Two way SSL connection with the identity service.
Allow the user to establish a two way SSL connection by adding the cert and key parameters in the client of keystone manager Change-Id: I4418a45a58139d63d23f1939be61e90d7cd6a062
This commit is contained in:
parent
1c858ea907
commit
63fb35354e
13
README.rst
13
README.rst
|
@ -35,6 +35,7 @@ Usage
|
||||||
usage: flame [-h] [--username USERNAME] [--password PASSWORD]
|
usage: flame [-h] [--username USERNAME] [--password PASSWORD]
|
||||||
[--project PROJECT] [--region REGION] [--auth_url AUTH_URL]
|
[--project PROJECT] [--region REGION] [--auth_url AUTH_URL]
|
||||||
[--os-auth-token OS_AUTH_TOKEN] [--insecure]
|
[--os-auth-token OS_AUTH_TOKEN] [--insecure]
|
||||||
|
[--os-cert <certification>] [--os-key <key>]
|
||||||
[--endpoint_type ENDPOINT_TYPE] [--exclude-servers]
|
[--endpoint_type ENDPOINT_TYPE] [--exclude-servers]
|
||||||
[--exclude-volumes] [--exclude-keypairs] [--generate-stack-data]
|
[--exclude-volumes] [--exclude-keypairs] [--generate-stack-data]
|
||||||
[--extract-ports]
|
[--extract-ports]
|
||||||
|
@ -51,6 +52,12 @@ Usage
|
||||||
--auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL].
|
--auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL].
|
||||||
--os-auth-token OS_AUTH_TOKEN
|
--os-auth-token OS_AUTH_TOKEN
|
||||||
User's auth token. Defaults to env[OS_AUTH_TOKEN].
|
User's auth token. Defaults to env[OS_AUTH_TOKEN].
|
||||||
|
--os-cert <certificate>
|
||||||
|
Path to user's certificate needed to establish
|
||||||
|
two-way SSL connection with the identity service.
|
||||||
|
Defaults to env[OS_CERT].
|
||||||
|
--os-key <key> Path to the user's certificate private key.
|
||||||
|
Defaults to env[OS_KEY].
|
||||||
--insecure Explicitly allow clients to perform"insecure" SSL
|
--insecure Explicitly allow clients to perform"insecure" SSL
|
||||||
(https) requests. The server's certificate will not be
|
(https) requests. The server's certificate will not be
|
||||||
verified against any certificate authorities. This
|
verified against any certificate authorities. This
|
||||||
|
@ -76,6 +83,12 @@ To use Flame you can provide yours OpenStack credentials as arguments :
|
||||||
|
|
||||||
Or you can source your OpenStack RC file and use Flame without arguments.
|
Or you can source your OpenStack RC file and use Flame without arguments.
|
||||||
|
|
||||||
|
To establish a two-way SSL connection with the identity service :
|
||||||
|
|
||||||
|
$flame --username arezmerita --os-auth-token keystonetoken \
|
||||||
|
--project project-arezmerita --auth_url http://<Keystone_host>:5000/v2.0
|
||||||
|
--os-cert <path/to/certificate> --os-key <path/to/key>
|
||||||
|
|
||||||
Flame can be used with either a login and password pair or a keystone
|
Flame can be used with either a login and password pair or a keystone
|
||||||
token by exporting the OS_AUTH_TOKEN variable (the token is obtained
|
token by exporting the OS_AUTH_TOKEN variable (the token is obtained
|
||||||
with keystone token-get).
|
with keystone token-get).
|
||||||
|
|
|
@ -11,6 +11,7 @@ To use the CLI of flame::
|
||||||
usage: flame [-h] [--username USERNAME] [--password PASSWORD]
|
usage: flame [-h] [--username USERNAME] [--password PASSWORD]
|
||||||
[--project PROJECT] [--region REGION] [--auth_url AUTH_URL]
|
[--project PROJECT] [--region REGION] [--auth_url AUTH_URL]
|
||||||
[--os-auth-token OS_AUTH_TOKEN] [--insecure]
|
[--os-auth-token OS_AUTH_TOKEN] [--insecure]
|
||||||
|
[--os-cert <certification>] [--os-key <key>]
|
||||||
[--endpoint_type ENDPOINT_TYPE] [--exclude-servers]
|
[--endpoint_type ENDPOINT_TYPE] [--exclude-servers]
|
||||||
[--exclude-volumes] [--exclude-keypairs] [--generate-stack-data]
|
[--exclude-volumes] [--exclude-keypairs] [--generate-stack-data]
|
||||||
[--extract-ports]
|
[--extract-ports]
|
||||||
|
@ -27,6 +28,12 @@ To use the CLI of flame::
|
||||||
--auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL].
