Skip to content

Commit

Permalink
Add ca cert file support to cinder client requests
Browse files Browse the repository at this point in the history 
Allow for ca certificates file to be specified when doing cinder
client requests. Needed when using custom ca authorities.

Change-Id: Ib9aa15df2fc7d96cb8587c13769399e353c032c6
Fixes: bug #1179476
  • Loading branch information
@cianodriscoll
cianodriscoll committed May 16, 2013
1 parent 56f5172 commit 5bc5fd8
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 7 deletions.
4 changes: 4 additions & 0 deletions etc/nova/nova.conf.sample
View file
Expand Up @@ -2513,6 +2513,10 @@
# region name of this node (string value)
#os_region_name=<None>

# Allow for a ca certificates file to be specified for cinder
# client requests (string value)
#cinder_ca_certificates_file=<None>

# Number of cinderclient retries on failed http calls (integer
# value)
#cinder_http_retries=3
Expand Down
16 changes: 13 additions & 3 deletions nova/tests/test_cinder.py
View file
Expand Up @@ -98,14 +98,16 @@ def get_volumes_5678(self, **kw):
class FakeCinderClient(cinder.cinder_client.Client):

def __init__(self, username, password, project_id=None, auth_url=None,
insecure=False, retries=None):
insecure=False, retries=None, cacert=None):
super(FakeCinderClient, self).__init__(username, password,
project_id=project_id,
auth_url=auth_url,
insecure=insecure,
retries=retries)
retries=retries,
cacert=cacert)
self.client = FakeHTTPClient(username, password, project_id, auth_url,
insecure=insecure, retries=retries)
insecure=insecure, retries=retries,
cacert=cacert)
# keep a ref to the clients callstack for factory's assert_called
self.callstack = self.client.callstack = []

Expand Down Expand Up @@ -187,6 +189,14 @@ def test_cinder_api_insecure(self):
self.assertEquals(
self.fake_client_factory.client.client.verify_cert, False)

def test_cinder_api_cacert_file(self):
cacert = "/etc/ssl/certs/ca-certificates.crt"
self.flags(cinder_ca_certificates_file=cacert)
volume = self.api.get(self.context, '1234')
self.assert_called('GET', '/volumes/1234')
self.assertEquals(
self.fake_client_factory.client.client.verify_cert, cacert)

def test_cinder_http_retries(self):
retries = 42
self.flags(cinder_http_retries=retries)
Expand Down
13 changes: 9 additions & 4 deletions nova/volume/cinder.py
View file
Expand Up @@ -45,16 +45,20 @@
cfg.StrOpt('os_region_name',
default=None,
help='region name of this node'),
cfg.StrOpt('cinder_ca_certificates_file',
default=None,
help='Location of ca certicates file to use for cinder client '
'requests.'),
cfg.IntOpt('cinder_http_retries',
default=3,
help='Number of cinderclient retries on failed http calls'),
cfg.BoolOpt('cinder_api_insecure',
default=False,
help='Allow to perform insecure SSL requests to cinder'),
cfg.BoolOpt('cinder_cross_az_attach',
default=True,
help='Allow attach between instance and volume in different '
'availability zones.'),
default=True,
help='Allow attach between instance and volume in different '
'availability zones.'),
]

CONF = cfg.CONF
Expand Down Expand Up @@ -98,7 +102,8 @@ def cinderclient(context):
project_id=context.project_id,
auth_url=url,
insecure=CONF.cinder_api_insecure,
retries=CONF.cinder_http_retries)
retries=CONF.cinder_http_retries,
cacert=CONF.cinder_ca_certificates_file)
# noauth extracts user_id:project_id from auth_token
c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,
context.project_id)
Expand Down

0 comments on commit 5bc5fd8

Please sign in to comment.