Handle missing PKI certs for Keystone v3 deploys

OpenStack Pike drops PKI support, and the keystone charm no longer configures PKI signing certs for revocation lists@Pike. Previous changes fixed issues with Keystone v2 based deployments@Pike; however the Keystone v3 retrieval code did not inspect the status code on the requests base response during certificate retrieval. Ensure that a OK status code is returned from Keystone for v3 deploys, ensuring that Pike based v3 deployments continue to function. Change-Id: I603115a8e298aa8dedbdcea195b27bb8a6c0c71e Closes-Bug: 1718467
2017-09-25 11:20:26 +01:00 · 2017-09-25 11:20:26 +01:00 · a4dd62c950
parent 9e47bad656
commit a4dd62c950
1 changed files with 5 additions and 1 deletions
--- a/hooks/utils.py
+++ b/hooks/utils.py
@ -389,7 +389,11 @@ def get_ks_cert(ksclient, auth_endpoint, cert_type):
                                           "'{}'".format(cert_type))
        except AttributeError:
            # Keystone v3 or Juno and older
-            cert = requests.request('GET', request).text
+            response = requests.request('GET', request)
+            if response.status_code == requests.codes.ok:
+                cert = response.text
+            else:
+                raise KSCertSetupException("Unable to retrieve certificate")
    except (ConnectionRefused, requests.exceptions.ConnectionError,
            Forbidden, InternalServerError):
        raise KSCertSetupException("Error connecting to keystone")