137,17 @@ class DefaultClientManager(Manager): return novaclient.client.Client(self.NOVACLIENT_VERSION, *client_args, service_type=service_type, - no_cache=True) + no_cache=True, + insecure=dscv) def _get_image_client(self): keystone = self._get_identity_client() token = keystone.auth_token endpoint = keystone.service_catalog.url_for(service_type='image', endpoint_type='publicURL') - return glanceclient.Client('1', endpoint=endpoint, token=token) + dscv = self.config.identity.disable_ssl_certificate_validation + return glanceclient.Client('1', endpoint=endpoint, token=token, + insecure=dscv) def _get_identity_client(self, username=None, password=None, tenant_name=None): @@ -163,11 +167,13 @@ class DefaultClientManager(Manager): raise exceptions.InvalidConfiguration(msg) auth_url = self.config.identity.auth_url.rstrip('tokens') + dscv = self.config.identity.disable_ssl_certificate_validation return keystoneclient.v2_0.client.Client(username=username, password=password, tenant_name=tenant_name, - auth_url=auth_url) + auth_url=auth_url, + insecure=dscv) def _get_network_client(self): # The intended configuration is for the network client to have @@ -187,11 +193,13 @@ class DefaultClientManager(Manager): raise exceptions.InvalidConfiguration(msg) auth_url = self.config.identity.auth_url.rstrip('tokens') + dscv = self.config.identity.disable_ssl_certificate_validation return quantumclient.v2_0.client.Client(username=username, password=password, tenant_name=tenant_name, - auth_url=auth_url) + auth_url=auth_url, + insecure=dscv) class ComputeFuzzClientManager(FuzzClientManager): diff --git a/tempest/services/identity/json/admin_client.py b/tempest/services/identity/json/admin_client.py index c4e6c95d6b..a0da4cafdb 100644 --- a/tempest/services/identity/json/admin_client.py +++ b/tempest/services/identity/json/admin_client.py @@ -207,6 +207,7 @@ class TokenClientJSON(RestClient): def __init__(self, config): self.auth_url = config.identity.auth_url + self.config = config def auth(self, user, password, tenant): creds = { @@ -225,7 +226,8 @@ class TokenClientJSON(RestClient): def request(self, method, url, headers=None, body=None): """A simple HTTP request interface.""" - self.http_obj = httplib2.Http() + dscv = self.config.identity.disable_ssl_certificate_validation + self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) if headers is None: headers = {} diff --git a/tempest/services/identity/xml/admin_client.py b/tempest/services/identity/xml/admin_client.py index 60897e9a55..46a1255a9b 100644 --- a/tempest/services/identity/xml/admin_client.py +++ b/tempest/services/identity/xml/admin_client.py @@ -243,6 +243,7 @@ class TokenClientXML(RestClientXML): def __init__(self, config): self.auth_url = config.identity.auth_url + self.config = config def auth(self, user, password, tenant): passwordCreds = Element("passwordCredentials", @@ -257,7 +258,8 @@ class TokenClientXML(RestClientXML): def request(self, method, url, headers=None, body=None): """A simple HTTP request interface.""" - self.http_obj = httplib2.Http() + dscv = self.config.identity.disable_ssl_certificate_validation + self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) if headers is None: headers = {} diff --git a/tempest/services/image/service.py b/tempest/services/image/service.py index 154b5b8e89..3ffdd1030f 100644 --- a/tempest/services/image/service.py +++ b/tempest/services/image/service.py @@ -41,12 +41,15 @@ class Service(BaseService): import glanceclient import keystoneclient.v2_0.client + dscv = self.config.identity.disable_ssl_certificate_validation + auth_url = self.config.identity.auth_url.rstrip('tokens') keystone = keystoneclient.v2_0.client.Client( username=config.images.username, password=config.images.password, tenant_name=config.images.tenant_name, - auth_url=auth_url) + auth_url=auth_url, + insecure=dscv) token = keystone.auth_token endpoint = keystone.service_catalog.url_for( service_type='image', @@ -54,7 +57,8 @@ class Service(BaseService): self._client = glanceclient.Client('1', endpoint=endpoint, - token=token) + token=token, + insecure=dscv) else: raise NotImplementedError diff --git a/tempest/services/object_storage/object_client.py b/tempest/services/object_storage/object_client.py index b0f75d49c8..03cd209929 100644 --- a/tempest/services/object_storage/object_client.py +++ b/tempest/services/object_storage/object_client.py @@ -133,7 +133,8 @@ class ObjectClientCustomizedHeader(RestClient): def request(self, method, url, headers=None, body=None, wait=None): """A simple HTTP request interface.""" - self.http_obj = httplib2.Http() + dscv = self.config.identity.disable_ssl_certificate_validation + self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) if headers is None: headers = {} if self.base_url is None: