Merge "Enable certificate verification during image copy"
This commit is contained in:
commit
4401b32f26
|
@ -2389,6 +2389,51 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase):
|
|||
generate_uuid,
|
||||
extend_disk)
|
||||
|
||||
def _test_copy_image(self, download_flat_image, session, vops,
|
||||
expected_cacerts=False):
|
||||
|
||||
dc_name = mock.sentinel.dc_name
|
||||
vops.get_entity_name.return_value = dc_name
|
||||
|
||||
context = mock.sentinel.context
|
||||
dc_ref = mock.sentinel.dc_ref
|
||||
image_service = mock.sentinel.image_service
|
||||
image_id = mock.sentinel.image_id
|
||||
image_size_in_bytes = 102400
|
||||
ds_name = mock.sentinel.ds_name
|
||||
upload_file_path = mock.sentinel.upload_file_path
|
||||
self._driver._copy_image(
|
||||
context, dc_ref, image_service, image_id, image_size_in_bytes,
|
||||
ds_name, upload_file_path)
|
||||
|
||||
vops.get_entity_name.assert_called_once_with(dc_ref)
|
||||
cookies = session.vim.client.options.transport.cookiejar
|
||||
download_flat_image.assert_called_once_with(
|
||||
context, self.IMG_TX_TIMEOUT, image_service, image_id,
|
||||
image_size=image_size_in_bytes, host=self.IP, port=self.PORT,
|
||||
data_center_name=dc_name, datastore_name=ds_name, cookies=cookies,
|
||||
file_path=upload_file_path, cacerts=expected_cacerts)
|
||||
|
||||
@mock.patch.object(VMDK_DRIVER, 'volumeops')
|
||||
@mock.patch.object(VMDK_DRIVER, 'session')
|
||||
@mock.patch('oslo_vmware.image_transfer.download_flat_image')
|
||||
def test_copy_image(self, download_flat_image, session, vops):
|
||||
# Default value of vmware_ca_file is not None; it should be passed
|
||||
# to download_flat_image as cacerts.
|
||||
self._test_copy_image(download_flat_image, session, vops,
|
||||
expected_cacerts=self._config.vmware_ca_file)
|
||||
|
||||
@mock.patch.object(VMDK_DRIVER, 'volumeops')
|
||||
@mock.patch.object(VMDK_DRIVER, 'session')
|
||||
@mock.patch('oslo_vmware.image_transfer.download_flat_image')
|
||||
def test_copy_image_insecure(self, download_flat_image, session, vops):
|
||||
# Set config options to allow insecure connections.
|
||||
self._config.vmware_ca_file = None
|
||||
self._config.vmware_insecure = True
|
||||
# Since vmware_ca_file is unset and vmware_insecure is True,
|
||||
# dowload_flat_image should be called with cacerts=False.
|
||||
self._test_copy_image(download_flat_image, session, vops)
|
||||
|
||||
@mock.patch.object(VMDK_DRIVER, '_copy_temp_virtual_disk')
|
||||
@mock.patch.object(VMDK_DRIVER, '_get_temp_image_folder')
|
||||
@mock.patch(
|
||||
|
|
|
@ -816,6 +816,8 @@ class VMwareEsxVmdkDriver(driver.VolumeDriver):
|
|||
|
||||
timeout = self.configuration.vmware_image_transfer_timeout_secs
|
||||
host_ip = self.configuration.vmware_host_ip
|
||||
ca_file = self.configuration.vmware_ca_file
|
||||
insecure = self.configuration.vmware_insecure
|
||||
cookies = self.session.vim.client.options.transport.cookiejar
|
||||
dc_name = self.volumeops.get_entity_name(dc_ref)
|
||||
|
||||
|
@ -823,6 +825,13 @@ class VMwareEsxVmdkDriver(driver.VolumeDriver):
|
|||
{'image_id': image_id,
|
||||
'path': upload_file_path})
|
||||
# TODO(vbala): add config option to override non-default port
|
||||
|
||||
# ca_file is used for verifying vCenter certificate if it is set.
|
||||
# If ca_file is unset and insecure is False, the default CA truststore
|
||||
# is used for verification. We should pass cacerts=True in this
|
||||
# case. If ca_file is unset and insecure is True, there is no
|
||||
# certificate verification, and we should pass cacerts=False.
|
||||
cacerts = ca_file if ca_file else not insecure
|
||||
image_transfer.download_flat_image(context,
|
||||
timeout,
|
||||
image_service,
|
||||
|
@ -833,7 +842,8 @@ class VMwareEsxVmdkDriver(driver.VolumeDriver):
|
|||
data_center_name=dc_name,
|
||||
datastore_name=ds_name,
|
||||
cookies=cookies,
|
||||
file_path=upload_file_path)
|
||||
file_path=upload_file_path,
|
||||
cacerts=cacerts)
|
||||
LOG.debug("Image: %(image_id)s copied to %(path)s.",
|
||||
{'image_id': image_id,
|
||||
'path': upload_file_path})
|
||||
|
|
Loading…
Reference in New Issue