Check certificates for vim
This patch tries to fix the bug: https://bugs.launchpad.net/tacker/+bug/1719841 This is already fixed in master: https://review.openstack.org/#/c/529374/15 Change-Id: I0401e8e385a690695061e558c15856c8a2fe0db9 Signed-off-by: Manuel Buil <mbuil@suse.com>
This commit is contained in:
parent
af41adc48c
commit
90f5374f73
|
@ -4,3 +4,4 @@ password: 'mySecretPW'
|
|||
project_name: 'nfv'
|
||||
project_domain_name: 'Default'
|
||||
user_domain_name: 'Default'
|
||||
cert_verify: 'False'
|
||||
|
|
|
@ -116,8 +116,10 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
|||
|
||||
Initialize keystoneclient with provided authentication attributes.
|
||||
"""
|
||||
verify = ('True' == vim_obj['auth_cred'].get('cert_verify', 'True')
|
||||
or False)
|
||||
auth_url = vim_obj['auth_url']
|
||||
keystone_version = self._validate_auth_url(auth_url)
|
||||
keystone_version = self._validate_auth_url(auth_url, verify=verify)
|
||||
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
|
||||
return self._initialize_keystone(keystone_version, auth_cred)
|
||||
|
||||
|
@ -150,9 +152,9 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
|||
|
||||
return auth_plugin
|
||||
|
||||
def _validate_auth_url(self, auth_url):
|
||||
def _validate_auth_url(self, auth_url, verify):
|
||||
try:
|
||||
keystone_version = self.keystone.get_version(auth_url)
|
||||
keystone_version = self.keystone.get_version(auth_url, verify)
|
||||
except Exception as e:
|
||||
LOG.error('VIM Auth URL invalid')
|
||||
raise nfvo.VimConnectionException(message=str(e))
|
||||
|
@ -331,8 +333,9 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
|||
:param client_type: openstack client to initialize
|
||||
:return: initialized client
|
||||
"""
|
||||
verify = 'True' == vim_obj.get('cert_verify', 'True') or False
|
||||
auth_url = vim_obj['auth_url']
|
||||
keystone_version = self._validate_auth_url(auth_url)
|
||||
keystone_version = self._validate_auth_url(auth_url, verify=verify)
|
||||
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
|
||||
auth_plugin = self._get_auth_plugin(keystone_version, **auth_cred)
|
||||
sess = session.Session(auth=auth_plugin)
|
||||
|
@ -542,8 +545,10 @@ class NeutronClient(object):
|
|||
"""Neutron Client class for networking-sfc driver"""
|
||||
|
||||
def __init__(self, auth_attr):
|
||||
auth = identity.Password(**auth_attr)
|
||||
sess = session.Session(auth=auth)
|
||||
auth_cred = auth_attr.copy()
|
||||
verify = 'True' == auth_cred.pop('cert_verify', 'True') or False
|
||||
auth = identity.Password(**auth_cred)
|
||||
sess = session.Session(auth=auth, verify=verify)
|
||||
self.client = neutron_client.Client(session=sess)
|
||||
|
||||
def flow_classifier_create(self, fc_dict):
|
||||
|
|
|
@ -147,12 +147,12 @@ def get_dummy_vnf_update_config():
|
|||
|
||||
|
||||
def get_vim_obj():
|
||||
return {'vim': {'type': 'openstack', 'auth_url':
|
||||
'http://localhost:5000', 'vim_project': {'name':
|
||||
'test_project'}, 'auth_cred': {'username': 'test_user',
|
||||
'password':
|
||||
'test_password'},
|
||||
'name': 'VIM0',
|
||||
return {'vim': {'type': 'openstack', 'auth_url': 'http://localhost:5000',
|
||||
'vim_project': {'name': 'test_project'},
|
||||