|
--auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL].
|
||||||
--os-auth-token OS_AUTH_TOKEN
|
--os-auth-token OS_AUTH_TOKEN
|
||||||
User's auth token. Defaults to env[OS_AUTH_TOKEN].
|
User's auth token. Defaults to env[OS_AUTH_TOKEN].
|
||||||
|
--os-cert <certificate>
|
||||||
|
Path to user's certificate needed to establish
|
||||||
|
two-way SSL connection with the identity service.
|
||||||
|
Defaults to env[OS_CERT].
|
||||||
|
--os-key <key> Path to the user's certificate private key.
|
||||||
|
Defaults to env[OS_KEY].
|
||||||
--insecure Explicitly allow clients to perform"insecure" SSL
|
--insecure Explicitly allow clients to perform"insecure" SSL
|
||||||
(https) requests. The server's certificate will not be
|
(https) requests. The server's certificate will not be
|
||||||
verified against any certificate authorities. This
|
verified against any certificate authorities. This
|
||||||
|
@ -55,6 +62,12 @@ Or a token and a tenant::
|
||||||
$ flame --username arezmerita --os-auth-token keystonetoken \
|
$ flame --username arezmerita --os-auth-token keystonetoken \
|
||||||
--project project-arezmerita --auth_url https://example.com/v2.0/
|
--project project-arezmerita --auth_url https://example.com/v2.0/
|
||||||
|
|
||||||
|
To establish a two-way SSL connection with the identity service ::
|
||||||
|
|
||||||
|
$flame --username arezmerita --os-auth-token keystonetoken \
|
||||||
|
--project project-arezmerita --auth_url https://example.com/v2.0/
|
||||||
|
--os-cert <path/to/certificate> --os-key <path/to/key>
|
||||||
|
|
||||||
Or you can source your OpenStack RC file and use Flame without arguments::
|
Or you can source your OpenStack RC file and use Flame without arguments::
|
||||||
|
|
||||||
$ source credential.rc
|
$ source credential.rc
|
||||||
|
|
|
@ -67,6 +67,14 @@ def main(args=None):
|
||||||
default=os.environ.get("OS_ENDPOINT_TYPE",
|
default=os.environ.get("OS_ENDPOINT_TYPE",
|
||||||
"publicURL"),
|
"publicURL"),
|
||||||
help="Defaults to env[OS_ENDPOINT_TYPE] or publicURL")
|
help="Defaults to env[OS_ENDPOINT_TYPE] or publicURL")
|
||||||
|
parser.add_argument("--os-cert", type=str, metavar='<certificate>',
|
||||||
|
default=os.environ.get("OS_CERT"),
|
||||||
|
help="User's certificate. "
|
||||||
|
"Defaults to env[OS_CERT].")
|
||||||
|
parser.add_argument("--os-key", type=str, metavar='<key>',
|
||||||
|
default=os.environ.get("OS_KEY"),
|
||||||
|
help="User's key. "
|
||||||
|
"Defaults to env[OS_KEY].")
