Add ssl support for manila API access
Currently, Manila does not support secure access the manila APIs, obviously, this is a defect for manila service. This change is to add ssl support for manila project. Closes-bug: #1732844 Closes-bug: #1730529 Change-Id: I2dbc52ce95933e648cc065b2b2112788bf4484d0
This commit is contained in:
junboli
junbo.li
parent
6985c77ee5
commit
fa5b81f903
@ -18,9 +18,5 @@
|
|||||||
- Description
|
- Description
|
||||||
* - **[DEFAULT]**
|
* - **[DEFAULT]**
|
||||||
-
|
-
|
||||||
* - ``ssl_ca_file`` = ``None``
|
* - ``osapi_share_use_ssl`` = ``False``
|
||||||
- (String) CA certificate file to use to verify connecting clients.
|
- (Boolean) Wraps the socket in a SSL context if True is set.
|
||||||
* - ``ssl_cert_file`` = ``None``
|
|
||||||
- (String) Certificate file to use when starting the server securely.
|
|
||||||
* - ``ssl_key_file`` = ``None``
|
|
||||||
- (String) Private key file to use when starting the server securely.
|
|
||||||
|
|||||||
@ -60,6 +60,10 @@ service_opts = [
|
|||||||
cfg.IntOpt('osapi_share_workers',
|
cfg.IntOpt('osapi_share_workers',
|
||||||
default=1,
|
default=1,
|
||||||
help='Number of workers for OpenStack Share API service.'),
|
help='Number of workers for OpenStack Share API service.'),
|
||||||
|
cfg.BoolOpt('osapi_share_use_ssl',
|
||||||
|
default=False,
|
||||||
|
help='Wraps the socket in a SSL context if True is set. '
|
||||||
|
'A certificate file and key file must be specified.'),
|
||||||
]
|
]
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
@ -290,6 +294,7 @@ class WSGIService(service.ServiceBase):
|
|||||||
self.host = getattr(CONF, '%s_listen' % name, "0.0.0.0")
|
self.host = getattr(CONF, '%s_listen' % name, "0.0.0.0")
|
||||||
self.port = getattr(CONF, '%s_listen_port' % name, 0)
|
self.port = getattr(CONF, '%s_listen_port' % name, 0)
|
||||||
self.workers = getattr(CONF, '%s_workers' % name, None)
|
self.workers = getattr(CONF, '%s_workers' % name, None)
|
||||||
|
self.use_ssl = getattr(CONF, '%s_use_ssl' % name, False)
|
||||||
if self.workers is not None and self.workers < 1:
|
if self.workers is not None and self.workers < 1:
|
||||||
LOG.warning(
|
LOG.warning(
|
||||||
"Value of config option %(name)s_workers must be integer "
|
"Value of config option %(name)s_workers must be integer "
|
||||||
@ -302,6 +307,7 @@ class WSGIService(service.ServiceBase):
|
|||||||
self.app,
|
self.app,
|
||||||
host=self.host,
|
host=self.host,
|
||||||
port=self.port,
|
port=self.port,
|
||||||
|
use_ssl=self.use_ssl
|
||||||
)
|
)
|
||||||
|
|
||||||
def _get_manager(self):
|
def _get_manager(self):
|
||||||
|
|||||||
@ -226,3 +226,15 @@ class TestWSGIService(test.TestCase):
|
|||||||
self.test_service.start()
|
self.test_service.start()
|
||||||
self.assertGreater(self.test_service.server._pool.size, 0)
|
self.assertGreater(self.test_service.server._pool.size, 0)
|
||||||
wsgi.Loader.load_app.assert_called_once_with("test_service")
|
wsgi.Loader.load_app.assert_called_once_with("test_service")
|
||||||
|
|
||||||
|
@mock.patch('oslo_service.wsgi.Server')
|
||||||
|
@mock.patch('oslo_service.wsgi.Loader')
|
||||||
|
def test_ssl_enabled(self, mock_loader, mock_server):
|
||||||
|
self.override_config('osapi_share_use_ssl', True)
|
||||||
|
|
||||||
|
service.WSGIService("osapi_share")
|
||||||
|
mock_server.assert_called_once_with(mock.ANY, mock.ANY, mock.ANY,
|
||||||
|
port=mock.ANY, host=mock.ANY,
|
||||||
|
use_ssl=True)
|
||||||
|
|
||||||
|
self.assertTrue(mock_loader.called)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user