'auth_cred': {'username': 'test_user',
|
||||
'password': 'test_password',
|
||||
'cert_verify': 'True'},
|
||||
'name': 'VIM0',
|
||||
'tenant_id': 'test-project'}}
|
||||
|
||||
|
||||
|
@ -161,6 +161,7 @@ def get_vim_auth_obj():
|
|||
'password': 'test_password',
|
||||
'project_id': None,
|
||||
'project_name': 'test_project',
|
||||
'cert_verify': 'True',
|
||||
'auth_url': 'http://localhost:5000/v3',
|
||||
'user_domain_name': 'default',
|
||||
'project_domain_name': 'default'}
|
||||
|
|
|
@ -90,6 +90,7 @@ class TestOpenstack_Driver(base.TestCase):
|
|||
'auth_cred': {'username': 'test_user',
|
||||
'password': 'test_password',
|
||||
'user_domain_name': 'default',
|
||||
'cert_verify': 'True',
|
||||
'auth_url': 'http://localhost:5000'},
|
||||
'name': 'VIM0',
|
||||
'vim_project': {'name': 'test_project',
|
||||
|
@ -103,6 +104,7 @@ class TestOpenstack_Driver(base.TestCase):
|
|||
'user_domain_name': 'default',
|
||||
'key_type': 'barbican_key',
|
||||
'secret_uuid': 'fake-secret-uuid',
|
||||
'cert_verify': 'True',
|
||||
'auth_url': 'http://localhost:5000'},
|
||||
'name': 'VIM0',
|
||||
'vim_project': {'name': 'test_project',
|
||||
|
@ -131,8 +133,9 @@ class TestOpenstack_Driver(base.TestCase):
|
|||
mock_ks_client = mock.Mock(version='v2.0', **attrs)
|
||||
self.keystone.get_version.return_value = keystone_version
|
||||
auth_obj = {'tenant_name': 'test_project', 'username': 'test_user',
|
||||
'password': 'test_password', 'auth_url':
|
||||
'http://localhost:5000/v2.0', 'tenant_id': None}
|
||||
'password': 'test_password', 'cert_verify': 'True',
|
||||
'auth_url': 'http://localhost:5000/v2.0',
|
||||
'tenant_id': None}
|
||||
self._test_register_vim(self.vim_obj, mock_ks_client)
|
||||
self.keystone.initialize_client.assert_called_once_with(
|
||||
version=keystone_version, **auth_obj)
|
||||
|
|
|
@ -36,21 +36,22 @@ class Keystone(object):
|
|||
instance such as version, session and client
|
||||
"""
|
||||
|
||||
def get_version(self, base_url=None):
|
||||
def get_version(self, base_url=None, verify=True):
|
||||
try:
|
||||
keystone_client = client.Client(auth_url=base_url)
|
||||
keystone_client = client.Client(auth_url=base_url, verify=verify)
|
||||
except exceptions.ConnectionError:
|
||||
raise
|
||||
return keystone_client.version
|
||||
|
||||
def get_session(self, auth_plugin):
|
||||
ses = session.Session(auth=auth_plugin)
|
||||
def get_session(self, auth_plugin, verify):
|
||||
ses = session.Session(auth=auth_plugin, verify=verify)
|
||||
return ses
|
||||
|
||||
def get_endpoint(self, ses, service_type, region_name=None):
|
||||
return ses.get_endpoint(service_type, region_name)
|
||||
|
||||
def initialize_client(self, version, **kwargs):
|
||||
verify = 'True' == kwargs.pop('cert_verify', 'True') or False
|
||||
if version == 'v2.0':
|
||||
from keystoneclient.v2_0 import client
|
||||
if 'token' in kwargs:
|
||||
|
@ -63,7 +64,7 @@ class Keystone(object):
|
|||
auth_plugin = identity.v3.Token(**kwargs)
|
||||
else:
|
||||
auth_plugin = identity.v3.Password(**kwargs)
|
||||
ses = self.get_session(auth_plugin=auth_plugin)
|
||||
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
||||
cli = client.Client(session=ses)
|
||||
return cli
|
||||
|
||||
|
|
Loading…
Reference in New Issue