RabbitMQ: Standardize SSL parameter names
This makes the SSL-related parameters to be similar to the ones used by the AMQP and pika drivers. This will enable easier configuration of these parameters if the transport URL is used. And easier migration from one driver to the other when needed. Change-Id: Ic32b2cb253fa0dc43aad7226b24919b7e588faa9
This commit is contained in:
Juan Antonio Osorio Robles
parent
58b026a2aa
commit
0c369cbcf6
oslo_messaging
@ -54,25 +54,29 @@ TCP_USER_TIMEOUT = 18
|
|||||||
|
|
||||||
|
|
||||||
rabbit_opts = [
|
rabbit_opts = [
|
||||||
cfg.StrOpt('kombu_ssl_version',
|
cfg.BoolOpt('ssl',
|
||||||
|
default=False,
|
||||||
|
deprecated_name='rabbit_use_ssl',
|
||||||
|
help='Connect over SSL.'),
|
||||||
|
cfg.StrOpt('ssl_version',
|
||||||
default='',
|
default='',
|
||||||
deprecated_group='DEFAULT',
|
deprecated_name='kombu_ssl_version',
|
||||||
help='SSL version to use (valid only if SSL enabled). '
|
help='SSL version to use (valid only if SSL enabled). '
|
||||||
'Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, '
|
'Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, '
|
||||||
'TLSv1_1, and TLSv1_2 may be available on some '
|
'TLSv1_1, and TLSv1_2 may be available on some '
|
||||||
'distributions.'
|
'distributions.'
|
||||||
),
|
),
|
||||||
cfg.StrOpt('kombu_ssl_keyfile',
|
cfg.StrOpt('ssl_key_file',
|
||||||
default='',
|
default='',
|
||||||
deprecated_group='DEFAULT',
|
deprecated_name='kombu_ssl_keyfile',
|
||||||
help='SSL key file (valid only if SSL enabled).'),
|
help='SSL key file (valid only if SSL enabled).'),
|
||||||
cfg.StrOpt('kombu_ssl_certfile',
|
cfg.StrOpt('ssl_cert_file',
|
||||||
default='',
|
default='',
|
||||||
deprecated_group='DEFAULT',
|
deprecated_name='kombu_ssl_certfile',
|
||||||
help='SSL cert file (valid only if SSL enabled).'),
|
help='SSL cert file (valid only if SSL enabled).'),
|
||||||
cfg.StrOpt('kombu_ssl_ca_certs',
|
cfg.StrOpt('ssl_ca_file',
|
||||||
default='',
|
default='',
|
||||||
deprecated_group='DEFAULT',
|
deprecated_name='kombu_ssl_ca_certs',
|
||||||
help='SSL certification authority file '
|
help='SSL certification authority file '
|
||||||
'(valid only if SSL enabled).'),
|
'(valid only if SSL enabled).'),
|
||||||
cfg.FloatOpt('kombu_reconnect_delay',
|
cfg.FloatOpt('kombu_reconnect_delay',
|
||||||
@ -116,10 +120,6 @@ rabbit_opts = [
|
|||||||
deprecated_for_removal=True,
|
deprecated_for_removal=True,
|
||||||
deprecated_reason="Replaced by [DEFAULT]/transport_url",
|
deprecated_reason="Replaced by [DEFAULT]/transport_url",
|
||||||
help='RabbitMQ HA cluster host:port pairs.'),
|
help='RabbitMQ HA cluster host:port pairs.'),
|
||||||
cfg.BoolOpt('rabbit_use_ssl',
|
|
||||||
default=False,
|
|
||||||
deprecated_group='DEFAULT',
|
|
||||||
help='Connect over SSL for RabbitMQ.'),
|
|
||||||
cfg.StrOpt('rabbit_userid',
|
cfg.StrOpt('rabbit_userid',
|
||||||
default='guest',
|
default='guest',
|
||||||
deprecated_group='DEFAULT',
|
deprecated_group='DEFAULT',
|
||||||
@ -479,17 +479,17 @@ class Connection(object):
|
|||||||
self.kombu_reconnect_delay = driver_conf.kombu_reconnect_delay
|
self.kombu_reconnect_delay = driver_conf.kombu_reconnect_delay
|
||||||
self.amqp_durable_queues = driver_conf.amqp_durable_queues
|
self.amqp_durable_queues = driver_conf.amqp_durable_queues
|
||||||
self.amqp_auto_delete = driver_conf.amqp_auto_delete
|
self.amqp_auto_delete = driver_conf.amqp_auto_delete
|
||||||
self.rabbit_use_ssl = driver_conf.rabbit_use_ssl
|
self.ssl = driver_conf.ssl
|
||||||
self.kombu_missing_consumer_retry_timeout = \
|
self.kombu_missing_consumer_retry_timeout = \
|
||||||
driver_conf.kombu_missing_consumer_retry_timeout
|
driver_conf.kombu_missing_consumer_retry_timeout
|
||||||
self.kombu_failover_strategy = driver_conf.kombu_failover_strategy
|
self.kombu_failover_strategy = driver_conf.kombu_failover_strategy
|
||||||
self.kombu_compression = driver_conf.kombu_compression
|
self.kombu_compression = driver_conf.kombu_compression
|
||||||
|
|
||||||
if self.rabbit_use_ssl:
|
if self.ssl:
|
||||||
self.kombu_ssl_version = driver_conf.kombu_ssl_version
|
self.ssl_version = driver_conf.ssl_version
|
||||||
self.kombu_ssl_keyfile = driver_conf.kombu_ssl_keyfile
|
self.ssl_key_file = driver_conf.ssl_key_file
|
||||||
self.kombu_ssl_certfile = driver_conf.kombu_ssl_certfile
|
self.ssl_cert_file = driver_conf.ssl_cert_file
|
||||||
self.kombu_ssl_ca_certs = driver_conf.kombu_ssl_ca_certs
|
self.ssl_ca_file = driver_conf.ssl_ca_file
|
||||||
|
|
||||||
# Try forever?
|
# Try forever?
|
||||||
if self.max_retries <= 0:
|
if self.max_retries <= 0:
|
||||||
@ -697,19 +697,19 @@ class Connection(object):
|
|||||||
"""Handles fetching what ssl params should be used for the connection
|
"""Handles fetching what ssl params should be used for the connection
|
||||||
(if any).
|
(if any).
|
||||||
"""
|
"""
|
||||||
if self.rabbit_use_ssl:
|
if self.ssl:
|
||||||
ssl_params = dict()
|
ssl_params = dict()
|
||||||
|
|
||||||
# http://docs.python.org/library/ssl.html - ssl.wrap_socket
|
# http://docs.python.org/library/ssl.html - ssl.wrap_socket
|
||||||
if self.kombu_ssl_version:
|
if self.ssl_version:
|
||||||
ssl_params['ssl_version'] = self.validate_ssl_version(
|
ssl_params['ssl_version'] = self.validate_ssl_version(
|
||||||
self.kombu_ssl_version)
|
self.ssl_version)
|
||||||
if self.kombu_ssl_keyfile:
|
if self.ssl_key_file:
|
||||||
ssl_params['keyfile'] = self.kombu_ssl_keyfile
|
ssl_params['keyfile'] = self.ssl_key_file
|
||||||
if self.kombu_ssl_certfile:
|
if self.ssl_cert_file:
|
||||||
ssl_params['certfile'] = self.kombu_ssl_certfile
|
ssl_params['certfile'] = self.ssl_cert_file
|
||||||
if self.kombu_ssl_ca_certs:
|
if self.ssl_ca_file:
|
||||||
ssl_params['ca_certs'] = self.kombu_ssl_ca_certs
|
ssl_params['ca_certs'] = self.ssl_ca_file
|
||||||
# We might want to allow variations in the
|
# We might want to allow variations in the
|
||||||
# future with this?
|
# future with this?
|
||||||
ssl_params['cert_reqs'] = ssl.CERT_REQUIRED
|
ssl_params['cert_reqs'] = ssl.CERT_REQUIRED
|
||||||
|
|||||||
@ -162,15 +162,15 @@ class TestRabbitDriverLoad(test_utils.BaseTestCase):
|
|||||||
class TestRabbitDriverLoadSSL(test_utils.BaseTestCase):
|
class TestRabbitDriverLoadSSL(test_utils.BaseTestCase):
|
||||||
scenarios = [
|
scenarios = [
|
||||||
('no_ssl', dict(options=dict(), expected=False)),
|
('no_ssl', dict(options=dict(), expected=False)),
|
||||||
('no_ssl_with_options', dict(options=dict(kombu_ssl_version='TLSv1'),
|
('no_ssl_with_options', dict(options=dict(ssl_version='TLSv1'),
|
||||||
expected=False)),
|
expected=False)),
|
||||||
('just_ssl', dict(options=dict(rabbit_use_ssl=True),
|
('just_ssl', dict(options=dict(ssl=True),
|
||||||
expected=True)),
|
expected=True)),
|
||||||
('ssl_with_options', dict(options=dict(rabbit_use_ssl=True,
|
('ssl_with_options', dict(options=dict(ssl=True,
|
||||||
kombu_ssl_version='TLSv1',
|
ssl_version='TLSv1',
|
||||||
kombu_ssl_keyfile='foo',
|
ssl_key_file='foo',
|
||||||
kombu_ssl_certfile='bar',
|
ssl_cert_file='bar',
|
||||||
kombu_ssl_ca_certs='foobar'),
|
ssl_ca_file='foobar'),
|
||||||
expected=dict(ssl_version=3,
|
expected=dict(ssl_version=3,
|
||||||
keyfile='foo',
|
keyfile='foo',
|
||||||
certfile='bar',
|
certfile='bar',
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user