Enable trusted certificates support
A recent feature has been added, allowing users to specify trusted certificates (e.g. as barbican secret ids). The idea is to ensure that the certificates used to sign and validate the glance image are actually trusted by the user. In order to enable this feature within our driver, all we have to do is pass the trusted certificate ids (stored as an instance object attribute) to the method that fetches glance images. Blueprint: nova-validate-certificates Change-Id: Ic28f2b3ecf4ca92dcb7e9643c6e0d207d40b5287
This commit is contained in:
parent
767b700e18
commit
d4f1fa457a
|
@ -105,6 +105,7 @@ class HyperVDriver(driver.ComputeDriver):
|
|||
"supports_tagged_attach_volume": True,
|
||||
"supports_extend_volume": True,
|
||||
"supports_multiattach": False,
|
||||
"supports_trusted_certs": True,
|
||||
}
|
||||
|
||||
def __init__(self, virtapi):
|
||||
|
|
|
@ -121,7 +121,8 @@ class ImageCache(imagecache.ImageCacheManager):
|
|||
|
||||
if not image_path:
|
||||
try:
|
||||
images.fetch(context, image_id, base_image_path)
|
||||
images.fetch(context, image_id, base_image_path,
|
||||
instance.trusted_certs)
|
||||
if image_type == 'iso':
|
||||
format_ext = 'iso'
|
||||
else:
|
||||
|
|
|
@ -40,6 +40,7 @@ def fake_db_instance(**updates):
|
|||
'flavor': flavorinfo,
|
||||
'numa_topology': None,
|
||||
'vcpu_model': None,
|
||||
'trusted_certs': None,
|
||||
},
|
||||
'tags': [],
|
||||
'services': []
|
||||
|
|
|
@ -49,7 +49,9 @@ class ImageCacheTestCase(test_base.HyperVBaseTestCase):
|
|||
super(ImageCacheTestCase, self).setUp()
|
||||
|
||||
self.context = 'fake-context'
|
||||
self.instance = fake_instance.fake_instance_obj(self.context)
|
||||
self.instance = fake_instance.fake_instance_obj(
|
||||
self.context,
|
||||
expected_attrs=['trusted_certs'])
|
||||
|
||||
self.imagecache = imagecache.ImageCache()
|
||||
self.tmpdir = self.useFixture(fixtures.TempDir()).path
|
||||
|
@ -120,7 +122,8 @@ class ImageCacheTestCase(test_base.HyperVBaseTestCase):
|
|||
self.assertEqual(expected_image_path, result)
|
||||
|
||||
mock_fetch.assert_called_once_with(self.context, self.FAKE_IMAGE_REF,
|
||||
expected_path)
|
||||
expected_path,
|
||||
self.instance.trusted_certs)
|
||||
self.imagecache._vhdutils.get_vhd_format.assert_called_once_with(
|
||||
expected_path)
|
||||
self.imagecache._pathutils.rename.assert_called_once_with(
|
||||
|
@ -178,7 +181,8 @@ class ImageCacheTestCase(test_base.HyperVBaseTestCase):
|
|||
|
||||
mock_fetch.assert_called_once_with(self.context,
|
||||
fake_rescue_image_id,
|
||||
expected_path)
|
||||
expected_path,
|
||||
self.instance.trusted_certs)
|
||||
self.imagecache._vhdutils.get_vhd_info.assert_called_once_with(
|
||||
expected_vhd_path)
|
||||
|
||||
|
|
Loading…
Reference in New Issue