Merge "Verify https connections by default"
This commit is contained in:
commit
aaf593a193
|
@ -4,8 +4,9 @@
|
||||||
# override whatever is needed within the local sections.
|
# override whatever is needed within the local sections.
|
||||||
|
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
# The verify option is for SSL. If your SSL certificate is not
|
# Allow insecure TLS (https) requests.
|
||||||
# valid set this option to false else omit it or set it true.
|
# If your SSL certificate is not valid set this option to true,
|
||||||
|
# else omit it or set it false.
|
||||||
insecure = true
|
insecure = true
|
||||||
|
|
||||||
auth_url = https://127.0.0.1:5000/v3
|
auth_url = https://127.0.0.1:5000/v3
|
||||||
|
|
|
@ -30,6 +30,8 @@ except ImportError as e: # pragma: no cover
|
||||||
' Please install "python-openstacksdk".'
|
' Please install "python-openstacksdk".'
|
||||||
' ERROR: %s' % str(e))
|
' ERROR: %s' % str(e))
|
||||||
|
|
||||||
|
from distutils.util import strtobool
|
||||||
|
|
||||||
from monitorstack import utils
|
from monitorstack import utils
|
||||||
|
|
||||||
|
|
||||||
|
@ -43,7 +45,8 @@ class OpenStack(object):
|
||||||
:type os_auth_args: dict
|
:type os_auth_args: dict
|
||||||
"""
|
"""
|
||||||
self.os_auth_args = os_auth_args
|
self.os_auth_args = os_auth_args
|
||||||
self.verify = self.os_auth_args.get('insecure', True) is False
|
insecure = bool(strtobool(self.os_auth_args.get('insecure', 'False')))
|
||||||
|
self.verify = insecure is False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def conn(self):
|
def conn(self):
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
The default value of the ``insecure`` option is now `False`, which will
|
||||||
|
verify certificates of https connections.
|
|
@ -130,12 +130,20 @@ class MockedOpenStackConn(object):
|
||||||
|
|
||||||
class TestOSUtilsConnection(unittest.TestCase):
|
class TestOSUtilsConnection(unittest.TestCase):
|
||||||
"""Tests for the utilities."""
|
"""Tests for the utilities."""
|
||||||
|
def setUp(self):
|
||||||
|
"""Setup the test."""
|
||||||
|
# load the base class for these tests.
|
||||||
|
self.config = tests.unit.read_config()['keystone']
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
"""Tear down the test."""
|
||||||
|
pass
|
||||||
|
|
||||||
def test_conn(self):
|
def test_conn(self):
|
||||||
"""Test the OpenStack connection interface."""
|
"""Test the OpenStack connection interface."""
|
||||||
# load the base class for these tests.
|
# load the base class for these tests.
|
||||||
self.osu = os_utils.OpenStack(
|
self.osu = os_utils.OpenStack(
|
||||||
os_auth_args=tests.unit.read_config()['keystone']
|
os_auth_args=self.config
|
||||||
)
|
)
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
isinstance(
|
isinstance(
|
||||||
|
@ -144,6 +152,21 @@ class TestOSUtilsConnection(unittest.TestCase):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_insecure(self):
|
||||||
|
"""Test True insecure value."""
|
||||||
|
self.osu = os_utils.OpenStack(
|
||||||
|
os_auth_args=self.config
|
||||||
|
)
|
||||||
|
self.assertFalse(self.osu.verify)
|
||||||
|
|
||||||
|
def test_secure(self):
|
||||||
|
"""Test False insecure value."""
|
||||||
|
with mock.patch.dict(self.config, {'insecure': 'False'}):
|
||||||
|
self.osu = os_utils.OpenStack(
|
||||||
|
os_auth_args=self.config
|
||||||
|
)
|
||||||
|
self.assertTrue(self.osu.verify)
|
||||||
|
|
||||||
|
|
||||||
class TestOsUtils(unittest.TestCase):
|
class TestOsUtils(unittest.TestCase):
|
||||||
"""Tests for the utilities."""
|
"""Tests for the utilities."""
|
||||||
|
|
Loading…
Reference in New Issue