From 87c83deaaa81b7bb819bd66baca45b2c54693a49 Mon Sep 17 00:00:00 2001 From: Lisa Zangrando Date: Fri, 20 Jan 2017 11:41:56 +0100 Subject: [PATCH] Enable SSL for OpenStack Trust Added support to SSL connections Change-Id: I03cfb4fef50b6fee805369883f0d4436f9d6567f Sem-Ver: feature --- synergy_scheduler_manager/common/trust.py | 26 ++++++------ synergy_scheduler_manager/keystone_manager.py | 42 +++++++++---------- 2 files changed, 33 insertions(+), 35 deletions(-) diff --git a/synergy_scheduler_manager/common/trust.py b/synergy_scheduler_manager/common/trust.py index 7d8477b..e61b268 100644 --- a/synergy_scheduler_manager/common/trust.py +++ b/synergy_scheduler_manager/common/trust.py @@ -35,6 +35,8 @@ class Trust(object): self.remaining_uses = data["remaining_uses"] self.expires_at = None self.keystone_url = None + self.ssl_ca_file = None + self.ssl_cert_file = None if data["expires_at"] is not None: self.expires_at = datetime.strptime(data["expires_at"], @@ -88,7 +90,9 @@ class Trust(object): response = requests.post(url=self.keystone_url + "/auth/tokens", headers=headers, - data=json.dumps(data)) + data=json.dumps(data), + verify=self.ssl_ca_file, + cert=self.ssl_cert_file) if response.status_code != requests.codes.ok: response.raise_for_status() @@ -128,19 +132,11 @@ class Trust(object): if expires_at is not None: data["trust"]["expires_at"] = token.isotime(expires_at, True) - service = token.getService("keystone") - if not service: - raise Exception("keystone service not found!") - - endpoint = service.getEndpoint("admin") - if not endpoint: - raise Exception("keystone endpoint not found!") - - endpoint_url = endpoint.getURL() - - response = requests.post(url=endpoint_url + "/OS-TRUST/trusts", + response = requests.post(url=Trust.keystone_url + "/OS-TRUST/trusts", headers=headers, - data=json.dumps(data)) + data=json.dumps(data), + verify=Trust.ssl_ca_file, + cert=Trust.ssl_cert_file) if response.status_code != requests.codes.ok: response.raise_for_status() @@ -151,6 +147,8 @@ class Trust(object): response = response.json() trust = Trust(response["trust"]) - trust.keystone_url = endpoint_url + trust.keystone_url = Trust.keystone_url + trust.ssl_ca_file = Trust.ssl_ca_file + trust.ssl_cert_file = Trust.ssl_cert_file return trust diff --git a/synergy_scheduler_manager/keystone_manager.py b/synergy_scheduler_manager/keystone_manager.py index 6bdcce8..fa6ba5f 100644 --- a/synergy_scheduler_manager/keystone_manager.py +++ b/synergy_scheduler_manager/keystone_manager.py @@ -104,19 +104,9 @@ class KeystoneManager(Manager): self.trust_expiration = CONF.KeystoneManager.trust_expiration self.clock_skew = CONF.KeystoneManager.clock_skew self.token = None - self.auth_public_url = None self.authenticate() - service = self.getToken().getService("keystone") - if not service: - raise Exception("keystone service not found!") - - endpoint = service.getEndpoint("public") - if not endpoint: - raise Exception("keystone endpoint not found!") - self.auth_public_url = endpoint.getURL() - def task(self): pass @@ -313,7 +303,7 @@ class KeystoneManager(Manager): return project - def getProjects(self, usr_id=None): + def getProjects(self, usr_id=None, domain_id=None): if usr_id: try: response = self.getResource( @@ -324,8 +314,12 @@ class KeystoneManager(Manager): "%r): %s" % (usr_id, response["error"]["message"])) else: + data = None + if domain_id: + data = {"domain_id": domain_id} + try: - response = self.getResource("/projects", "GET") + response = self.getResource("/projects", "GET", data=data) except requests.exceptions.HTTPError as ex: response = ex.response.json() raise Exception("error on retrieving the projects list: %s" @@ -414,7 +408,9 @@ class KeystoneManager(Manager): % (id, response["error"]["message"])) trust = Trust(response["trust"]) - trust.keystone_url = self.auth_public_url + trust.keystone_url = self.auth_url + trust.ssl_ca_file = self.ssl_ca_file + trust.ssl_cert_file = self.ssl_cert_file return trust @@ -430,7 +426,9 @@ class KeystoneManager(Manager): if response: trust = Trust(response["trust"]) - trust.keystone_url = self.auth_public_url + trust.keystone_url = self.auth_url + trust.ssl_ca_file = self.ssl_ca_file + trust.ssl_cert_file = self.ssl_cert_file return trust @@ -450,15 +448,16 @@ class KeystoneManager(Manager): def getTrusts(self, user_id=None, isTrustor=True, token=None): url = "/OS-TRUST/trusts" + data = None if user_id: if isTrustor: - url += "?trustor_user_id=%s" % user_id + data = {"trustor_user_id": user_id} else: - url += "?trustee_user_id=%s" % user_id + data = {"trustee_user_id": user_id} try: - response = self.getResource(url, "GET", token=token) + response = self.getResource(url, "GET", token=token, data=data) except requests.exceptions.HTTPError as ex: response = ex.response.json() raise Exception("error on retrieving the trust list (id=%r): %s" @@ -469,7 +468,9 @@ class KeystoneManager(Manager): if response: for data in response["trusts"]: trust = Trust(data) - trust.keystone_url = self.auth_public_url + trust.keystone_url = self.auth_url + trust.ssl_ca_file = self.ssl_ca_file + trust.ssl_cert_file = self.ssl_cert_file trusts.append(trust) @@ -670,12 +671,11 @@ class KeystoneManager(Manager): if token: if token.isExpired(): raise Exception("token expired!") - - url = self.auth_public_url else: self.authenticate() token = self.getToken() - url = self.auth_url + + url = self.auth_url if version: url = url[:url.rfind("/") + 1] + version