summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCian O'Driscoll <cian@hp.com>2013-05-15 15:14:01 +0000
committerCian O'Driscoll <cian@hp.com>2013-05-16 08:50:42 +0000
commit5bc5fd8855f39638522304102e1f839484b9bf81 (patch)
treebcb084c1da1ebd46ef1368f1ba8db299e6a5e527
parent56f5172f33bbd1da1b8749b7754805de44c3ab9c (diff)
Add ca cert file support to cinder client requests
Allow for ca certificates file to be specified when doing cinder client requests. Needed when using custom ca authorities. Change-Id: Ib9aa15df2fc7d96cb8587c13769399e353c032c6 Fixes: bug #1179476
Diffstat
-rw-r--r--etc/nova/nova.conf.sample4
-rw-r--r--nova/tests/test_cinder.py16
-rw-r--r--nova/volume/cinder.py13
3 files changed, 26 insertions, 7 deletions
diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample
index 1897d9a65..2ba888a86 100644
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@@ -2513,6 +2513,10 @@
# region name of this node (string value)
#os_region_name=<None>
+# Allow for a ca certificates file to be specified for cinder
+# client requests (string value)
+#cinder_ca_certificates_file=<None>
+
# Number of cinderclient retries on failed http calls (integer
# value)
#cinder_http_retries=3
diff --git a/nova/tests/test_cinder.py b/nova/tests/test_cinder.py
index 06eb467ab..e8dff9a4a 100644
--- a/nova/tests/test_cinder.py
+++ b/nova/tests/test_cinder.py
@@ -98,14 +98,16 @@ class FakeHTTPClient(cinder.cinder_client.client.HTTPClient):
class FakeCinderClient(cinder.cinder_client.Client):
def __init__(self, username, password, project_id=None, auth_url=None,
- insecure=False, retries=None):
+ insecure=False, retries=None, cacert=None):
super(FakeCinderClient, self).__init__(username, password,
project_id=project_id,
auth_url=auth_url,
insecure=insecure,
- retries=retries)
+ retries=retries,
+ cacert=cacert)
self.client = FakeHTTPClient(username, password, project_id, auth_url,
- insecure=insecure, retries=retries)
+ insecure=insecure, retries=retries,
+ cacert=cacert)
# keep a ref to the clients callstack for factory's assert_called
self.callstack = self.client.callstack = []
@@ -187,6 +189,14 @@ class CinderTestCase(test.TestCase):
self.assertEquals(
self.fake_client_factory.client.client.verify_cert, False)
+ def test_cinder_api_cacert_file(self):
+ cacert = "/etc/ssl/certs/ca-certificates.crt"
+ self.flags(cinder_ca_certificates_file=cacert)
+ volume = self.api.get(self.context, '1234')
+ self.assert_called('GET', '/volumes/1234')
+ self.assertEquals(
+ self.fake_client_factory.client.client.verify_cert, cacert)
+
def test_cinder_http_retries(self):
retries = 42
self.flags(cinder_http_retries=retries)
diff --git a/nova/volume/cinder.py b/nova/volume/cinder.py
index f112f0597..5243cdb1f 100644
--- a/nova/volume/cinder.py
+++ b/nova/volume/cinder.py
@@ -45,6 +45,10 @@ cinder_opts = [
cfg.StrOpt('os_region_name',
default=None,
help='region name of this node'),
+ cfg.StrOpt('cinder_ca_certificates_file',
+ default=None,
+ help='Location of ca certicates file to use for cinder client '
+ 'requests.'),
cfg.IntOpt('cinder_http_retries',
default=3,
help='Number of cinderclient retries on failed http calls'),
@@ -52,9 +56,9 @@ cinder_opts = [
default=False,
help='Allow to perform insecure SSL requests to cinder'),
cfg.BoolOpt('cinder_cross_az_attach',
- default=True,
- help='Allow attach between instance and volume in different '
- 'availability zones.'),
+ default=True,
+ help='Allow attach between instance and volume in different '
+ 'availability zones.'),
]
CONF = cfg.CONF
@@ -98,7 +102,8 @@ def cinderclient(context):
project_id=context.project_id,
auth_url=url,
insecure=CONF.cinder_api_insecure,
- retries=CONF.cinder_http_retries)
+ retries=CONF.cinder_http_retries,
+ cacert=CONF.cinder_ca_certificates_file)
# noauth extracts user_id:project_id from auth_token
c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,
context.project_id)
generated by cgit (git 2.34.1) at 2026-03-27 08:20:03 +0000