Allow user upload CA bundle file for Glance with VMware backend

Add field that allows user to upload CA certificate that emitted vCenters TLS/SSL certificate. It allow Glance with VMware backend verify connection to vCenter server (verification is turned on by default). If user did not uploaded certificate then, glance will be configured to skip verification step during connection to vCenter. Partial-bug: #1559067 DocImpact: Document how to use 'CA file' field on VMware tab. Change-Id: I810bc000e54b941018a1190acb26d33150b74ce0
2016-04-04 10:08:25 +03:00 · 2016-04-04 10:08:25 +03:00 · 59c8b8c790
parent 4e7f0588e1
commit 59c8b8c790
4 changed files with 17 additions and 2 deletions
--- a/nailgun/nailgun/fixtures/openstack.yaml
+++ b/nailgun/nailgun/fixtures/openstack.yaml
@ -1626,6 +1626,11 @@
                regex:
                  source: *non_empty_string
                  error: "Invalid datastore"
+              -
+                name: "ca_file"
+                type: "file"
+                label: "CA file"
+                description: "File containing the trusted CA bundle that emitted vCenter server certificate. If empty vCenters certificate is not verified."
        value:
          availability_zones:
            -
@ -1651,6 +1656,7 @@
            vcenter_password: ""
            datacenter: ""
            datastore: ""
+            ca_file: ""
    components_metadata:
      - name: hypervisor:qemu
        default: true
--- a/nailgun/nailgun/fixtures/vmware_attributes.json
+++ b/nailgun/nailgun/fixtures/vmware_attributes.json
@ -129,6 +129,12 @@
                            "source": "\\S",
                            "error": "Empty datastore"
                        }
+                    },
+                    {
+                        "type": "file",
+                        "description": "File containing the trusted CA bundle that emitted vCenter server certificate. If empty vCenters certificate is not verified.",
+                        "name": "ca_file",
+                        "label": "CA file"
                    }
                ],
                "type": "object",
@ -195,7 +201,8 @@
                "vcenter_username": "admin",
                "vcenter_password": "secret",
                "datacenter": "test_datacenter",
-                "datastore": "test_datastore"
+                "datastore": "test_datastore",
+                "ca_file": "file_blob"
            },
            "network": {
                "esxi_vlan_interface": "eth0"
--- a/nailgun/nailgun/orchestrator/base_serializers.py
+++ b/nailgun/nailgun/orchestrator/base_serializers.py
@ -239,7 +239,8 @@ class VmwareDeploymentSerializerMixin(object):
                    'vc_user': glance_username,
                    'vc_password': glance_password,
                    'vc_datacenter': glance_instance.get('datacenter', ''),
-                    'vc_datastore': glance_instance.get('datastore', '')
+                    'vc_datastore': glance_instance.get('datastore', ''),
+                    'vc_ca_file': glance_instance.get('ca_file', '')
                }

        return vmware_data
--- a/nailgun/nailgun/test/integration/test_orchestrator_serializer.py
+++ b/nailgun/nailgun/test/integration/test_orchestrator_serializer.py
@ -2578,6 +2578,7 @@ class BaseDeploymentSerializer(BaseSerializerTest):
        self.assertEqual(result['glance']['vc_password'], "secret")
        self.assertEqual(result['glance']['vc_datacenter'], "test_datacenter")
        self.assertEqual(result['glance']['vc_datastore'], "test_datastore")
+        self.assertEqual(result['glance']['vc_ca_file'], "file_blob")

    def check_no_murano_data(self):
        glance_properties = self.serializer.generate_test_vm_image_data(