From 24ac1f137c7bf03b4e6310d65344374695498d89 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 11 Mar 2019 09:53:06 +0200 Subject: [PATCH] Use OS_CACERT for zaqar's websocket connection The CA certificatge was hardcoded. This was not the right thing to do, since we do have the ability to provide our own cert for TripleO. python-openstackclient already has a way for us to know what certificate was used. This is provided via the OS_CACERT environment variable (or the --os-cacert command line argument). So we use this instead. Change-Id: Ib7b3860378fce2cda7f80c1ad8b8dd14a4b22581 Closes-Bug: #1817634 --- tripleoclient/constants.py | 3 --- tripleoclient/plugin.py | 11 +++++------ tripleoclient/tests/test_plugin.py | 4 ++++ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tripleoclient/constants.py b/tripleoclient/constants.py index fdc9af41a..b3c043cb3 100644 --- a/tripleoclient/constants.py +++ b/tripleoclient/constants.py @@ -86,9 +86,6 @@ VALIDATION_GROUPS = ['openshift-on-openstack', 'post-upgrade'] -# The path to the local CA certificate installed on the undercloud -LOCAL_CACERT_PATH = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem' - # ctlplane network defaults CTLPLANE_CIDR_DEFAULT = '192.168.24.0/24' CTLPLANE_DHCP_START_DEFAULT = ['192.168.24.5'] diff --git a/tripleoclient/plugin.py b/tripleoclient/plugin.py index 87a922454..5f92c6976 100644 --- a/tripleoclient/plugin.py +++ b/tripleoclient/plugin.py @@ -26,8 +26,6 @@ import websocket from tripleoclient import exceptions -from tripleoclient import constants - LOG = logging.getLogger(__name__) DEFAULT_TRIPLEOCLIENT_API_VERSION = '1' @@ -69,7 +67,7 @@ def build_option_parser(parser): class WebsocketClient(object): - def __init__(self, instance, queue_name="tripleo"): + def __init__(self, instance, queue_name="tripleo", cacert=None): self._project_id = None self._ws = None self._websocket_client_id = None @@ -85,8 +83,8 @@ class WebsocketClient(object): LOG.debug('Instantiating messaging websocket client: %s', endpoint) try: - if 'wss:' in endpoint: - OS_CACERT = {"ca_certs": constants.LOCAL_CACERT_PATH} + if 'wss:' in endpoint and cacert: + OS_CACERT = {"ca_certs": cacert} self._ws = websocket.create_connection(endpoint, sslopt=OS_CACERT) else: @@ -209,7 +207,8 @@ class ClientWrapper(object): def messaging_websocket(self, queue_name='tripleo'): """Returns a websocket for the messaging service""" - return WebsocketClient(self._instance, queue_name) + return WebsocketClient(self._instance, queue_name, + cacert=self._instance.cacert) @property def object_store(self): diff --git a/tripleoclient/tests/test_plugin.py b/tripleoclient/tests/test_plugin.py index c23d2bf8e..dad535e7f 100644 --- a/tripleoclient/tests/test_plugin.py +++ b/tripleoclient/tests/test_plugin.py @@ -30,6 +30,7 @@ class TestPlugin(base.TestCase): clientmgr.auth.get_token.return_value = "TOKEN" clientmgr.auth_ref.project_id = "ID" + clientmgr.cacert = None ws_create_connection.return_value.recv.return_value = json.dumps({ "headers": { "status": 200 @@ -74,6 +75,7 @@ class TestPlugin(base.TestCase): clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL clientmgr.auth.get_token.return_value = "TOKEN" clientmgr.auth_ref.project_id = "ID" + clientmgr.cacert = None client = plugin.make_client(clientmgr) @@ -98,6 +100,7 @@ class TestPlugin(base.TestCase): clientmgr.get_endpoint_for_service_type.return_value = fakes.WS_URL clientmgr.auth.get_token.return_value = "TOKEN" clientmgr.auth_ref.project_id = "ID" + clientmgr.cacert = None client = plugin.make_client(clientmgr) @@ -114,6 +117,7 @@ class TestPlugin(base.TestCase): clientmgr.auth.get_token.return_value = "TOKEN" clientmgr.auth_ref.project_id = "ID" + clientmgr.cacert = '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem' ws_create_connection.return_value.recv.return_value = json.dumps({ "headers": { "status": 200