+++ /dev/null
-From 467adeb3dc9a89aa6b39780b83196501d5c31ea7 Mon Sep 17 00:00:00 2001
-From: Serg Melikyan <smelikyan@mirantis.com>
-Date: Tue, 12 Nov 2013 14:33:17 +0400
-Subject: [PATCH] Adds ability to configure SSL params for clients used by the Heat
-
----
- etc/heat/heat.conf.sample | 169 ++++++++++++++++++++++++++++++++++++
- heat/common/config.py | 32 ++++++-
- heat/common/heat_keystoneclient.py | 18 ++++
- heat/engine/clients.py | 50 +++++++++--
- heat/tests/test_heatclient.py | 36 ++++++--
- 5 files changed, 291 insertions(+), 14 deletions(-)
-
-diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample
-index 1444f9b..376c98e 100644
---- a/etc/heat/heat.conf.sample
-+++ b/etc/heat/heat.conf.sample
-@@ -724,3 +724,172 @@
- #password=<None>
-
-
-+[clients_swift]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+
-+[clients_cinder]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients_nova]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients_ceilometer]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients_neutron]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+
-+[clients_keystone]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-diff --git a/heat/common/config.py b/heat/common/config.py
-index 82b4ca5..155d4f4 100644
---- a/heat/common/config.py
-+++ b/heat/common/config.py
-@@ -1,4 +1,3 @@
--
- # vim: tabstop=4 shiftwidth=4 softtabstop=4
-
- #
-@@ -18,6 +17,7 @@
- Routines for configuring Heat
- """
-
-+import copy
- import logging as sys_logging
- import os
-
-@@ -134,6 +134,35 @@ auth_password_opts = [
- 'multi_cloud is enabled. At least one endpoint needs '
- 'to be specified.'))]
-
-+clients_opts = [
-+ cfg.StrOpt('ca_file',
-+ help=_('Optional CA cert file to use in SSL connections')),
-+ cfg.StrOpt('cert_file',
-+ help=_('Optional PEM-formatted certificate chain file')),
-+ cfg.StrOpt('key_file',
-+ help=_('Optional PEM-formatted file that contains the '
-+ 'private key')),
-+ cfg.BoolOpt('insecure',
-+ default=False,
-+ help=_("If set then the server's certificate will not "
-+ "be verified")),
-+ cfg.StrOpt('endpoint_type',
-+ default='publicURL',
-+ help=_('Endpoint type'))]
-+
-+
-+def register_clients_opts():
-+ cfg.CONF.register_opts(clients_opts, group='clients')
-+ for client in ('nova', 'swift', 'neutron', 'cinder',
-+ 'ceilometer', 'keystone'):
-+ client_specific_group = 'clients_' + client
-+ # register opts copy and put it to globals in order to
-+ # generate_sample.sh to work
-+ opts_copy = copy.deepcopy(clients_opts)
-+ globals()[client_specific_group + '_opts'] = opts_copy
-+ cfg.CONF.register_opts(opts_copy, group=client_specific_group)
-+
-+
- cfg.CONF.register_opts(db_opts)
- cfg.CONF.register_opts(engine_opts)
- cfg.CONF.register_opts(service_opts)
-@@ -142,6 +171,7 @@ cfg.CONF.register_group(paste_deploy_group)
- cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group)
- cfg.CONF.register_group(auth_password_group)
- cfg.CONF.register_opts(auth_password_opts, group=auth_password_group)
-+register_clients_opts()
-
-
- def rpc_set_default():
-diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py
-index 8fb13f7..8099ef2 100644
---- a/heat/common/heat_keystoneclient.py
-+++ b/heat/common/heat_keystoneclient.py
-@@ -100,6 +100,10 @@ class KeystoneClient(object):
- logger.error("Keystone v2 API connection failed, no password or "
- "auth_token!")
- raise exception.AuthorizationFailure()
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
- client_v2 = kc.Client(**kwargs)
-
- client_v2.authenticate(**auth_kwargs)
-@@ -161,12 +165,26 @@ class KeystoneClient(object):
- "auth_token!")
