Handle missing PKI certs for Keystone v3 deploys
OpenStack Pike drops PKI support, and the keystone charm no longer configures PKI signing certs for revocation lists@Pike. Previous changes fixed issues with Keystone v2 based deployments@Pike; however the Keystone v3 retrieval code did not inspect the status code on the requests base response during certificate retrieval. Ensure that a OK status code is returned from Keystone for v3 deploys, ensuring that Pike based v3 deployments continue to function. Change-Id: I603115a8e298aa8dedbdcea195b27bb8a6c0c71e Closes-Bug: 1718467
This commit is contained in:
parent
9e47bad656
commit
a4dd62c950
|
@ -389,7 +389,11 @@ def get_ks_cert(ksclient, auth_endpoint, cert_type):
|
|||
"'{}'".format(cert_type))
|
||||
except AttributeError:
|
||||
# Keystone v3 or Juno and older
|
||||
cert = requests.request('GET', request).text
|
||||
response = requests.request('GET', request)
|
||||
if response.status_code == requests.codes.ok:
|
||||
cert = response.text
|
||||
else:
|
||||
raise KSCertSetupException("Unable to retrieve certificate")
|
||||
except (ConnectionRefused, requests.exceptions.ConnectionError,
|
||||
Forbidden, InternalServerError):
|
||||
raise KSCertSetupException("Error connecting to keystone")
|
||||
|
|
Loading…
Reference in New Issue