Support mTLS when calling the glance API

add glance certfile, keyfile to the glance configurations
so they can be used for mTLS connection to glance API

Closes-Bug: #1917797
Change-Id: Ic9deaa001482c89cdc4361d4a8c7e0236a5a3885
This commit is contained in:
hamza 2021-03-04 19:24:58 +00:00
parent a01b5bb39e
commit b406e6d354
3 changed files with 14 additions and 0 deletions

View File

@ -191,6 +191,12 @@ image_opts = [
cfg.StrOpt('glance_ca_certificates_file',
help='Location of ca certificates file to use for glance '
'client requests.'),
cfg.StrOpt('glance_certfile',
help='Location of certificate file to use for glance '
'client requests.'),
cfg.StrOpt('glance_keyfile',
help='Location of certificate key file to use for glance '
'client requests.'),
cfg.IntOpt('glance_request_timeout',
help='http/https timeout value for glance operations. If no '
'value (None) is supplied here, the glanceclient default '

View File

@ -120,6 +120,8 @@ def _create_glance_client(context, netloc, use_ssl):
config_options = {'insecure': CONF.glance_api_insecure,
'cacert': CONF.glance_ca_certificates_file,
'timeout': CONF.glance_request_timeout,
'cert': CONF.glance_certfile,
'key': CONF.glance_keyfile,
'split_loggers': CONF.split_loggers
}
_SESSION = ks_session.Session().load_from_options(**config_options)

View File

@ -1108,6 +1108,8 @@ class TestGlanceImageServiceClient(test.TestCase):
config_options = {'insecure': False,
'cacert': None,
'key': None,
'cert': None,
'timeout': None,
'split_loggers': False}
@ -1129,6 +1131,8 @@ class TestGlanceImageServiceClient(test.TestCase):
self.flags(glance_request_timeout=60)
self.flags(
glance_ca_certificates_file='/opt/stack/data/ca-bundle.pem')
self.flags(glance_certfile='/opt/stack/data/cert.pem')
self.flags(glance_keyfile='/opt/stack/data/key.pem')
class MyGlanceStubClient(object):
def __init__(inst, version, *args, **kwargs):
@ -1140,6 +1144,8 @@ class TestGlanceImageServiceClient(test.TestCase):
config_options = {'insecure': False,
'cacert': '/opt/stack/data/ca-bundle.pem',
'cert': '/opt/stack/data/cert.pem',
'key': '/opt/stack/data/key.pem',
'timeout': 60,
'split_loggers': False}