Support glance servers over https

Fixes bug 1089147

Updated glance.py from nova's version to support glance over ssl
eg. glance_api_servers=https://glance.mydomain:9292

New Flag: glance_api_insecure
Set to True to disable certificate checking

Change-Id: I53e62900265fea2de9b0ec20bbff0c40f1b14c91

cinder/flags.py

@@ -123,6 +123,10 @@ def _get_my_ip():
     cfg.IntOpt('glance_num_retries',
                default=0,
                help='Number retries when downloading an image from glance'),
+    cfg.BoolOpt('glance_api_insecure',
+                default=False,
+                help='Allow to perform insecure SSL (https) requests to '
+                'glance'),
     cfg.StrOpt('scheduler_topic',
                default='cinder-scheduler',
                help='the topic scheduler nodes listen on'),

cinder/image/glance.py

@@ -48,20 +48,25 @@ def _parse_image_ref(image_href):
     :raises ValueError
 
     """
-    o = urlparse.urlparse(image_href)
-    port = o.port or 80
-    host = o.netloc.split(':', 1)[0]
-    image_id = o.path.split('/')[-1]
-    return (image_id, host, port)
+    url = urlparse.urlparse(image_href)
+    port = url.port or 80
+    host = url.netloc.split(':', 1)[0]
+    image_id = url.path.split('/')[-1]
+    use_ssl = (url.scheme == 'https')
+    return (image_id, host, port, use_ssl)
 
 
-def _create_glance_client(context, host, port, version=1):
+def _create_glance_client(context, host, port, use_ssl, version=1):
     """Instantiate a new glanceclient.Client object"""
+    if use_ssl:
+        scheme = 'https'
+    else:
+        scheme = 'http'
     params = {}
+    params['insecure'] = FLAGS.glance_api_insecure
     if FLAGS.auth_strategy == 'keystone':
         params['token'] = context.auth_token
-    endpoint = 'http://%s:%s' % (host, port)
-
+    endpoint = '%s://%s:%s' % (scheme, host, port)
     return glanceclient.Client(str(version), endpoint, **params)
 
 
@@ -73,37 +78,48 @@ def get_api_servers():
     """
     api_servers = []
     for api_server in FLAGS.glance_api_servers:
-        host, port_str = api_server.split(':')
-        api_servers.append((host, int(port_str)))
+        if '//' not in api_server:
+            api_server = 'http://' + api_server
+        url = urlparse.urlparse(api_server)
+        port = url.port or 80
+        host = url.netloc.split(':', 1)[0]
+        use_ssl = (url.scheme == 'https')
+        api_servers.append((host, port, use_ssl))
     random.shuffle(api_servers)
     return itertools.cycle(api_servers)
 
 
 class GlanceClientWrapper(object):
     """Glance client wrapper class that implements retries."""
 
-    def __init__(self, context=None, host=None, port=None, version=None):
+    def __init__(self, context=None, host=None, port=None, use_ssl=False,
+                 version=None):
         if host is not None:
-            self.client = self._create_static_client(context, host, port,
-                                                     version)
+            self.client = self._create_static_client(context,
+                                                     host, port,
+                                                     use_ssl, version)
         else:
             self.client = None
         self.api_servers = None
 
-    def _create_static_client(self, context, host, port, version):
+    def _create_static_client(self, context, host, port, use_ssl, version):
         """Create a client that we'll use for every call."""
         self.host = host
         self.port = port
+        self.use_ssl = use_ssl
         self.version = version
-        return _create_glance_client(context, self.host, self.port,
-                                     self.version)
+        return _create_glance_client(context,
+                                     self.host, self.port,
+                                     self.use_ssl, self.version)
 
     def _create_onetime_client(self, context, version):
         """Create a client that will be used for one call."""
         if self.api_servers is None:
             self.api_servers = get_api_servers()
-        self.host, self.port = self.api_servers.next()
-        return _create_glance_client(context, self.host, self.port, version)
+        self.host, self.port, self.use_ssl = self.api_servers.next()
+        return _create_glance_client(context,
+                                     self.host, self.port,
+                                     self.use_ssl, version)
 
     def call(self, context, version, method, *args, **kwargs):
         """
@@ -167,9 +183,9 @@ def _extract_query_params(self, params):
                 _params[param] = params.get(param)
 
         # ensure filters is a dict
-        params.setdefault('filters', {})
+        _params.setdefault('filters', {})
         # NOTE(vish): don't filter out private images
-        params['filters'].setdefault('is_public', 'none')
+        _params['filters'].setdefault('is_public', 'none')
 
         return _params
 
@@ -419,10 +435,12 @@ def get_remote_image_service(context, image_href):
         return image_service, image_href
 
     try:
-        (image_id, glance_host, glance_port) = _parse_image_ref(image_href)
+        (image_id, glance_host, glance_port, use_ssl) = \
+            _parse_image_ref(image_href)
         glance_client = GlanceClientWrapper(context=context,
                                             host=glance_host,
-                                            port=glance_port)
+                                            port=glance_port,
+                                            use_ssl=use_ssl)
     except ValueError:
         raise exception.InvalidImageRef(image_href=image_href)
 

cinder/tests/image/test_glance.py

@@ -105,7 +105,7 @@ def setUp(self):
         self.stubs.Set(glance.time, 'sleep', lambda s: None)
 
     def _create_image_service(self, client):
-        def _fake_create_glance_client(context, host, port, version):
+        def _fake_create_glance_client(context, host, port, use_ssl, version):
             return client
 
         self.stubs.Set(glance,