x/vmware-nsx
Code Issues Proposed changes

NSX|P: Forbid cert operations without passthrough

Browse Source 
Admin util should validate allow_passthrough config before performing
client cert operations. This is until these are implemented against
policy.

Change-Id: I1b3fa3fc502a70b0a456dda2de2eb1c9f6b99eac
This commit is contained in:
Anna Khmelnitsky
2019-01-30 18:10:16 -08:00
parent 395974bd03
commit 5805c03044
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vmware_nsx/shell/admin/plugins/common/v3_common_cert.py
+15 -5
View File
@@ -13,6 +13,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import log as logging
from neutron_lib import context
@@ -67,12 +68,21 @@ def get_certificate_manager(plugin_conf, **kwargs):
def verify_client_cert_on(plugin_conf):
if plugin_conf.nsx_use_client_auth:
return True
LOG.info("Operation not applicable since client authentication "
if not plugin_conf.nsx_use_client_auth:
LOG.info("Operation not applicable since client authentication "
"is disabled")
return False
return False
try:
if not plugin_conf.allow_passthrough:
LOG.info("Operation not applicable since passthrough API is "
"disabled")
return False
except cfg.NoSuchOptError:
# No such option exists - passthrough check is irrelevant
pass
return True
def generate_cert(plugin_conf, **kwargs):