Add "cert_verify" in vim_config file to support insecure VIM

Currently, Tacker can not communicate with VIM endpoints that use SSL. This patch will add cert_verify parameter, user can set "cert_verify" to False (default value is True) to disable verifying SSL. Change-Id: I0af2a0f91ecda2a63cf6233d780e1dd7c064513c
2018-01-10 22:20:51 +09:00 · 2018-01-10 22:20:51 +09:00 · b6ef835d89
commit b6ef835d89
parent 4a772e74d8
4 changed files with 45 additions and 2 deletions
--- a/tackerclient/tacker/v1_0/nfvo/vim_utils.py
+++ b/tackerclient/tacker/v1_0/nfvo/vim_utils.py
@ -25,6 +25,8 @@ def args2body_vim(config_param, vim):
    :return: vim body with args populated
    """
    vim_type = ['openstack', 'kubernetes']
+    cert_verify_type = ['True', 'False']
+
    if 'type' in config_param:
        vim['type'] = config_param.pop('type', '')
        if not vim['type'] in vim_type:
@ -42,10 +44,16 @@ def args2body_vim(config_param, vim):
            raise exceptions.TackerClientException(
                message='Project name must be specified',
                status_code=404)
+        cert_verify = config_param.pop('cert_verify', 'True')
+        if cert_verify not in cert_verify_type:
+            raise exceptions.TackerClientException(
+                message='Supported cert_verify types: True, False',
+                status_code=400)
        vim['auth_cred'] = {'username': config_param.pop('username', ''),
                            'password': config_param.pop('password', ''),
                            'user_domain_name':
-                                config_param.pop('user_domain_name', '')}
+                                config_param.pop('user_domain_name', ''),
+                            'cert_verify': cert_verify}
    elif vim['type'] == 'kubernetes':
        vim['vim_project'] = {
            'name': config_param.pop('project_name', '')}
--- a/tackerclient/tests/unit/vm/samples/vim_config_with_false_cert_verify.yaml
+++ b/tackerclient/tests/unit/vm/samples/vim_config_with_false_cert_verify.yaml
@ -0,0 +1,8 @@
+auth_url: 'http://1.2.3.4:5000'
+username: 'xyz'
+password: '12345'
+project_name: 'abc'
+project_domain_name: 'prj_domain_name'
+user_domain_name: 'user_domain_name'
+cert_verify: 'False'
+type: 'openstack'
--- a/tackerclient/tests/unit/vm/test_cli10_vim.py
+++ b/tackerclient/tests/unit/vm/test_cli10_vim.py
@ -38,7 +38,8 @@ class CLITestV10VIMJSON(test_cli10.CLITestV10Base):
            'name': 'abc',
            'project_domain_name': 'prj_domain_name'}
        self.auth_cred = {'username': 'xyz', 'password': '12345',
-                          'user_domain_name': 'user_domain_name'}
+                          'user_domain_name': 'user_domain_name',
+                          'cert_verify': 'True'}
        self.auth_url = 'http://1.2.3.4:5000'
        self.type = 'openstack'

@ -62,6 +63,30 @@ class CLITestV10VIMJSON(test_cli10.CLITestV10Base):
                                   args, position_names, position_values,
                                   extra_body=extra_body)

+    def test_register_vim_with_false_cert_verify(self):
+        cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None)
+        name = 'my-name'
+        my_id = 'my-id'
+        # change cert_verify to False
+        self.auth_cred = {'username': 'xyz', 'password': '12345',
+                          'user_domain_name': 'user_domain_name',
+                          'cert_verify': 'False'}
+        description = 'Vim Description'
+        vim_config = utils.get_file_path(
+            'tests/unit/vm/samples/vim_config_with_false_cert_verify.yaml')
+        args = [
+            name,
+            '--config-file', vim_config,
+            '--description', description]
+        position_names = ['auth_cred', 'vim_project', 'auth_url', 'type']
+        position_values = [self.auth_cred, self.vim_project,
+                           self.auth_url, self.type]
+        extra_body = {'type': 'openstack', 'name': name,
+                      'description': description, 'is_default': False}
+        self._test_create_resource(self._RESOURCE, cmd, None, my_id,
+                                   args, position_names, position_values,
+                                   extra_body=extra_body)
+
    def test_register_vim_with_no_auth_url(self):
        cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None)
        my_id = 'my-id'
--- a/tackerclient/tests/unit/vm/test_vim_utils.py
+++ b/tackerclient/tests/unit/vm/test_vim_utils.py
@ -29,6 +29,7 @@ class TestVIMUtils(testtools.TestCase):
                        'password': sentinel.password1,
                        'project_domain_name': sentinel.prj_domain_name1,
                        'user_domain_name': sentinel.user_domain.name,
+                        'cert_verify': 'True',
                        'type': 'openstack'}
        vim = {}
        auth_cred = config_param.copy()
@ -80,6 +81,7 @@ class TestVIMUtils(testtools.TestCase):
        config_param = {'username': sentinel.usrname1,
                        'password': sentinel.password1,
                        'user_domain_name': sentinel.user_domain.name,
+                        'cert_verify': 'True',
                        'type': 'openstack'}
        vim = {}
        self.assertRaises(exceptions.TackerClientException,