functional tests: fix tests work over SSL OpenStack Cloud

Change-Id: I3a6e02e96ed807ce4305876fe3c5798449fedc24

ec2api/tests/contrib/post_test_hook.sh

@@ -224,6 +224,7 @@ instance_type = m1.ec2api
 instance_type_alt = m1.ec2api-alt
 ami_image_location=$CIRROS_IMAGE_MANIFEST
 run_ssh=$run_ssh
+ca_bundle=$OS_CACERT
 EOF"
 fi
 

ec2api/tests/functional/base.py

@@ -231,12 +231,14 @@ class EC2TestCase(base.BaseTestCase):
     @safe_setup
     def setUpClass(cls):
         super(EC2TestCase, cls).setUpClass()
-        cls.client = botocoreclient._get_ec2_client(
+        cls.client = botocoreclient.get_ec2_client(
             CONF.aws.ec2_url, CONF.aws.aws_region,
-            CONF.aws.aws_access, CONF.aws.aws_secret)
-        cls.s3_client = botocoreclient._get_s3_client(
+            CONF.aws.aws_access, CONF.aws.aws_secret,
+            CONF.aws.ca_bundle)
+        cls.s3_client = botocoreclient.get_s3_client(
             CONF.aws.s3_url, CONF.aws.aws_region,
-            CONF.aws.aws_access, CONF.aws.aws_secret)
+            CONF.aws.aws_access, CONF.aws.aws_secret,
+            CONF.aws.ca_bundle)
         TesterStateHolder().ec2_client = cls.client
 
     @classmethod

ec2api/tests/functional/botocoreclient.py

@@ -16,20 +16,26 @@
 import botocore.session
 
 
-def _get_client(client_name, url, region, access, secret):
+def _get_client(client_name, url, region, access, secret, ca_bundle):
     connection_data = {
         'config_file': (None, 'AWS_CONFIG_FILE', None, None),
         'region': ('region', 'BOTO_DEFAULT_REGION', region, None),
     }
     session = botocore.session.get_session(connection_data)
-    return session.create_client(
-        client_name, region_name=region, endpoint_url=url,
-        aws_access_key_id=access, aws_secret_access_key=secret)
+    kwargs = {
+        'region_name': region,
+        'endpoint_url': url,
+        'aws_access_key_id': access,
+        'aws_secret_access_key': secret
+    }
+    if ca_bundle:
+        kwargs['verify'] = ca_bundle
+    return session.create_client(client_name, **kwargs)
 
 
-def _get_ec2_client(url, region, access, secret):
-    return _get_client('ec2', url, region, access, secret)
+def get_ec2_client(url, region, access, secret, ca_bundle=None):
+    return _get_client('ec2', url, region, access, secret, ca_bundle)
 
 
-def _get_s3_client(url, region, access, secret):
-    return _get_client('s3', url, region, access, secret)
+def get_s3_client(url, region, access, secret, ca_bundle=None):
+    return _get_client('s3', url, region, access, secret, ca_bundle)

ec2api/tests/functional/config.py

@@ -35,6 +35,10 @@ AWSGroup = [
     cfg.StrOpt('s3_url',
                default="http://localhost:3334/",
                help="S3 URL"),
+    cfg.StrOpt('ca_bundle',
+               default=None,
+               help="The CA certificate bundle to use when verifying "
+                    "SSL certificates."),
     cfg.StrOpt('aws_secret',
                default=None,
                help="AWS Secret Key",

rally-scenarios/plugins/context_plugin_ec2_objects.py

@@ -258,7 +258,7 @@ class FakeNetworkGenerator(EC2Objects):
                      % (user["tenant_id"]))
 
             args = user['ec2args']
-            client = botocoreclient._get_ec2_client(
+            client = botocoreclient.get_ec2_client(
                 args['url'], args['region'], args['access'], args['secret'])
 
             self.context["tenants"][tenant_id]["networks"] = list()
@@ -272,7 +272,7 @@ class FakeNetworkGenerator(EC2Objects):
         for user, tenant_id in rutils.iterate_per_tenants(
                 self.context["users"]):
             args = user['ec2args']
-            client = botocoreclient._get_ec2_client(
+            client = botocoreclient.get_ec2_client(
                 args['url'], args['region'], args['access'], args['secret'])
             self.cleanup_networks(tenant_id, client)
 
@@ -334,7 +334,7 @@ class FakeServerGenerator(EC2Objects):
                      % (user["tenant_id"]))
 
             args = user['ec2args']
-            client = botocoreclient._get_ec2_client(
+            client = botocoreclient.get_ec2_client(
                 args['url'], args['region'], args['access'], args['secret'])
 
             if image_id is None:
@@ -354,7 +354,7 @@ class FakeServerGenerator(EC2Objects):
         for user, tenant_id in rutils.iterate_per_tenants(
                 self.context["users"]):
             args = user['ec2args']
-            client = botocoreclient._get_ec2_client(
+            client = botocoreclient.get_ec2_client(
                 args['url'], args['region'], args['access'], args['secret'])
 
             self.terminate_instances_and_wait(tenant_id, client)

rally-scenarios/plugins/ec2api_plugin.py

@@ -47,7 +47,7 @@ class EC2APIPlugin(scenario.OpenStackScenario):
     def _get_client(self, is_nova):
         args = self.context['user']['ec2args']
         url = args['nova_url'] if is_nova else args['url']
-        client = botocoreclient._get_ec2_client(
+        client = botocoreclient.get_ec2_client(
             url, args['region'], args['access'], args['secret'])
         return client