- raise exception.AuthorizationFailure()
-
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
-+
- client = kc_v3.Client(**kwargs)
- # Have to explicitly authenticate() or client.auth_ref is None
- client.authenticate()
-
- return client
-
-+ def _get_client_option(self, option):
-+ try:
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group='clients_keystone')
-+ return getattr(cfg.CONF.clients_keystone, option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-+
- def create_trust_context(self):
- """
- If cfg.CONF.deferred_auth_method is trusts, we create a
-diff --git a/heat/engine/clients.py b/heat/engine/clients.py
-index 6deae5b..a9475f7 100644
---- a/heat/engine/clients.py
-+++ b/heat/engine/clients.py
-@@ -103,12 +103,16 @@ class OpenStackClients(object):
- 'service_type': service_type,
- 'username': None,
- 'api_key': None,
-- 'extensions': extensions
-+ 'extensions': extensions,
-+ 'cacert': self._get_client_option('nova', 'ca_file'),
-+ 'insecure': self._get_client_option('nova', 'insecure')
- }
-
- client = novaclient.Client(1.1, **args)
-
-- management_url = self.url_for(service_type=service_type)
-+ management_url = self.url_for(
-+ service_type=service_type,
-+ endpoint_type=self._get_client_option('nova', 'endpoint_type'))
- client.client.auth_token = self.auth_token
- client.client.management_url = management_url
-
-@@ -133,7 +137,12 @@ class OpenStackClients(object):
- 'key': None,
- 'authurl': None,
- 'preauthtoken': self.auth_token,
-- 'preauthurl': self.url_for(service_type='object-store')
-+ 'preauthurl': self.url_for(
-+ service_type='object-store',
-+ endpoint_type=self._get_client_option(
-+ 'swift', 'endpoint_type')),
-+ 'cacert': self._get_client_option('swift', 'ca_file'),
-+ 'insecure': self._get_client_option('swift', 'insecure')
- }
- self._swift = swiftclient.Connection(**args)
- return self._swift
-@@ -153,7 +162,12 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'service_type': 'network',
- 'token': self.auth_token,
-- 'endpoint_url': self.url_for(service_type='network')
-+ 'endpoint_url': self.url_for(
-+ service_type='network',
-+ endpoint_type=self._get_client_option(
-+ 'neutron', 'endpoint_type')),
-+ 'ca_cert': self._get_client_option('neutron', 'ca_file'),
-+ 'insecure': self._get_client_option('neutron', 'insecure')
- }
-
- self._neutron = neutronclient.Client(**args)
-@@ -176,11 +190,16 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'project_id': con.tenant,
- 'username': None,
-- 'api_key': None
-+ 'api_key': None,
-+ 'cacert': self._get_client_option('cinder', 'ca_file'),
-+ 'insecure': self._get_client_option('cinder', 'insecure')
- }
-
- self._cinder = cinderclient.Client('1', **args)
-- management_url = self.url_for(service_type='volume')
-+ management_url = self.url_for(
-+ service_type='volume',
-+ endpoint_type=self._get_client_option(
-+ 'cinder', 'endpoint_type'))
- self._cinder.client.auth_token = self.auth_token
- self._cinder.client.management_url = management_url
-
-@@ -201,7 +220,14 @@ class OpenStackClients(object):
- 'service_type': 'metering',
- 'project_id': con.tenant,
- 'token': lambda: self.auth_token,
-- 'endpoint': self.url_for(service_type='metering'),
-+ 'endpoint': self.url_for(
-+ service_type='metering',
-+ endpoint_type=self._get_client_option(
-+ 'ceilometer', 'endpoint_type')),
-+ 'ca_file': self._get_client_option('ceilometer', 'ca_file'),
-+ 'cert_file': self._get_client_option('ceilometer', 'cert_file'),
-+ 'key_file': self._get_client_option('ceilometer', 'key_file'),
-+ 'insecure': self._get_client_option('ceilometer', 'insecure')
- }
-
- client = ceilometerclient.Client(**args)
-@@ -209,6 +235,15 @@ class OpenStackClients(object):
- self._ceilometer = client
- return self._ceilometer
-
-+ def _get_client_option(self, client, option):
-+ try:
-+ group_name = 'clients_' + client
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group=group_name)
-+ return getattr(getattr(cfg.CONF, group_name), option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-
- if cfg.CONF.cloud_backend:
- cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend)
-@@ -217,3 +252,4 @@ else:
- Clients = OpenStackClients
-
- logger.debug('Using backend %s' % Clients)
-+
-diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py
-index 7e195dc..712ffa5 100644
---- a/heat/tests/test_heatclient.py
-+++ b/heat/tests/test_heatclient.py
-@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url=mox.IgnoreArg(),
- tenant_name='test_tenant',
-- token='abcd1234')
-+ token='abcd1234',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- elif method == 'password':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
-@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase):
- tenant_name='test_tenant',
- tenant_id='test_tenant_id',
- username='test_username',
