Browse Source

Merge "Verify https connections by default"

Jenkins 1 year ago
parent
commit
aaf593a193

+ 3
- 2
etc/openstack.ini View File

@@ -4,8 +4,9 @@
4 4
 #  override whatever is needed within the local sections.
5 5
 
6 6
 [DEFAULT]
7
-# The verify option is for SSL. If your SSL certificate is not
8
-#  valid set this option to false else omit it or set it true.
7
+# Allow insecure TLS (https) requests.
8
+#   If your SSL certificate is not valid set this option to true,
9
+#   else omit it or set it false.
9 10
 insecure = true
10 11
 
11 12
 auth_url = https://127.0.0.1:5000/v3

+ 4
- 1
monitorstack/utils/os_utils.py View File

@@ -30,6 +30,8 @@ except ImportError as e:  # pragma: no cover
30 30
                      ' Please install "python-openstacksdk".'
31 31
                      ' ERROR: %s' % str(e))
32 32
 
33
+from distutils.util import strtobool
34
+
33 35
 from monitorstack import utils
34 36
 
35 37
 
@@ -43,7 +45,8 @@ class OpenStack(object):
43 45
         :type os_auth_args: dict
44 46
         """
45 47
         self.os_auth_args = os_auth_args
46
-        self.verify = self.os_auth_args.get('insecure', True) is False
48
+        insecure = bool(strtobool(self.os_auth_args.get('insecure', 'False')))
49
+        self.verify = insecure is False
47 50
 
48 51
     @property
49 52
     def conn(self):

+ 5
- 0
releasenotes/notes/default-verify-value-fcba6bc554b9768e.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+security:
3
+  - |
4
+    The default value of the ``insecure`` option is now `False`, which will
5
+    verify certificates of https connections.

+ 24
- 1
tests/unit/test_os_utils.py View File

@@ -130,12 +130,20 @@ class MockedOpenStackConn(object):
130 130
 
131 131
 class TestOSUtilsConnection(unittest.TestCase):
132 132
     """Tests for the utilities."""
133
+    def setUp(self):
134
+        """Setup the test."""
135
+        # load the base class for these tests.
136
+        self.config = tests.unit.read_config()['keystone']
137
+
138
+    def tearDown(self):
139
+        """Tear down the test."""
140
+        pass
133 141
 
134 142
     def test_conn(self):
135 143
         """Test the OpenStack connection interface."""
136 144
         # load the base class for these tests.
137 145
         self.osu = os_utils.OpenStack(
138
-            os_auth_args=tests.unit.read_config()['keystone']
146
+            os_auth_args=self.config
139 147
         )
140 148
         self.assertTrue(
141 149
             isinstance(
@@ -144,6 +152,21 @@ class TestOSUtilsConnection(unittest.TestCase):
144 152
             )
145 153
         )
146 154
 
155
+    def test_insecure(self):
156
+        """Test True insecure value."""
157
+        self.osu = os_utils.OpenStack(
158
+            os_auth_args=self.config
159
+        )
160
+        self.assertFalse(self.osu.verify)
161
+
162
+    def test_secure(self):
163
+        """Test False insecure value."""
164
+        with mock.patch.dict(self.config, {'insecure': 'False'}):
165
+            self.osu = os_utils.OpenStack(
166
+                os_auth_args=self.config
167
+            )
168
+            self.assertTrue(self.osu.verify)
169
+
147 170
 
148 171
 class TestOsUtils(unittest.TestCase):
149 172
     """Tests for the utilities."""

Loading…
Cancel
Save