Adds setting to disable SSL cert validation
* Breakout of prior large patchset. This patch only adds the configurability of SSL cert validation in all the clients. Change-Id: I48385eabd617d19705f3f2bff4820566547be56d
This commit is contained in:
parent
4aec86ffd8
commit
cd8eaec4fe
|
@ -7,6 +7,9 @@
|
|||
# custom Keystone service catalog implementation, you probably want to leave
|
||||
# this value as "identity"
|
||||
catalog_type = identity
|
||||
# Ignore SSL certificate validation failures? Use when in testing
|
||||
# environments that have self-signed SSL certs.
|
||||
disable_ssl_certificate_validation = False
|
||||
# Set to True if your test environment's Keystone authentication service should
|
||||
# be accessed over HTTPS
|
||||
use_ssl = False
|
||||
|
|
|
@ -103,7 +103,8 @@ class RestClient(object):
|
|||
params['headers'] = {'User-Agent': 'Test-Client', 'X-Auth-User': user,
|
||||
'X-Auth-Key': password}
|
||||
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
|
||||
resp, body = self.http_obj.request(auth_url, 'GET', **params)
|
||||
try:
|
||||
return resp['x-auth-token'], resp['x-server-management-url']
|
||||
|
@ -125,7 +126,8 @@ class RestClient(object):
|
|||
}
|
||||
}
|
||||
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
body = json.dumps(creds)
|
||||
resp, body = self.http_obj.request(auth_url, 'POST',
|
||||
|
@ -200,7 +202,8 @@ class RestClient(object):
|
|||
if (self.token is None) or (self.base_url is None):
|
||||
self._set_auth()
|
||||
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
|
||||
if headers is None:
|
||||
headers = {}
|
||||
headers['X-Auth-Token'] = self.token
|
||||
|
|
|
@ -31,6 +31,9 @@ IdentityGroup = [
|
|||
cfg.StrOpt('catalog_type',
|
||||
default='identity',
|
||||
help="Catalog type of the Identity service."),
|
||||
cfg.BoolOpt('disable_ssl_certificate_validation',
|
||||
default=False,
|
||||
help="Set to True if using self-signed SSL certificates."),
|
||||
cfg.StrOpt('host',
|
||||
default="127.0.0.1",
|
||||
help="Host IP for making Identity API requests."),
|
||||
|
|
|
@ -128,6 +128,7 @@ class DefaultClientManager(Manager):
|
|||
|
||||
# Novaclient adds a /tokens/ part to the auth URL automatically
|
||||
auth_url = self.config.identity.auth_url.rstrip('tokens')
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
|
||||
client_args = (username, password, tenant_name, auth_url)
|
||||
|
||||
|
@ -136,14 +137,17 @@ class DefaultClientManager(Manager):
|
|||
return novaclient.client.Client(self.NOVACLIENT_VERSION,
|
||||
*client_args,
|
||||
service_type=service_type,
|
||||
no_cache=True)
|
||||
no_cache=True,
|
||||
insecure=dscv)
|
||||
|
||||
def _get_image_client(self):
|
||||
keystone = self._get_identity_client()
|
||||
token = keystone.auth_token
|
||||
endpoint = keystone.service_catalog.url_for(service_type='image',
|
||||
endpoint_type='publicURL')
|
||||
return glanceclient.Client('1', endpoint=endpoint, token=token)
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
return glanceclient.Client('1', endpoint=endpoint, token=token,
|
||||
insecure=dscv)
|
||||
|
||||
def _get_identity_client(self, username=None, password=None,
|
||||
tenant_name=None):
|
||||
|
@ -163,11 +167,13 @@ class DefaultClientManager(Manager):
|
|||
raise exceptions.InvalidConfiguration(msg)
|
||||
|
||||
auth_url = self.config.identity.auth_url.rstrip('tokens')
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