-- password='password')
-+ password='password',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- if method == 'trust':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url='http://server.test:5000/v2.0',
- password='verybadpass',
- tenant_name='service',
-- username='heat')
-+ username='heat',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate(trust_id='atrust123',
- tenant_id='test_tenant_id'
- ).AndReturn(auth_ok)
-@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- token='abcd1234', project_name='test_tenant',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'password':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='test_username',
-@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase):
- project_name='test_tenant',
- project_id='test_tenant_id',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'trust':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='heat',
- password='verybadpass',
- project_name='service',
-- auth_url='http://server.test:5000/v3')
-+ auth_url='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_v3_client.authenticate().AndReturn(auth_ok)
-
- def test_username_length(self):
---
-1.7.9.5
-
+++ /dev/null
-From 467adeb3dc9a89aa6b39780b83196501d5c31ea7 Mon Sep 17 00:00:00 2001
-From: Serg Melikyan <smelikyan@mirantis.com>
-Date: Tue, 12 Nov 2013 14:33:17 +0400
-Subject: [PATCH] Adds ability to configure SSL params for clients used by the Heat
-
----
- etc/heat/heat.conf.sample | 169 ++++++++++++++++++++++++++++++++++++
- heat/common/config.py | 32 ++++++-
- heat/common/heat_keystoneclient.py | 18 ++++
- heat/engine/clients.py | 50 +++++++++--
- heat/tests/test_heatclient.py | 36 ++++++--
- 5 files changed, 291 insertions(+), 14 deletions(-)
-
-diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample
-index 1444f9b..376c98e 100644
---- a/etc/heat/heat.conf.sample
-+++ b/etc/heat/heat.conf.sample
-@@ -724,3 +724,172 @@
- #password=<None>
-
-
-+[clients_swift]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+
-+[clients_cinder]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients_nova]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients_ceilometer]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+[clients_neutron]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-+
-+
-+[clients_keystone]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+# Endpoint type
-+#endpoint_type=publicURL
-diff --git a/heat/common/config.py b/heat/common/config.py
-index 82b4ca5..155d4f4 100644
---- a/heat/common/config.py
-+++ b/heat/common/config.py
-@@ -1,4 +1,3 @@
--
- # vim: tabstop=4 shiftwidth=4 softtabstop=4
-
- #
-@@ -18,6 +17,7 @@
- Routines for configuring Heat
- """
-
-+import copy
- import logging as sys_logging
- import os
-
-@@ -134,6 +134,35 @@ auth_password_opts = [
- 'multi_cloud is enabled. At least one endpoint needs '
- 'to be specified.'))]
-
-+clients_opts = [
-+ cfg.StrOpt('ca_file',
-+ help=_('Optional CA cert file to use in SSL connections')),
-+ cfg.StrOpt('cert_file',
-+ help=_('Optional PEM-formatted certificate chain file')),
-+ cfg.StrOpt('key_file',
-+ help=_('Optional PEM-formatted file that contains the '
-+ 'private key')),
-+ cfg.BoolOpt('insecure',
-+ default=False,
-+ help=_("If set then the server's certificate will not "
-+ "be verified")),
-+ cfg.StrOpt('endpoint_type',
-+ default='publicURL',
-+ help=_('Endpoint type'))]
-+
-+
-+def register_clients_opts():
-+ cfg.CONF.register_opts(clients_opts, group='clients')
-+ for client in ('nova', 'swift', 'neutron', 'cinder',
-+ 'ceilometer', 'keystone'):
-+ client_specific_group = 'clients_' + client
-+ # register opts copy and put it to globals in order to
-+ # generate_sample.sh to work
-+ opts_copy = copy.deepcopy(clients_opts)
-+ globals()[client_specific_group + '_opts'] = opts_copy
-+ cfg.CONF.register_opts(opts_copy, group=client_specific_group)
-+
-+
- cfg.CONF.register_opts(db_opts)
- cfg.CONF.register_opts(engine_opts)
- cfg.CONF.register_opts(service_opts)
-@@ -142,6 +171,7 @@ cfg.CONF.register_group(paste_deploy_group)
- cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group)
- cfg.CONF.register_group(auth_password_group)
- cfg.CONF.register_opts(auth_password_opts, group=auth_password_group)
-+register_clients_opts()
-
-
- def rpc_set_default():
-diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py
-index 8fb13f7..8099ef2 100644
---- a/heat/common/heat_keystoneclient.py
-+++ b/heat/common/heat_keystoneclient.py
-@@ -100,6 +100,10 @@ class KeystoneClient(object):
- logger.error("Keystone v2 API connection failed, no password or "
- "auth_token!")
- raise exception.AuthorizationFailure()
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
- client_v2 = kc.Client(**kwargs)
-
- client_v2.authenticate(**auth_kwargs)
-@@ -161,12 +165,26 @@ class KeystoneClient(object):
- "auth_token!")
