openstack/python-tackerclient
Code Issues Proposed changes

Add "cert_verify" in vim_config file to support insecure VIM

Browse Source 
Currently, Tacker can not communicate with VIM endpoints that
use SSL. This patch will add cert_verify parameter, user can
set "cert_verify" to False (default value is True) to disable
verifying SSL.

Change-Id: I0af2a0f91ecda2a63cf6233d780e1dd7c064513c
This commit is contained in:
Cong Phuoc Hoang 2018-01-10 22:20:51 +09:00
parent 4a772e74d8
commit b6ef835d89
4 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tackerclient/tacker/v1_0/nfvo/vim_utils.py
View File

@ -25,6 +25,8 @@ def args2body_vim(config_param, vim):
:return: vim body with args populated :return: vim body with args populated
""" """
vim_type = ['openstack', 'kubernetes'] vim_type = ['openstack', 'kubernetes']
cert_verify_type = ['True', 'False']
if 'type' in config_param: if 'type' in config_param:
vim['type'] = config_param.pop('type', '') vim['type'] = config_param.pop('type', '')
if not vim['type'] in vim_type: if not vim['type'] in vim_type:
@ -42,10 +44,16 @@ def args2body_vim(config_param, vim):
raise exceptions.TackerClientException( raise exceptions.TackerClientException(
message='Project name must be specified', message='Project name must be specified',
status_code=404) status_code=404)
cert_verify = config_param.pop('cert_verify', 'True')
if cert_verify not in cert_verify_type:
raise exceptions.TackerClientException(
message='Supported cert_verify types: True, False',
status_code=400)
vim['auth_cred'] = {'username': config_param.pop('username', ''), vim['auth_cred'] = {'username': config_param.pop('username', ''),
'password': config_param.pop('password', ''), 'password': config_param.pop('password', ''),
'user_domain_name': 'user_domain_name':
config_param.pop('user_domain_name', '')} config_param.pop('user_domain_name', ''),
'cert_verify': cert_verify}
elif vim['type'] == 'kubernetes': elif vim['type'] == 'kubernetes':
vim['vim_project'] = { vim['vim_project'] = {
'name': config_param.pop('project_name', '')} 'name': config_param.pop('project_name', '')}

8
tackerclient/tests/unit/vm/samples/vim_config_with_false_cert_verify.yaml Normal file
View File

@ -0,0 +1,8 @@
auth_url: 'http://1.2.3.4:5000'
username: 'xyz'
password: '12345'
project_name: 'abc'
project_domain_name: 'prj_domain_name'
user_domain_name: 'user_domain_name'
cert_verify: 'False'
type: 'openstack'

27
tackerclient/tests/unit/vm/test_cli10_vim.py
View File

@ -38,7 +38,8 @@ class CLITestV10VIMJSON(test_cli10.CLITestV10Base):
'name': 'abc', 'name': 'abc',
'project_domain_name': 'prj_domain_name'} 'project_domain_name': 'prj_domain_name'}
self.auth_cred = {'username': 'xyz', 'password': '12345', self.auth_cred = {'username': 'xyz', 'password': '12345',
'user_domain_name': 'user_domain_name'} 'user_domain_name': 'user_domain_name',
'cert_verify': 'True'}
self.auth_url = 'http://1.2.3.4:5000' self.auth_url = 'http://1.2.3.4:5000'
self.type = 'openstack' self.type = 'openstack'
@ -62,6 +63,30 @@ class CLITestV10VIMJSON(test_cli10.CLITestV10Base):
args, position_names, position_values, args, position_names, position_values,
extra_body=extra_body) extra_body=extra_body)
def test_register_vim_with_false_cert_verify(self):
cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None)
name = 'my-name'
my_id = 'my-id'
# change cert_verify to False
self.auth_cred = {'username': 'xyz', 'password': '12345',
'user_domain_name': 'user_domain_name',
'cert_verify': 'False'}
description = 'Vim Description'
vim_config = utils.get_file_path(
'tests/unit/vm/samples/vim_config_with_false_cert_verify.yaml')
args = [
name,
'--config-file', vim_config,
'--description', description]
position_names = ['auth_cred', 'vim_project', 'auth_url', 'type']
position_values = [self.auth_cred, self.vim_project,
self.auth_url, self.type]
extra_body = {'type': 'openstack', 'name': name,
'description': description, 'is_default': False}
self._test_create_resource(self._RESOURCE, cmd, None, my_id,
args, position_names, position_values,
extra_body=extra_body)
def test_register_vim_with_no_auth_url(self): def test_register_vim_with_no_auth_url(self):
cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None) cmd = vim.CreateVIM(test_cli10.MyApp(sys.stdout), None)
my_id = 'my-id' my_id = 'my-id'

2
tackerclient/tests/unit/vm/test_vim_utils.py
View File

@ -29,6 +29,7 @@ class TestVIMUtils(testtools.TestCase):
'password': sentinel.password1, 'password': sentinel.password1,
'project_domain_name': sentinel.prj_domain_name1, 'project_domain_name': sentinel.prj_domain_name1,
'user_domain_name': sentinel.user_domain.name, 'user_domain_name': sentinel.user_domain.name,
'cert_verify': 'True',
'type': 'openstack'} 'type': 'openstack'}
vim = {} vim = {}
auth_cred = config_param.copy() auth_cred = config_param.copy()
@ -80,6 +81,7 @@ class TestVIMUtils(testtools.TestCase):
config_param = {'username': sentinel.usrname1, config_param = {'username': sentinel.usrname1,
'password': sentinel.password1, 'password': sentinel.password1,
'user_domain_name': sentinel.user_domain.name, 'user_domain_name': sentinel.user_domain.name,
'cert_verify': 'True',
'type': 'openstack'} 'type': 'openstack'}
vim = {} vim = {}
self.assertRaises(exceptions.TackerClientException, self.assertRaises(exceptions.TackerClientException,