Add CERT file support in heat-keystone-setup-domain

Add below options to support ssl connection. --insecure --os-cacert --os-cert --os-key Change-Id: I9d1fd07df783d7410ac3f51b5d4e8434d57182a4 Close-bug: #1387063
2014-10-29 18:38:52 +08:00 · 2014-10-29 18:38:52 +08:00 · 8d4e7acb83
parent 3dc63d07be
commit 8d4e7acb83
1 changed files with 34 additions and 5 deletions
--- a/bin/heat-keystone-setup-domain
+++ b/bin/heat-keystone-setup-domain
@ -37,6 +37,18 @@ opts = [
                    " and projects in the stack-user-domain"),
    cfg.StrOpt('stack-domain-admin-password',
               help="Password to set for stack-domain-admin"),
+    cfg.BoolOpt('insecure',
+                default=False,
+                help="If set, then the server's certificate will not "
+                     "be verified."),
+    cfg.StrOpt('os-cacert',
+               help='Optional CA cert file to use in SSL connections.'),
+    cfg.StrOpt('os-cert',
+               help='Optional PEM-formatted certificate chain file.'),
+    cfg.StrOpt('os-key',
+               help='Optional PEM-formatted file that contains the '
+                    'private key.'),
+
 ]

 cfg.CONF.register_cli_opts(opts)
@ -53,6 +65,11 @@ HEAT_DOMAIN_DESCRIPTION = 'Contains users and projects created by heat'
 logger.debug("USERNAME=%s" % USERNAME)
 logger.debug("AUTH_URL=%s" % AUTH_URL)

+CACERT = os.environ.get('OS_CACERT', cfg.CONF.os_cacert)
+CERT = os.environ.get('OS_CERT', cfg.CONF.os_cert)
+KEY = os.environ.get('OS_KEY', cfg.CONF.os_key)
+insecure = cfg.CONF.insecure
+

 def main():
    log_lvl = logging.DEBUG if DEBUG else logging.WARNING
@ -61,11 +78,23 @@ def main():
        level=log_lvl)
    logging.getLogger('urllib3.connectionpool').setLevel(logging.WARNING)

-    c = client.Client(debug=DEBUG,
-                      username=USERNAME,
-                      password=PASSWORD,
-                      auth_url=AUTH_URL,
-                      endpoint=AUTH_URL)
+    if insecure:
+        c = client.Client(debug=DEBUG,
+                          username=USERNAME,
+                          password=PASSWORD,
+                          auth_url=AUTH_URL,
+                          endpoint=AUTH_URL,
+                          verify=False)
+    else:
+        c = client.Client(debug=DEBUG,
+                          username=USERNAME,
+                          password=PASSWORD,
+                          auth_url=AUTH_URL,
+                          endpoint=AUTH_URL,
+                          cacert=CACERT,
+                          cert=CERT,
+                          key=KEY)
+
    c.authenticate()

    # Create the heat domain