openstack
/
blazar-dashboard
Code Issues Proposed changes

Support SSL verification in creating Blazar client 

Adds support for SSL verification when ``OPENSTACK_SSL_CACERT`` is set.
Explicitly skips verification if ``OPENSTACK_SSL_NO_VERIFY`` is set.

This also switches to Session-based instantiation for the Blazar client,
away from the deprecated url+token method.

Closes-Bug: #2045281

Change-Id: I94aad7590b1e42ddfa1a20fdb184ca4d73587cd6
(cherry picked from commit 86f5b9012e)
This commit is contained in:
Matt Crees 2024-02-09 10:33:15 +00:00 committed by Pierre Riteau
parent 2ef39974e4
commit 5a04368c1e
2 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
blazar_dashboard/api/client.py
View File

@ -17,8 +17,11 @@ import logging
from pytz import UTC from pytz import UTC
from blazar_dashboard import conf from blazar_dashboard import conf
from django.conf import settings
from horizon import exceptions from horizon import exceptions
from horizon.utils.memoized import memoized from horizon.utils.memoized import memoized
from keystoneauth1.identity import v3
from keystoneauth1 import session
from openstack_dashboard.api import base from openstack_dashboard.api import base
from blazarclient import client as blazar_client from blazarclient import client as blazar_client
@ -69,16 +72,26 @@ class Allocation(base.APIDictWrapper):
@memoized @memoized
def blazarclient(request): def blazarclient(request):
try: try:
api_url = base.url_for(request, 'reservation') _ = base.url_for(request, 'reservation')
except exceptions.ServiceCatalogException: except exceptions.ServiceCatalogException:
LOG.debug('No Reservation service is configured.') LOG.debug('No Reservation service is configured.')
return None return None
LOG.debug('blazarclient connection created using the token "%s" and url' auth_url = settings.OPENSTACK_KEYSTONE_URL
'"%s"' % (request.user.token.id, api_url)) project_id = request.user.project_id
return blazar_client.Client( domain_id = request.session.get('domain_context')
blazar_url=api_url, auth = v3.Token(auth_url,
auth_token=request.user.token.id) request.user.token.id,
project_id=project_id,
project_domain_id=domain_id)
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
# If 'insecure' is True, 'verify' is False in all cases; otherwise
# pass the cacert path if it is present, or True if no cacert.
verify = not insecure and (cacert or True)
sess = session.Session(auth=auth, verify=verify)
return blazar_client.Client(session=sess)
def lease_list(request): def lease_list(request):

10
releasenotes/notes/support-ssl-verification-when-creating-the-blazar-client-603ee30a4356ab52.yaml Normal file
View File

@ -0,0 +1,10 @@
---
features:
- |
Adds support for specifying a CA certificate to use to verify SSL
connections with ``OPENSTACK_SSL_CACERT`` and for disabling SSL certificate
checks with ``OPENSTACK_SSL_NO_VERIFY``.
fixes:
- |
Fixes the dashboard not working when ``OPENSTACK_SSL_CACERT`` is set.
`LP#2045281 <https://launchpad.net/bugs/2045281>`__