From b406e6d354dd50e5a49c76bec36582f95d534630 Mon Sep 17 00:00:00 2001 From: hamza Date: Thu, 4 Mar 2021 19:24:58 +0000 Subject: [PATCH] Support mTLS when calling the glance API add glance certfile, keyfile to the glance configurations so they can be used for mTLS connection to glance API Closes-Bug: #1917797 Change-Id: Ic9deaa001482c89cdc4361d4a8c7e0236a5a3885 --- cinder/common/config.py | 6 ++++++ cinder/image/glance.py | 2 ++ cinder/tests/unit/image/test_glance.py | 6 ++++++ 3 files changed, 14 insertions(+) diff --git a/cinder/common/config.py b/cinder/common/config.py index e4304fa91ba..799afcc064f 100644 --- a/cinder/common/config.py +++ b/cinder/common/config.py @@ -191,6 +191,12 @@ image_opts = [ cfg.StrOpt('glance_ca_certificates_file', help='Location of ca certificates file to use for glance ' 'client requests.'), + cfg.StrOpt('glance_certfile', + help='Location of certificate file to use for glance ' + 'client requests.'), + cfg.StrOpt('glance_keyfile', + help='Location of certificate key file to use for glance ' + 'client requests.'), cfg.IntOpt('glance_request_timeout', help='http/https timeout value for glance operations. If no ' 'value (None) is supplied here, the glanceclient default ' diff --git a/cinder/image/glance.py b/cinder/image/glance.py index 59f3451974d..8102a8e5973 100644 --- a/cinder/image/glance.py +++ b/cinder/image/glance.py @@ -120,6 +120,8 @@ def _create_glance_client(context, netloc, use_ssl): config_options = {'insecure': CONF.glance_api_insecure, 'cacert': CONF.glance_ca_certificates_file, 'timeout': CONF.glance_request_timeout, + 'cert': CONF.glance_certfile, + 'key': CONF.glance_keyfile, 'split_loggers': CONF.split_loggers } _SESSION = ks_session.Session().load_from_options(**config_options) diff --git a/cinder/tests/unit/image/test_glance.py b/cinder/tests/unit/image/test_glance.py index f4e15d61936..73e014f81e8 100644 --- a/cinder/tests/unit/image/test_glance.py +++ b/cinder/tests/unit/image/test_glance.py @@ -1108,6 +1108,8 @@ class TestGlanceImageServiceClient(test.TestCase): config_options = {'insecure': False, 'cacert': None, + 'key': None, + 'cert': None, 'timeout': None, 'split_loggers': False} @@ -1129,6 +1131,8 @@ class TestGlanceImageServiceClient(test.TestCase): self.flags(glance_request_timeout=60) self.flags( glance_ca_certificates_file='/opt/stack/data/ca-bundle.pem') + self.flags(glance_certfile='/opt/stack/data/cert.pem') + self.flags(glance_keyfile='/opt/stack/data/key.pem') class MyGlanceStubClient(object): def __init__(inst, version, *args, **kwargs): @@ -1140,6 +1144,8 @@ class TestGlanceImageServiceClient(test.TestCase): config_options = {'insecure': False, 'cacert': '/opt/stack/data/ca-bundle.pem', + 'cert': '/opt/stack/data/cert.pem', + 'key': '/opt/stack/data/key.pem', 'timeout': 60, 'split_loggers': False}