x/vmware-nsx
Code Issues Proposed changes

Merge "NSX|P: Forbid cert operations without passthrough"

Browse Source
This commit is contained in:
Zuul
2019-02-07 09:31:40 +00:00
committed by Gerrit Code Review
parent c3f93300b9 5805c03044
commit 78948848e6
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
vmware_nsx/shell/admin/plugins/common/v3_common_cert.py
View File

@@ -13,6 +13,7 @@
# under the License. # under the License.
from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from neutron_lib import context from neutron_lib import context
@@ -67,12 +68,21 @@ def get_certificate_manager(plugin_conf, **kwargs):
def verify_client_cert_on(plugin_conf): def verify_client_cert_on(plugin_conf):
if plugin_conf.nsx_use_client_auth: if not plugin_conf.nsx_use_client_auth:
return True LOG.info("Operation not applicable since client authentication "
LOG.info("Operation not applicable since client authentication "
"is disabled") "is disabled")
return False return False
try:
if not plugin_conf.allow_passthrough:
LOG.info("Operation not applicable since passthrough API is "
"disabled")
return False
except cfg.NoSuchOptError:
# No such option exists - passthrough check is irrelevant
pass
return True
def generate_cert(plugin_conf, **kwargs): def generate_cert(plugin_conf, **kwargs):