Two way SSL connection with the identity service.
Allow the user to establish a two way SSL connection by adding the cert and key parameters in the client of keystone manager Change-Id: I4418a45a58139d63d23f1939be61e90d7cd6a062
This commit is contained in:
zarrouk
parent
1c858ea907
commit
63fb35354e
13
README.rst
13
README.rst
|
|
@ -35,6 +35,7 @@ Usage
|
|||
usage: flame [-h] [--username USERNAME] [--password PASSWORD]
|
||||
[--project PROJECT] [--region REGION] [--auth_url AUTH_URL]
|
||||
[--os-auth-token OS_AUTH_TOKEN] [--insecure]
|
||||
[--os-cert <certification>] [--os-key <key>]
|
||||
[--endpoint_type ENDPOINT_TYPE] [--exclude-servers]
|
||||
[--exclude-volumes] [--exclude-keypairs] [--generate-stack-data]
|
||||
[--extract-ports]
|
||||
|
|
@ -51,6 +52,12 @@ Usage
|
|||
--auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL].
|
||||
--os-auth-token OS_AUTH_TOKEN
|
||||
User's auth token. Defaults to env[OS_AUTH_TOKEN].
|
||||
--os-cert <certificate>
|
||||
Path to user's certificate needed to establish
|
||||
two-way SSL connection with the identity service.
|
||||
Defaults to env[OS_CERT].
|
||||
--os-key <key> Path to the user's certificate private key.
|
||||
Defaults to env[OS_KEY].
|
||||
--insecure Explicitly allow clients to perform"insecure" SSL
|
||||
(https) requests. The server's certificate will not be
|
||||
verified against any certificate authorities. This
|
||||
|
|
@ -76,6 +83,12 @@ To use Flame you can provide yours OpenStack credentials as arguments :
|
|||
|
||||
Or you can source your OpenStack RC file and use Flame without arguments.
|
||||
|
||||
To establish a two-way SSL connection with the identity service :
|
||||
|
||||
$flame --username arezmerita --os-auth-token keystonetoken \
|
||||
--project project-arezmerita --auth_url http://<Keystone_host>:5000/v2.0
|
||||
--os-cert <path/to/certificate> --os-key <path/to/key>
|
||||
|
||||
Flame can be used with either a login and password pair or a keystone
|
||||
token by exporting the OS_AUTH_TOKEN variable (the token is obtained
|
||||
with keystone token-get).
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ To use the CLI of flame::
|
|||
usage: flame [-h] [--username USERNAME] [--password PASSWORD]
|
||||
[--project PROJECT] [--region REGION] [--auth_url AUTH_URL]
|
||||
[--os-auth-token OS_AUTH_TOKEN] [--insecure]
|
||||
[--os-cert <certification>] [--os-key <key>]
|
||||
[--endpoint_type ENDPOINT_TYPE] [--exclude-servers]
|
||||
[--exclude-volumes] [--exclude-keypairs] [--generate-stack-data]
|
||||
[--extract-ports]
|
||||
|
|
@ -27,6 +28,12 @@ To use the CLI of flame::
|
|||
--auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL].
|
||||
--os-auth-token OS_AUTH_TOKEN
|
||||
User's auth token. Defaults to env[OS_AUTH_TOKEN].
|
||||
--os-cert <certificate>
|
||||
Path to user's certificate needed to establish
|
||||
two-way SSL connection with the identity service.
|
||||
Defaults to env[OS_CERT].
|
||||
--os-key <key> Path to the user's certificate private key.
|
||||
Defaults to env[OS_KEY].
|
||||
--insecure Explicitly allow clients to perform"insecure" SSL
|
||||
(https) requests. The server's certificate will not be
|
||||
verified against any certificate authorities. This
|
||||
|
|
@ -55,6 +62,12 @@ Or a token and a tenant::
|
|||
$ flame --username arezmerita --os-auth-token keystonetoken \
|
||||
--project project-arezmerita --auth_url https://example.com/v2.0/
|
||||
|
||||
To establish a two-way SSL connection with the identity service ::
|
||||
|
||||
$flame --username arezmerita --os-auth-token keystonetoken \
|
||||
--project project-arezmerita --auth_url https://example.com/v2.0/
|
||||
--os-cert <path/to/certificate> --os-key <path/to/key>
|
||||
|
||||
Or you can source your OpenStack RC file and use Flame without arguments::
|
||||
|
||||
$ source credential.rc
|
||||
|
|
|
|||
|
|
@ -67,6 +67,14 @@ def main(args=None):
|
|||
default=os.environ.get("OS_ENDPOINT_TYPE",
|
||||
"publicURL"),
|
||||
help="Defaults to env[OS_ENDPOINT_TYPE] or publicURL")
|
||||
parser.add_argument("--os-cert", type=str, metavar='<certificate>',
|
||||
default=os.environ.get("OS_CERT"),
|
||||
help="User's certificate. "
|
||||
"Defaults to env[OS_CERT].")
