diff --git a/nailgun/nailgun/fixtures/openstack.yaml b/nailgun/nailgun/fixtures/openstack.yaml index 42bc226747..1be0b4905f 100644 --- a/nailgun/nailgun/fixtures/openstack.yaml +++ b/nailgun/nailgun/fixtures/openstack.yaml @@ -1658,7 +1658,7 @@ source: *non_empty_string error: "Empty vCenter password" - - name: "vcenter_insecure" + name: "vcenter_unsecure" type: "checkbox" label: "Bypass vCenter certificate verification" - @@ -1666,6 +1666,9 @@ type: "file" label: "CA file" description: "File containing the trusted CA bundle that emitted vCenter server certificate. Even if CA bundle is not uploaded, certificate verification is turned on." + restrictions: + - condition: "current_vcenter:vcenter_unsecure == true" + message: "Bypass vCenter certificate verification should be disabled." - name: "nova_computes" type: "array" @@ -1748,7 +1751,7 @@ source: *non_empty_string error: "Invalid datastore" - - name: "vcenter_insecure" + name: "vcenter_unsecure" type: "checkbox" label: "Bypass vCenter certificate verification" - @@ -1756,6 +1759,9 @@ type: "file" label: "CA file" description: "File containing the trusted CA bundle that emitted vCenter server certificate. Even if CA bundle is not uploaded, certificate verification is turned on." + restrictions: + - condition: "glance:vcenter_unsecure == true" + message: "Bypass vCenter certificate verification should be disabled." value: availability_zones: - @@ -1763,7 +1769,7 @@ vcenter_host: "" vcenter_username: "" vcenter_password: "" - vcenter_insecure: true + vcenter_unsecure: true vc_ca_file: {} nova_computes: - @@ -1783,7 +1789,7 @@ vcenter_password: "" datacenter: "" datastore: "" - vcenter_insecure: true + vcenter_unsecure: true ca_file: {} components_metadata: - name: hypervisor:qemu diff --git a/nailgun/nailgun/fixtures/vmware_attributes.json b/nailgun/nailgun/fixtures/vmware_attributes.json index b5fe7c66a0..2bfe39c9cf 100644 --- a/nailgun/nailgun/fixtures/vmware_attributes.json +++ b/nailgun/nailgun/fixtures/vmware_attributes.json @@ -30,14 +30,20 @@ }, { "type": "checkbox", - "name": "vcenter_insecure", + "name": "vcenter_unsecure", "label": "Bypass vCenter certificate verification" }, { "type": "file", "description": "File containing the trusted CA bundle that emitted vCenter server certificate. Even if CA bundle is not uploaded, certificate verification is turned on.", "name": "vc_ca_file", - "label": "CA file" + "label": "CA file", + "restrictions": [ + { + "condition": "current_vcenter:vcenter_unsecure == true", + "message": "Bypass vCenter certificate verification should be disabled." + } + ] }, { "fields": [ @@ -143,14 +149,20 @@ }, { "type": "checkbox", - "name": "vcenter_insecure", + "name": "vcenter_unsecure", "label": "Bypass vCenter certificate verification" }, { "type": "file", "description": "File containing the trusted CA bundle that emitted vCenter server certificate. Even if CA bundle is not uploaded, certificate verification is turned on.", "name": "ca_file", - "label": "CA file" + "label": "CA file", + "restrictions": [ + { + "condition": "glance:vcenter_unsecure == true", + "message": "Bypass vCenter certificate verification should be disabled." + } + ] } ], "type": "object", @@ -170,7 +182,7 @@ "vcenter_host": "1.2.3.4", "vcenter_username": "admin", "vcenter_password": "secret", - "vcenter_insecure": "true", + "vcenter_unsecure": "true", "vcenter_ca_file": "file_blob", "nova_computes": [ { @@ -200,7 +212,7 @@ "vcenter_host": "1.2.3.6", "vcenter_username": "user$", "vcenter_password": "pass$word", - "vcenter_insecure": "true", + "vcenter_unsecure": "true", "vcenter_ca_file": "file_blob", "nova_computes": [ { @@ -222,7 +234,7 @@ "vcenter_password": "secret", "datacenter": "test_datacenter", "datastore": "test_datastore", - "vcenter_insecure": "true", + "vcenter_unsecure": "true", "ca_file": "file_blob" }, "network": { diff --git a/nailgun/nailgun/orchestrator/base_serializers.py b/nailgun/nailgun/orchestrator/base_serializers.py index ccd6f4d123..156b3fe87f 100644 --- a/nailgun/nailgun/orchestrator/base_serializers.py +++ b/nailgun/nailgun/orchestrator/base_serializers.py @@ -182,7 +182,7 @@ class VmwareDeploymentSerializerMixin(object): 'vc_host': zone.get('vcenter_host', ''), 'vc_user': vc_user, 'vc_password': vc_password, - 'vc_insecure': zone.get('vcenter_insecure', ''), + 'vc_insecure': zone.get('vcenter_unsecure', ''), 'vc_ca_file': zone.get('vcenter_ca_file', ''), 'service_name': compute.get('service_name', ''), 'vc_cluster': compute.get('vsphere_cluster', ''), @@ -198,7 +198,7 @@ class VmwareDeploymentSerializerMixin(object): 'vc_host': zone.get('vcenter_host', ''), 'vc_user': vc_user, 'vc_password': vc_password, - 'vc_insecure': zone.get('vcenter_insecure', ''), + 'vc_insecure': zone.get('vcenter_unsecure', ''), 'vc_ca_file': zone.get('vcenter_ca_file', '') } cinder_instances.append(cinder_item) @@ -231,7 +231,7 @@ class VmwareDeploymentSerializerMixin(object): 'vc_password': glance_password, 'vc_datacenter': glance_instance.get('datacenter', ''), 'vc_datastore': glance_instance.get('datastore', ''), - 'vc_insecure': glance_instance.get('vcenter_insecure', ''), + 'vc_insecure': glance_instance.get('vcenter_unsecure', ''), 'vc_ca_file': glance_instance.get('ca_file', '') } diff --git a/nailgun/nailgun/task/task.py b/nailgun/nailgun/task/task.py index 99d8d51ece..71348713d7 100644 --- a/nailgun/nailgun/task/task.py +++ b/nailgun/nailgun/task/task.py @@ -1691,6 +1691,9 @@ class CheckBeforeDeploymentTask(object): 'settings': attributes, 'default': vmware_attributes.editable, 'cluster': task.cluster, + 'current_vcenter': vmware_attributes.editable['value'].get( + 'availability_zones')[0], + 'glance': vmware_attributes.editable['value'].get('glance'), 'version': settings.VERSION, 'networking_parameters': task.cluster.network_config } diff --git a/nailgun/nailgun/test/unit/test_restriction.py b/nailgun/nailgun/test/unit/test_restriction.py index d48a66e7be..286cc53c83 100644 --- a/nailgun/nailgun/test/unit/test_restriction.py +++ b/nailgun/nailgun/test/unit/test_restriction.py @@ -322,6 +322,18 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): ) self.vm_data = self.env.read_fixtures(['vmware_attributes'])[0] + def _get_models(self, attributes, vmware_attributes): + return { + 'settings': attributes, + 'default': vmware_attributes['editable'], + 'current_vcenter': vmware_attributes['editable']['value'].get( + 'availability_zones')[0], + 'glance': vmware_attributes['editable']['value'].get('glance'), + 'cluster': self.cluster, + 'version': settings.VERSION, + 'networking_parameters': self.cluster.network_config + } + def test_check_data_with_empty_values_without_restrictions(self): attributes = objects.Cluster.get_editable_attributes(self.cluster) attributes['common']['use_vcenter']['value'] = True @@ -334,6 +346,8 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): "vcenter_host": "", "vcenter_username": "", "vcenter_password": "", + "vcenter_unsecure": "", + "vc_ca_file": {}, "nova_computes": [ { "vsphere_cluster": "", @@ -351,18 +365,14 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): "vcenter_username": "", "vcenter_password": "", "datacenter": "", - "datastore": "" + "datastore": "", + "vcenter_unsecure": "", + "ca_file": {} } } # Update value with empty value vmware_attributes['editable']['value'] = empty_values - models = { - 'settings': attributes, - 'default': vmware_attributes['editable'], - 'cluster': self.cluster, - 'version': settings.VERSION, - 'networking_parameters': self.cluster.network_config - } + models = self._get_models(attributes, vmware_attributes) errs = VmwareAttributesRestriction.check_data( models=models, @@ -381,13 +391,7 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): # value data taken from fixture one cluster of # nova computes left empty vmware_attributes = self.vm_data.copy() - models = { - 'settings': attributes, - 'default': vmware_attributes['editable'], - 'cluster': self.cluster, - 'version': settings.VERSION, - 'networking_parameters': self.cluster.network_config - } + models = self._get_models(attributes, vmware_attributes) errs = VmwareAttributesRestriction.check_data( models=models, @@ -400,13 +404,7 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): # fixture have restrictions enabled for glance that's why # only 'Empty cluster' should returned vmware_attributes = self.vm_data.copy() - models = { - 'settings': attributes, - 'default': vmware_attributes['editable'], - 'cluster': self.cluster, - 'version': settings.VERSION, - 'networking_parameters': self.cluster.network_config - } + models = self._get_models(attributes, vmware_attributes) errs = VmwareAttributesRestriction.check_data( models=models, @@ -423,13 +421,7 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): for j, ncompute in enumerate(azone['nova_computes']): ncompute['vsphere_cluster'] = 'cluster-{0}-{1}'.format(i, j) - models = { - 'settings': attributes, - 'default': vmware_attributes['editable'], - 'cluster': self.cluster, - 'version': settings.VERSION, - 'networking_parameters': self.cluster.network_config - } + models = self._get_models(attributes, vmware_attributes) errs = VmwareAttributesRestriction.check_data( models=models, @@ -452,13 +444,7 @@ class TestVmwareAttributesRestriction(base.BaseTestCase): glance = vmware_attributes['editable']['value']['glance'] glance['datacenter'] = 'test_datacenter' glance['datastore'] = 'test_datastore' - models = { - 'settings': attributes, - 'default': vmware_attributes['editable'], - 'cluster': self.cluster, - 'version': settings.VERSION, - 'networking_parameters': self.cluster.network_config - } + models = self._get_models(attributes, vmware_attributes) errs = VmwareAttributesRestriction.check_data( models=models,