Adds https support for metadata agent

Adds two configure options to support https client for metadata proxy * auth_insecure: turn off verification of the certificate for ssl, or * auth_ca_cert: CA cert to check against with for ssl. Change-Id: I3ffb86ae9ce31931436a4e13957aae30eebf9d92 Closes-Bug: #1263872
2014-01-16 22:28:28 +08:00 · 2014-01-16 22:28:28 +08:00 · a06c2f6cbd
commit a06c2f6cbd
parent b0ae4e5808
3 changed files with 18 additions and 0 deletions
--- a/etc/metadata_agent.ini
+++ b/etc/metadata_agent.ini
@ -5,6 +5,10 @@
 # The Neutron user information for accessing the Neutron API.
 auth_url = http://localhost:5000/v2.0
 auth_region = RegionOne
+# Turn off verification of the certificate for ssl
+# auth_insecure = False
+# Certificate Authority public key (CA cert) file for ssl
+# auth_ca_cert =
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%
--- a/neutron/agent/metadata/agent.py
+++ b/neutron/agent/metadata/agent.py
@ -61,6 +61,14 @@ class MetadataProxyHandler(object):
                   help=_("The type of authentication to use")),
        cfg.StrOpt('auth_region',
                   help=_("Authentication region")),
+        cfg.BoolOpt('auth_insecure',
+                    default=False,
+                    help=_("Turn off verification of the certificate for"
+                           " ssl")),
+        cfg.StrOpt('auth_ca_cert',
+                   default=None,
+                   help=_("Certificate Authority public key (CA cert) "
+                          "file for ssl")),
        cfg.StrOpt('endpoint_type',
                   default='adminURL',
                   help=_("Network service endpoint type to pull from "
@ -89,6 +97,8 @@ class MetadataProxyHandler(object):
            auth_strategy=self.conf.auth_strategy,
            region_name=self.conf.auth_region,
            token=self.auth_info.get('auth_token'),
+            insecure=self.conf.auth_insecure,
+            ca_cert=self.conf.auth_ca_cert,
            endpoint_url=self.auth_info.get('endpoint_url'),
            endpoint_type=self.conf.endpoint_type
        )
--- a/neutron/tests/unit/test_metadata_agent.py
+++ b/neutron/tests/unit/test_metadata_agent.py
@ -34,6 +34,8 @@ class FakeConf(object):
    auth_url = 'http://127.0.0.1'
    auth_strategy = 'keystone'
    auth_region = 'region'
+    auth_insecure = False
+    auth_ca_cert = None
    endpoint_type = 'adminURL'
    nova_metadata_ip = '9.9.9.9'
    nova_metadata_port = 8775
@ -100,6 +102,8 @@ class TestMetadataProxyHandler(base.BaseTestCase):
                password=FakeConf.admin_password,
                auth_strategy=FakeConf.auth_strategy,
                token=None,
+                insecure=FakeConf.auth_insecure,
+                ca_cert=FakeConf.auth_ca_cert,
                endpoint_url=None,
                endpoint_type=FakeConf.endpoint_type)
        ]