|
||||
parser.add_argument("--os-key", type=str, metavar='<key>',
|
||||
default=os.environ.get("OS_KEY"),
|
||||
help="User's key. "
|
||||
"Defaults to env[OS_KEY].")
|
||||
parser.add_argument('--exclude-servers', action='store_true',
|
||||
default=False,
|
||||
help="Do not export in template server resources")
|
||||
|
|
@ -88,6 +96,7 @@ def main(args=None):
|
|||
flame = client.Client(args.username, args.password,
|
||||
args.project, args.auth_url,
|
||||
args.os_auth_token,
|
||||
cert=args.os_cert, key=args.os_key,
|
||||
region_name=args.region,
|
||||
endpoint_type=args.endpoint_type,
|
||||
insecure=args.insecure)
|
||||
|
|
|
|||
|
|
@ -107,13 +107,14 @@ class Resource(object):
|
|||
class TemplateGenerator(object):
|
||||
|
||||
def __init__(self, username, password, tenant_name, auth_url,
|
||||
auth_token=None, insecure=False, endpoint_type='publicURL',
|
||||
region_name=None):
|
||||
auth_token=None, cert=None, key=None, insecure=False,
|
||||
endpoint_type='publicURL', region_name=None):
|
||||
self.thread_pool = concurrent.futures.ThreadPoolExecutor(10)
|
||||
self.generate_data = False
|
||||
self._setup_templates()
|
||||
self._setup_managers(username, password, tenant_name, auth_url,
|
||||
insecure, endpoint_type, region_name, auth_token)
|
||||
self._setup_managers(username, password, tenant_name, auth_url, cert,
|
||||
key, insecure, endpoint_type, region_name,
|
||||
auth_token)
|
||||
|
||||
def _setup_templates(self):
|
||||
self.template = yaml.load(template_skeleton)
|
||||
|
|
@ -124,12 +125,12 @@ class TemplateGenerator(object):
|
|||
self.stack_data['resources'] = {}
|
||||
|
||||
def _setup_managers(self, username, password, tenant_name, auth_url,
|
||||
insecure, endpoint_type, region_name=None,
|
||||
auth_token=None):
|
||||
insecure, endpoint_type, cert=None, key=None,
|
||||
region_name=None, auth_token=None):
|
||||
self.keystone = managers.KeystoneManager(
|
||||
username, password,
|
||||
tenant_name,
|
||||
auth_url, insecure,
|
||||
auth_url, cert, key, insecure,
|
||||
endpoint_type,
|
||||
region_name=region_name,
|
||||
auth_token=auth_token
|
||||
|
|
|
|||
|
|
@ -33,11 +33,14 @@ class KeystoneManager(object):
|
|||
_client = None
|
||||
|
||||
def __init__(self, username, password, project, auth_url, insecure,
|
||||
endpoint_type='publicURL', region_name=None, auth_token=None):
|
||||
endpoint_type='publicURL', cert=None, key=None,
|
||||
region_name=None, auth_token=None):
|
||||
self.username = username
|
||||
self.password = password
|
||||
self.project = project
|
||||
self.auth_url = auth_url
|
||||
self.cert = cert
|
||||
self.key = key
|
||||
self.insecure = insecure
|
||||
self.region_name = region_name
|
||||
self.endpoint_type = endpoint_type
|
||||
|
|
@ -54,6 +57,8 @@ class KeystoneManager(object):
|
|||
password=self.password,
|
||||
tenant_name=self.project,
|
||||
auth_url=self.auth_url,
|
||||
cert=self.cert,
|
||||
key=self.key,
|
||||
region_name=self.region_name,
|
||||
insecure=self.insecure,
|
||||
endpoint_type=self.endpoint_type,
|
||||
|
|
|
|||
Loading…
Reference in New Issue