|
||||||
parser.add_argument('--exclude-servers', action='store_true',
|
parser.add_argument('--exclude-servers', action='store_true',
|
||||||
default=False,
|
default=False,
|
||||||
help="Do not export in template server resources")
|
help="Do not export in template server resources")
|
||||||
|
@ -88,6 +96,7 @@ def main(args=None):
|
||||||
flame = client.Client(args.username, args.password,
|
flame = client.Client(args.username, args.password,
|
||||||
args.project, args.auth_url,
|
args.project, args.auth_url,
|
||||||
args.os_auth_token,
|
args.os_auth_token,
|
||||||
|
cert=args.os_cert, key=args.os_key,
|
||||||
region_name=args.region,
|
region_name=args.region,
|
||||||
endpoint_type=args.endpoint_type,
|
endpoint_type=args.endpoint_type,
|
||||||
insecure=args.insecure)
|
insecure=args.insecure)
|
||||||
|
|
|
@ -107,13 +107,14 @@ class Resource(object):
|
||||||
class TemplateGenerator(object):
|
class TemplateGenerator(object):
|
||||||
|
|
||||||
def __init__(self, username, password, tenant_name, auth_url,
|
def __init__(self, username, password, tenant_name, auth_url,
|
||||||
auth_token=None, insecure=False, endpoint_type='publicURL',
|
auth_token=None, cert=None, key=None, insecure=False,
|
||||||
region_name=None):
|
endpoint_type='publicURL', region_name=None):
|
||||||
self.thread_pool = concurrent.futures.ThreadPoolExecutor(10)
|
self.thread_pool = concurrent.futures.ThreadPoolExecutor(10)
|
||||||
self.generate_data = False
|
self.generate_data = False
|
||||||
self._setup_templates()
|
self._setup_templates()
|
||||||
self._setup_managers(username, password, tenant_name, auth_url,
|
self._setup_managers(username, password, tenant_name, auth_url, cert,
|
||||||
insecure, endpoint_type, region_name, auth_token)
|
key, insecure, endpoint_type, region_name,
|
||||||
|
auth_token)
|
||||||
|
|
||||||
def _setup_templates(self):
|
def _setup_templates(self):
|
||||||
self.template = yaml.load(template_skeleton)
|
self.template = yaml.load(template_skeleton)
|
||||||
|
@ -124,12 +125,12 @@ class TemplateGenerator(object):
|
||||||
self.stack_data['resources'] = {}
|
self.stack_data['resources'] = {}
|
||||||
|
|
||||||
def _setup_managers(self, username, password, tenant_name, auth_url,
|
def _setup_managers(self, username, password, tenant_name, auth_url,
|
||||||
insecure, endpoint_type, region_name=None,
|
insecure, endpoint_type, cert=None, key=None,
|
||||||
auth_token=None):
|
region_name=None, auth_token=None):
|
||||||
self.keystone = managers.KeystoneManager(
|
self.keystone = managers.KeystoneManager(
|
||||||
username, password,
|
username, password,
|
||||||
tenant_name,
|
tenant_name,
|
||||||
auth_url, insecure,
|
auth_url, cert, key, insecure,
|
||||||
endpoint_type,
|
endpoint_type,
|
||||||
region_name=region_name,
|
region_name=region_name,
|
||||||
auth_token=auth_token
|
auth_token=auth_token
|
||||||
|
|
|
@ -33,11 +33,14 @@ class KeystoneManager(object):
|
||||||
_client = None
|
_client = None
|
||||||
|
|
||||||
def __init__(self, username, password, project, auth_url, insecure,
|
def __init__(self, username, password, project, auth_url, insecure,
|
||||||
endpoint_type='publicURL', region_name=None, auth_token=None):
|
endpoint_type='publicURL', cert=None, key=None,
|
||||||
|
region_name=None, auth_token=None):
|
||||||
self.username = username
|
self.username = username
|
||||||
self.password = password
|
self.password = password
|
||||||
self.project = project
|
self.project = project
|
||||||
self.auth_url = auth_url
|
self.auth_url = auth_url
|
||||||
|
self.cert = cert
|
||||||
|
self.key = key
|
||||||
self.insecure = insecure
|
self.insecure = insecure
|
||||||
self.region_name = region_name
|
self.region_name = region_name
|
||||||
self.endpoint_type = endpoint_type
|
self.endpoint_type = endpoint_type
|
||||||
|
@ -54,6 +57,8 @@ class KeystoneManager(object):
|
||||||
password=self.password,
|
password=self.password,
|
||||||
tenant_name=self.project,
|
tenant_name=self.project,
|
||||||
auth_url=self.auth_url,
|
auth_url=self.auth_url,
|
||||||
|
cert=self.cert,
|
||||||
|
key=self.key,
|
||||||
region_name=self.region_name,
|
region_name=self.region_name,
|
||||||
insecure=self.insecure,
|
insecure=self.insecure,
|
||||||
endpoint_type=self.endpoint_type,
|
endpoint_type=self.endpoint_type,
|
||||||
|
|
Loading…
Reference in New Issue