Merge "Enable SSL for OpenStack Trust"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
5bc82944c4
|
|
@ -35,6 +35,8 @@ class Trust(object):
|
|||
self.remaining_uses = data["remaining_uses"]
|
||||
self.expires_at = None
|
||||
self.keystone_url = None
|
||||
self.ssl_ca_file = None
|
||||
self.ssl_cert_file = None
|
||||
|
||||
if data["expires_at"] is not None:
|
||||
self.expires_at = datetime.strptime(data["expires_at"],
|
||||
|
|
@ -88,7 +90,9 @@ class Trust(object):
|
|||
|
||||
response = requests.post(url=self.keystone_url + "/auth/tokens",
|
||||
headers=headers,
|
||||
data=json.dumps(data))
|
||||
data=json.dumps(data),
|
||||
verify=self.ssl_ca_file,
|
||||
cert=self.ssl_cert_file)
|
||||
|
||||
if response.status_code != requests.codes.ok:
|
||||
response.raise_for_status()
|
||||
|
|
@ -128,19 +132,11 @@ class Trust(object):
|
|||
if expires_at is not None:
|
||||
data["trust"]["expires_at"] = token.isotime(expires_at, True)
|
||||
|
||||
service = token.getService("keystone")
|
||||
if not service:
|
||||
raise Exception("keystone service not found!")
|
||||
|
||||
endpoint = service.getEndpoint("admin")
|
||||
if not endpoint:
|
||||
raise Exception("keystone endpoint not found!")
|
||||
|
||||
endpoint_url = endpoint.getURL()
|
||||
|
||||
response = requests.post(url=endpoint_url + "/OS-TRUST/trusts",
|
||||
response = requests.post(url=Trust.keystone_url + "/OS-TRUST/trusts",
|
||||
headers=headers,
|
||||
data=json.dumps(data))
|
||||
data=json.dumps(data),
|
||||
verify=Trust.ssl_ca_file,
|
||||
cert=Trust.ssl_cert_file)
|
||||
|
||||
if response.status_code != requests.codes.ok:
|
||||
response.raise_for_status()
|
||||
|
|
@ -151,6 +147,8 @@ class Trust(object):
|
|||
response = response.json()
|
||||
|
||||
trust = Trust(response["trust"])
|
||||
trust.keystone_url = endpoint_url
|
||||
trust.keystone_url = Trust.keystone_url
|
||||
trust.ssl_ca_file = Trust.ssl_ca_file
|
||||
trust.ssl_cert_file = Trust.ssl_cert_file
|
||||
|
||||
return trust
|
||||
|
|
|
|||
|
|
@ -104,19 +104,9 @@ class KeystoneManager(Manager):
|
|||
self.trust_expiration = CONF.KeystoneManager.trust_expiration
|
||||
self.clock_skew = CONF.KeystoneManager.clock_skew
|
||||
self.token = None
|
||||
self.auth_public_url = None
|
||||
|
||||
self.authenticate()
|
||||
|
||||
service = self.getToken().getService("keystone")
|
||||
if not service:
|
||||
raise Exception("keystone service not found!")
|
||||
|
||||
endpoint = service.getEndpoint("public")
|
||||
if not endpoint:
|
||||
raise Exception("keystone endpoint not found!")
|
||||
self.auth_public_url = endpoint.getURL()
|
||||
|
||||
def task(self):
|
||||
pass
|
||||
|
||||
|
|
@ -329,7 +319,7 @@ class KeystoneManager(Manager):
|
|||
|
||||
return project
|
||||
|
||||
def getProjects(self, usr_id=None):
|
||||
def getProjects(self, usr_id=None, domain_id=None):
|
||||
if usr_id:
|
||||
try:
|
||||
response = self.getResource(
|
||||
|
|
@ -340,8 +330,12 @@ class KeystoneManager(Manager):
|
|||
"%r): %s" % (usr_id,
|
||||
response["error"]["message"]))
|
||||
else:
|
||||
data = None
|
||||
if domain_id:
|
||||
data = {"domain_id": domain_id}
|
||||
|
||||
try:
|
||||
response = self.getResource("/projects", "GET")
|
||||
response = self.getResource("/projects", "GET", data=data)
|
||||
except requests.exceptions.HTTPError as ex:
|
||||
response = ex.response.json()
|
||||
raise Exception("error on retrieving the projects list: %s"
|
||||
|
|
@ -430,7 +424,9 @@ class KeystoneManager(Manager):
|
|||
% (id, response["error"]["message"]))
|
||||
|
||||
trust = Trust(response["trust"])
|
||||
trust.keystone_url = self.auth_public_url
|
||||
trust.keystone_url = self.auth_url
|
||||
trust.ssl_ca_file = self.ssl_ca_file
|
||||
trust.ssl_cert_file = self.ssl_cert_file
|
||||
|
||||
return trust
|
||||
|
||||
|
|
@ -446,7 +442,9 @@ class KeystoneManager(Manager):
|
|||
|
||||
if response:
|
||||
trust = Trust(response["trust"])
|
||||
trust.keystone_url = self.auth_public_url
|
||||
trust.keystone_url = self.auth_url
|
||||
trust.ssl_ca_file = self.ssl_ca_file
|
||||
trust.ssl_cert_file = self.ssl_cert_file
|
||||
|
||||
return trust
|
||||
|
||||
|
|
@ -466,15 +464,16 @@ class KeystoneManager(Manager):
|
|||
|
||||
def getTrusts(self, user_id=None, isTrustor=True, token=None):
|
||||
url = "/OS-TRUST/trusts"
|
||||
data = None
|
||||
|
||||
if user_id:
|
||||
if isTrustor:
|
||||
url += "?trustor_user_id=%s" % user_id
|
||||
data = {"trustor_user_id": user_id}
|
||||
else:
|
||||
url += "?trustee_user_id=%s" % user_id
|
||||
data = {"trustee_user_id": user_id}
|
||||
|
||||
try:
|
||||
response = self.getResource(url, "GET", token=token)
|
||||
response = self.getResource(url, "GET", token=token, data=data)
|
||||
except requests.exceptions.HTTPError as ex:
|
||||
response = ex.response.json()
|
||||
raise Exception("error on retrieving the trust list (id=%r): %s"
|
||||
|
|
@ -485,7 +484,9 @@ class KeystoneManager(Manager):
|
|||
if response:
|
||||
for data in response["trusts"]:
|
||||
trust = Trust(data)
|
||||
trust.keystone_url = self.auth_public_url
|
||||
trust.keystone_url = self.auth_url
|
||||
trust.ssl_ca_file = self.ssl_ca_file
|
||||
trust.ssl_cert_file = self.ssl_cert_file
|
||||
|
||||
trusts.append(trust)
|
||||
|
||||
|
|
@ -686,12 +687,11 @@ class KeystoneManager(Manager):
|
|||
if token:
|
||||
if token.isExpired():
|
||||
raise Exception("token expired!")
|
||||
|
||||
url = self.auth_public_url
|
||||
else:
|
||||
self.authenticate()
|
||||
token = self.getToken()
|
||||
url = self.auth_url
|
||||
|
||||
url = self.auth_url
|
||||
|
||||
if version:
|
||||
url = url[:url.rfind("/") + 1] + version
|
||||
|
|
|
|||
Loading…
Reference in New Issue