Verify https connections by default

The 'insecure' option was being read in as a string without being
converted to a boolean, preventing it from ever being able to be set to
False. The default value has also been changed to False, so that
verification of certificates must be explicitly disabled.

Change-Id: Ic68b870ea8d5e2e3451ea7915407fabb918efe72
This commit is contained in:
Jimmy McCrory 2017-06-14 14:53:10 -07:00
parent c86e5d6ebf
commit dc4251a766
4 changed files with 36 additions and 4 deletions

View File

@ -4,8 +4,9 @@
# override whatever is needed within the local sections.
[DEFAULT]
# The verify option is for SSL. If your SSL certificate is not
# valid set this option to false else omit it or set it true.
# Allow insecure TLS (https) requests.
# If your SSL certificate is not valid set this option to true,
# else omit it or set it false.
insecure = true
auth_url = https://127.0.0.1:5000/v3

View File

@ -30,6 +30,8 @@ except ImportError as e: # pragma: no cover
' Please install "python-openstacksdk".'
' ERROR: %s' % str(e))
from distutils.util import strtobool
from monitorstack import utils
@ -43,7 +45,8 @@ class OpenStack(object):
:type os_auth_args: dict
"""
self.os_auth_args = os_auth_args
self.verify = self.os_auth_args.get('insecure', True) is False
insecure = bool(strtobool(self.os_auth_args.get('insecure', 'False')))
self.verify = insecure is False
@property
def conn(self):

View File

@ -0,0 +1,5 @@
---
security:
- |
The default value of the ``insecure`` option is now `False`, which will
verify certificates of https connections.

View File

@ -130,12 +130,20 @@ class MockedOpenStackConn(object):
class TestOSUtilsConnection(unittest.TestCase):
"""Tests for the utilities."""
def setUp(self):
"""Setup the test."""
# load the base class for these tests.
self.config = tests.unit.read_config()['keystone']
def tearDown(self):
"""Tear down the test."""
pass
def test_conn(self):
"""Test the OpenStack connection interface."""
# load the base class for these tests.
self.osu = os_utils.OpenStack(
os_auth_args=tests.unit.read_config()['keystone']
os_auth_args=self.config
)
self.assertTrue(
isinstance(
@ -144,6 +152,21 @@ class TestOSUtilsConnection(unittest.TestCase):
)
)
def test_insecure(self):
"""Test True insecure value."""
self.osu = os_utils.OpenStack(
os_auth_args=self.config
)
self.assertFalse(self.osu.verify)
def test_secure(self):
"""Test False insecure value."""
with mock.patch.dict(self.config, {'insecure': 'False'}):
self.osu = os_utils.OpenStack(
os_auth_args=self.config
)
self.assertTrue(self.osu.verify)
class TestOsUtils(unittest.TestCase):
"""Tests for the utilities."""