|
||||
return keystoneclient.v2_0.client.Client(username=username,
|
||||
password=password,
|
||||
tenant_name=tenant_name,
|
||||
auth_url=auth_url)
|
||||
auth_url=auth_url,
|
||||
insecure=dscv)
|
||||
|
||||
def _get_network_client(self):
|
||||
# The intended configuration is for the network client to have
|
||||
|
@ -187,11 +193,13 @@ class DefaultClientManager(Manager):
|
|||
raise exceptions.InvalidConfiguration(msg)
|
||||
|
||||
auth_url = self.config.identity.auth_url.rstrip('tokens')
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
|
||||
return quantumclient.v2_0.client.Client(username=username,
|
||||
password=password,
|
||||
tenant_name=tenant_name,
|
||||
auth_url=auth_url)
|
||||
auth_url=auth_url,
|
||||
insecure=dscv)
|
||||
|
||||
|
||||
class ComputeFuzzClientManager(FuzzClientManager):
|
||||
|
|
|
@ -207,6 +207,7 @@ class TokenClientJSON(RestClient):
|
|||
|
||||
def __init__(self, config):
|
||||
self.auth_url = config.identity.auth_url
|
||||
self.config = config
|
||||
|
||||
def auth(self, user, password, tenant):
|
||||
creds = {
|
||||
|
@ -225,7 +226,8 @@ class TokenClientJSON(RestClient):
|
|||
|
||||
def request(self, method, url, headers=None, body=None):
|
||||
"""A simple HTTP request interface."""
|
||||
self.http_obj = httplib2.Http()
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
|
||||
if headers is None:
|
||||
headers = {}
|
||||
|
||||
|
|
|
@ -243,6 +243,7 @@ class TokenClientXML(RestClientXML):
|
|||
|
||||
def __init__(self, config):
|
||||
self.auth_url = config.identity.auth_url
|
||||
self.config = config
|
||||
|
||||
def auth(self, user, password, tenant):
|
||||
passwordCreds = Element("passwordCredentials",
|
||||
|
@ -257,7 +258,8 @@ class TokenClientXML(RestClientXML):
|
|||
|
||||
def request(self, method, url, headers=None, body=None):
|
||||
"""A simple HTTP request interface."""
|
||||
self.http_obj = httplib2.Http()
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
|
||||
if headers is None:
|
||||
headers = {}
|
||||
|
||||
|
|
|
@ -41,12 +41,15 @@ class Service(BaseService):
|
|||
import glanceclient
|
||||
import keystoneclient.v2_0.client
|
||||
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
|
||||
auth_url = self.config.identity.auth_url.rstrip('tokens')
|
||||
keystone = keystoneclient.v2_0.client.Client(
|
||||
username=config.images.username,
|
||||
password=config.images.password,
|
||||
tenant_name=config.images.tenant_name,
|
||||
auth_url=auth_url)
|
||||
auth_url=auth_url,
|
||||
insecure=dscv)
|
||||
token = keystone.auth_token
|
||||
endpoint = keystone.service_catalog.url_for(
|
||||
service_type='image',
|
||||
|
@ -54,7 +57,8 @@ class Service(BaseService):
|
|||
|
||||
self._client = glanceclient.Client('1',
|
||||
endpoint=endpoint,
|
||||
token=token)
|
||||
token=token,
|
||||
insecure=dscv)
|
||||
else:
|
||||
raise NotImplementedError
|
||||
|
||||
|
|
|
@ -133,7 +133,8 @@ class ObjectClientCustomizedHeader(RestClient):
|
|||
|
||||
def request(self, method, url, headers=None, body=None, wait=None):
|
||||
"""A simple HTTP request interface."""
|
||||
self.http_obj = httplib2.Http()
|
||||
dscv = self.config.identity.disable_ssl_certificate_validation
|
||||
self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
|
||||
if headers is None:
|
||||
headers = {}
|
||||
if self.base_url is None:
|
||||
|
|
Loading…
Reference in New Issue