Merge "Fix the ca certificate handling in the client sessions"

2016-06-27 20:55:26 +00:00 · 2016-06-27 20:55:26 +00:00 · 0840f91f88
parent a36dfbcd4c 9d428206cd
commit 0840f91f88
3 changed files with 16 additions and 16 deletions
--- a/releasenotes/notes/ca-cert-fix-5c434a82f9347039.yaml
+++ b/releasenotes/notes/ca-cert-fix-5c434a82f9347039.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - CA certificate handling in keystone, nova, neutron and
+    cinder clients are fixed (#330635)
--- a/sahara/service/sessions.py
+++ b/sahara/service/sessions.py
@ -105,9 +105,9 @@ class SessionCache(object):
    def get_cinder_session(self):
        session = self._sessions.get(SESSION_TYPE_CINDER)
        if not session:
-            if not CONF.cinder.api_insecure and CONF.cinder.ca_file:
+            if not CONF.cinder.api_insecure:
                session = keystone.Session(
-                    cert=CONF.cinder.ca_file, verify=True)
+                    verify=CONF.cinder.ca_file or True)
            else:
                session = self.get_insecure_session()
            self._set_session(SESSION_TYPE_CINDER, session)
@ -116,9 +116,9 @@ class SessionCache(object):
    def get_keystone_session(self):
        session = self._sessions.get(SESSION_TYPE_KEYSTONE)
        if not session:
-            if not CONF.keystone.api_insecure and CONF.keystone.ca_file:
+            if not CONF.keystone.api_insecure:
                session = keystone.Session(
-                    cert=CONF.keystone.ca_file, verify=True)
+                    verify=CONF.keystone.ca_file or True)
            else:
                session = self.get_insecure_session()
            self._set_session(SESSION_TYPE_KEYSTONE, session)
@ -127,9 +127,9 @@ class SessionCache(object):
    def get_neutron_session(self):
        session = self._sessions.get(SESSION_TYPE_NEUTRON)
        if not session:
-            if not CONF.neutron.api_insecure and CONF.neutron.ca_file:
+            if not CONF.neutron.api_insecure:
                session = keystone.Session(
-                    cert=CONF.neutron.ca_file, verify=True)
+                    verify=CONF.neutron.ca_file or True)
            else:
                session = self.get_insecure_session()
            self._set_session(SESSION_TYPE_NEUTRON, session)
@ -138,9 +138,9 @@ class SessionCache(object):
    def get_nova_session(self):
        session = self._sessions.get(SESSION_TYPE_NOVA)
        if not session:
-            if not CONF.nova.api_insecure and CONF.nova.ca_file:
+            if not CONF.nova.api_insecure:
                session = keystone.Session(
-                    cert=CONF.nova.ca_file, verify=True)
+                    verify=CONF.nova.ca_file or True)
            else:
                session = self.get_insecure_session()
            self._set_session(SESSION_TYPE_NOVA, session)
--- a/sahara/tests/unit/service/test_sessions.py
+++ b/sahara/tests/unit/service/test_sessions.py
@ -38,8 +38,7 @@ class TestSessionCache(base.SaharaTestCase):
        self.override_config('ca_file', '/some/cacert', group='keystone')
        self.override_config('api_insecure', False, group='keystone')
        sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')

        sc = sessions.SessionCache()
        keystone_session.reset_mock()
@ -58,8 +57,7 @@ class TestSessionCache(base.SaharaTestCase):
        self.override_config('ca_file', '/some/cacert', group='nova')
        self.override_config('api_insecure', False, group='nova')
        sc.get_session(sessions.SESSION_TYPE_NOVA)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')

        sc = sessions.SessionCache()
        keystone_session.reset_mock()
@ -78,8 +76,7 @@ class TestSessionCache(base.SaharaTestCase):
        self.override_config('ca_file', '/some/cacert', group='cinder')
        self.override_config('api_insecure', False, group='cinder')
        sc.get_session(sessions.SESSION_TYPE_CINDER)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')

        sc = sessions.SessionCache()
        keystone_session.reset_mock()
@ -98,8 +95,7 @@ class TestSessionCache(base.SaharaTestCase):
        self.override_config('ca_file', '/some/cacert', group='neutron')
        self.override_config('api_insecure', False, group='neutron')
        sc.get_session(sessions.SESSION_TYPE_NEUTRON)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')

        sc = sessions.SessionCache()
        keystone_session.reset_mock()