diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-05-16 22:18:38 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-05-16 22:18:38 +0000 |
| commit | 1d5d58c96974a2e5742887aafb48675084fbfd48 (patch) | |
| tree | e2a3960aa2c8ce198f575ae740e27e8a58bcfdd2 | |
| parent | d6433ca852950d1e61b5f84c1647db041271aeff (diff) | |
| parent | 5bc5fd8855f39638522304102e1f839484b9bf81 (diff) | |
Merge "Add ca cert file support to cinder client requests"
| -rw-r--r-- | etc/nova/nova.conf.sample | 4 | ||||
| -rw-r--r-- | nova/tests/test_cinder.py | 16 | ||||
| -rw-r--r-- | nova/volume/cinder.py | 13 |
3 files changed, 26 insertions, 7 deletions
diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample index 1897d9a65..2ba888a86 100644 --- a/etc/nova/nova.conf.sample +++ b/etc/nova/nova.conf.sample @@ -2513,6 +2513,10 @@ # region name of this node (string value) #os_region_name=<None> +# Allow for a ca certificates file to be specified for cinder +# client requests (string value) +#cinder_ca_certificates_file=<None> + # Number of cinderclient retries on failed http calls (integer # value) #cinder_http_retries=3 diff --git a/nova/tests/test_cinder.py b/nova/tests/test_cinder.py index 06eb467ab..e8dff9a4a 100644 --- a/nova/tests/test_cinder.py +++ b/nova/tests/test_cinder.py @@ -98,14 +98,16 @@ class FakeHTTPClient(cinder.cinder_client.client.HTTPClient): class FakeCinderClient(cinder.cinder_client.Client): def __init__(self, username, password, project_id=None, auth_url=None, - insecure=False, retries=None): + insecure=False, retries=None, cacert=None): super(FakeCinderClient, self).__init__(username, password, project_id=project_id, auth_url=auth_url, insecure=insecure, - retries=retries) + retries=retries, + cacert=cacert) self.client = FakeHTTPClient(username, password, project_id, auth_url, - insecure=insecure, retries=retries) + insecure=insecure, retries=retries, + cacert=cacert) # keep a ref to the clients callstack for factory's assert_called self.callstack = self.client.callstack = [] @@ -187,6 +189,14 @@ class CinderTestCase(test.TestCase): self.assertEquals( self.fake_client_factory.client.client.verify_cert, False) + def test_cinder_api_cacert_file(self): + cacert = "/etc/ssl/certs/ca-certificates.crt" + self.flags(cinder_ca_certificates_file=cacert) + volume = self.api.get(self.context, '1234') + self.assert_called('GET', '/volumes/1234') + self.assertEquals( + self.fake_client_factory.client.client.verify_cert, cacert) + def test_cinder_http_retries(self): retries = 42 self.flags(cinder_http_retries=retries) diff --git a/nova/volume/cinder.py b/nova/volume/cinder.py index f112f0597..5243cdb1f 100644 --- a/nova/volume/cinder.py +++ b/nova/volume/cinder.py @@ -45,6 +45,10 @@ cinder_opts = [ cfg.StrOpt('os_region_name', default=None, help='region name of this node'), + cfg.StrOpt('cinder_ca_certificates_file', + default=None, + help='Location of ca certicates file to use for cinder client ' + 'requests.'), cfg.IntOpt('cinder_http_retries', default=3, help='Number of cinderclient retries on failed http calls'), @@ -52,9 +56,9 @@ cinder_opts = [ default=False, help='Allow to perform insecure SSL requests to cinder'), cfg.BoolOpt('cinder_cross_az_attach', - default=True, - help='Allow attach between instance and volume in different ' - 'availability zones.'), + default=True, + help='Allow attach between instance and volume in different ' + 'availability zones.'), ] CONF = cfg.CONF @@ -98,7 +102,8 @@ def cinderclient(context): project_id=context.project_id, auth_url=url, insecure=CONF.cinder_api_insecure, - retries=CONF.cinder_http_retries) + retries=CONF.cinder_http_retries, + cacert=CONF.cinder_ca_certificates_file) # noauth extracts user_id:project_id from auth_token c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id, context.project_id) |