Merge pull request #246 from Cerberus98/master

RM9898

quark/security_groups/redis_client.py

@@ -44,7 +44,19 @@ quark_opts = [
                        "sentinel hosts")),
     cfg.StrOpt("redis_sentinel_master",
                default='',
-               help=_("The name label of the master redis sentinel"))]
+               help=_("The name label of the master redis sentinel")),
+    cfg.BoolOpt("redis_use_ssl",
+                default=False,
+                help=_("Configures whether or not to use SSL")),
+    cfg.StrOpt("redis_ssl_certfile",
+               default='',
+               help=_("Path to the SSL cert")),
+    cfg.StrOpt("redis_ssl_keyfile",
+               default='',
+               help=_("Path to the SSL keyfile")),
+    cfg.StrOpt("redis_ssl_ca_certs",
+               default='',
+               help=_("Path to the SSL CA certs"))]
 
 CONF.register_opts(quark_opts, "QUARK")
 
@@ -60,7 +72,17 @@ class Client(object):
         try:
             if CONF.QUARK.redis_use_sentinels:
                 host, port = self._discover_master_sentinel()
-            self._client = redis.Redis(host=host, port=port)
+
+            kwargs = {"host": host, "port": port}
+            if CONF.QUARK.redis_use_ssl:
+                kwargs["ssl"] = True
+                if CONF.QUARK.redis_ssl_certfile:
+                    kwargs["ssl_certfile"] = CONF.QUARK.redis_ssl_certfile
+                    kwargs["ssl_cert_reqs"] = "required"
+                    kwargs["ssl_ca_certs"] = CONF.QUARK.redis_ssl_ca_certs
+                    kwargs["ssl_keyfile"] = CONF.QUARK.redis_ssl_keyfile
+
+            self._client = redis.StrictRedis(**kwargs)
         except redis.ConnectionError as e:
             LOG.exception(e)
             raise q_exc.SecurityGroupsCouldNotBeApplied()

quark/tests/security_groups/test_redis_client.py

@@ -33,7 +33,7 @@ class TestRedisSerialization(test_base.TestBase):
     def setUp(self):
         super(TestRedisSerialization, self).setUp()
 
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_redis_key(self, redis):
         client = redis_client.Client()
         device_id = str(uuid.uuid4())
@@ -44,7 +44,7 @@ class TestRedisSerialization(test_base.TestBase):
         self.assertEqual(expected, redis_key)
 
     @mock.patch("quark.security_groups.redis_client.Client.rule_key")
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_apply_rules(self, rule_key, redis):
         client = redis_client.Client()
         port_id = 1
@@ -54,7 +54,7 @@ class TestRedisSerialization(test_base.TestBase):
 
     def test_client_connection_fails_gracefully(self):
         conn_err = redis.ConnectionError
-        with mock.patch("redis.Redis") as redis_mock:
+        with mock.patch("redis.StrictRedis") as redis_mock:
             redis_mock.side_effect = conn_err
             with self.assertRaises(q_exc.SecurityGroupsCouldNotBeApplied):
                 redis_client.Client()
@@ -63,12 +63,12 @@ class TestRedisSerialization(test_base.TestBase):
         port_id = 1
         mac_address = netaddr.EUI("AA:BB:CC:DD:EE:FF")
         conn_err = redis.ConnectionError
-        with mock.patch("redis.Redis") as redis_mock:
+        with mock.patch("redis.StrictRedis") as redis_mock:
             client = redis_client.Client()
             redis_mock.set.side_effect = conn_err
             client.apply_rules(port_id, mac_address.value, [])
 
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_serialize_group_no_rules(self, redis):
         client = redis_client.Client()
         group = models.SecurityGroup()
@@ -76,7 +76,7 @@ class TestRedisSerialization(test_base.TestBase):
         self.assertTrue(payload.get("id") is not None)
         self.assertEqual([], payload.get("rules"))
 
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_serialize_group_with_rules(self, redis):
         rule_dict = {"ethertype": 0x800, "protocol": 6, "port_range_min": 80,
                      "port_range_max": 443, "direction": "ingress"}
@@ -98,7 +98,7 @@ class TestRedisSerialization(test_base.TestBase):
         self.assertEqual("", rule["source network"])
         self.assertEqual("", rule["destination network"])
 
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_serialize_group_with_rules_and_remote_network(self, redis):
         rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "ingress",
                      "remote_ip_prefix": "192.168.0.0/24"}
@@ -120,7 +120,7 @@ class TestRedisSerialization(test_base.TestBase):
         self.assertEqual("::ffff:192.168.0.0/120", rule["source network"])
         self.assertEqual("", rule["destination network"])
 
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_serialize_group_egress_rules(self, redis):
         rule_dict = {"ethertype": 0x800, "protocol": 1,
                      "direction": "egress",
@@ -159,7 +159,7 @@ class TestRedisSentinelConnection(test_base.TestBase):
         CONF.set_override("redis_sentinel_master", '', "QUARK")
 
     @mock.patch("redis.sentinel.Sentinel.discover_master")
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_sentinel_connection(self, redis, discover_master):
         host = "127.0.0.1"
         port = 6379
@@ -173,7 +173,7 @@ class TestRedisSentinelConnection(test_base.TestBase):
             redis.assert_called_with(host=host, port=port)
 
     @mock.patch("redis.sentinel.Sentinel.discover_master")
-    @mock.patch("quark.security_groups.redis_client.redis.Redis")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
     def test_sentinel_connection_bad_format_raises(self, redis,
                                                    discover_master):
         sentinels = ""
@@ -182,3 +182,37 @@ class TestRedisSentinelConnection(test_base.TestBase):
         with self._stubs(True, sentinels, master_label):
             with self.assertRaises(TypeError):
                 redis_client.Client()
+
+
+class TestRedisSSHConnection(test_base.TestBase):
+    def setUp(self):
+        super(TestRedisSSHConnection, self).setUp()
+
+    @contextlib.contextmanager
+    def _stubs(self, use_sentinels, sentinels, master_label):
+        CONF.set_override("redis_use_ssl", True, "QUARK")
+        CONF.set_override("redis_ssl_certfile", 'my.cert', "QUARK")
+        CONF.set_override("redis_ssl_ca_certs", 'server.cert', "QUARK")
+        CONF.set_override("redis_ssl_keyfile", 'keyfile', "QUARK")
+        yield
+        CONF.set_override("redis_ssl_keyfile", '', "QUARK")
+        CONF.set_override("redis_ssl_ca_certs", '', "QUARK")
+        CONF.set_override("redis_ssl_certfile", '', "QUARK")
+        CONF.set_override("redis_use_ssl", False, "QUARK")
+
+    @mock.patch("redis.sentinel.Sentinel.discover_master")
+    @mock.patch("quark.security_groups.redis_client.redis.StrictRedis")
+    def test_sentinel_connection(self, redis, discover_master):
+        host = "127.0.0.1"
+        port = 6379
+        sentinels = ["%s:%s" % (host, port)]
+        master_label = "master"
+        discover_master.return_value = (host, port)
+
+        with self._stubs(True, sentinels, master_label):
+            redis_client.Client()
+            redis.assert_called_with(host=host, port=port, ssl=True,
+                                     ssl_certfile="my.cert",
+                                     ssl_keyfile="keyfile",
+                                     ssl_ca_certs="server.cert",
+                                     ssl_cert_reqs="required")