- raise exception.AuthorizationFailure()
-
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
-+
- client = kc_v3.Client(**kwargs)
- # Have to explicitly authenticate() or client.auth_ref is None
- client.authenticate()
-
- return client
-
-+ def _get_client_option(self, option):
-+ try:
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group='clients_keystone')
-+ return getattr(cfg.CONF.clients_keystone, option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-+
- def create_trust_context(self):
- """
- If cfg.CONF.deferred_auth_method is trusts, we create a
-diff --git a/heat/engine/clients.py b/heat/engine/clients.py
-index 6deae5b..a9475f7 100644
---- a/heat/engine/clients.py
-+++ b/heat/engine/clients.py
-@@ -103,12 +103,16 @@ class OpenStackClients(object):
- 'service_type': service_type,
- 'username': None,
- 'api_key': None,
-- 'extensions': extensions
-+ 'extensions': extensions,
-+ 'cacert': self._get_client_option('nova', 'ca_file'),
-+ 'insecure': self._get_client_option('nova', 'insecure')
- }
-
- client = novaclient.Client(1.1, **args)
-
-- management_url = self.url_for(service_type=service_type)
-+ management_url = self.url_for(
-+ service_type=service_type,
-+ endpoint_type=self._get_client_option('nova', 'endpoint_type'))
- client.client.auth_token = self.auth_token
- client.client.management_url = management_url
-
-@@ -133,7 +137,12 @@ class OpenStackClients(object):
- 'key': None,
- 'authurl': None,
- 'preauthtoken': self.auth_token,
-- 'preauthurl': self.url_for(service_type='object-store')
-+ 'preauthurl': self.url_for(
-+ service_type='object-store',
-+ endpoint_type=self._get_client_option(
-+ 'swift', 'endpoint_type')),
-+ 'cacert': self._get_client_option('swift', 'ca_file'),
-+ 'insecure': self._get_client_option('swift', 'insecure')
- }
- self._swift = swiftclient.Connection(**args)
- return self._swift
-@@ -153,7 +162,12 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'service_type': 'network',
- 'token': self.auth_token,
-- 'endpoint_url': self.url_for(service_type='network')
-+ 'endpoint_url': self.url_for(
-+ service_type='network',
-+ endpoint_type=self._get_client_option(
-+ 'neutron', 'endpoint_type')),
-+ 'ca_cert': self._get_client_option('neutron', 'ca_file'),
-+ 'insecure': self._get_client_option('neutron', 'insecure')
- }
-
- self._neutron = neutronclient.Client(**args)
-@@ -176,11 +190,16 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'project_id': con.tenant,
- 'username': None,
-- 'api_key': None
-+ 'api_key': None,
-+ 'cacert': self._get_client_option('cinder', 'ca_file'),
-+ 'insecure': self._get_client_option('cinder', 'insecure')
- }
-
- self._cinder = cinderclient.Client('1', **args)
-- management_url = self.url_for(service_type='volume')
-+ management_url = self.url_for(
-+ service_type='volume',
-+ endpoint_type=self._get_client_option(
-+ 'cinder', 'endpoint_type'))
- self._cinder.client.auth_token = self.auth_token
- self._cinder.client.management_url = management_url
-
-@@ -201,7 +220,14 @@ class OpenStackClients(object):
- 'service_type': 'metering',
- 'project_id': con.tenant,
- 'token': lambda: self.auth_token,
-- 'endpoint': self.url_for(service_type='metering'),
-+ 'endpoint': self.url_for(
-+ service_type='metering',
-+ endpoint_type=self._get_client_option(
-+ 'ceilometer', 'endpoint_type')),
-+ 'ca_file': self._get_client_option('ceilometer', 'ca_file'),
-+ 'cert_file': self._get_client_option('ceilometer', 'cert_file'),
-+ 'key_file': self._get_client_option('ceilometer', 'key_file'),
-+ 'insecure': self._get_client_option('ceilometer', 'insecure')
- }
-
- client = ceilometerclient.Client(**args)
-@@ -209,6 +235,15 @@ class OpenStackClients(object):
- self._ceilometer = client
- return self._ceilometer
-
-+ def _get_client_option(self, client, option):
-+ try:
-+ group_name = 'clients_' + client
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group=group_name)
-+ return getattr(getattr(cfg.CONF, group_name), option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-
- if cfg.CONF.cloud_backend:
- cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend)
-@@ -217,3 +252,4 @@ else:
- Clients = OpenStackClients
-
- logger.debug('Using backend %s' % Clients)
-+
-diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py
-index 7e195dc..712ffa5 100644
---- a/heat/tests/test_heatclient.py
-+++ b/heat/tests/test_heatclient.py
-@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url=mox.IgnoreArg(),
- tenant_name='test_tenant',
-- token='abcd1234')
-+ token='abcd1234',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- elif method == 'password':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
-@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase):
- tenant_name='test_tenant',
- tenant_id='test_tenant_id',
- username='test_username',
-- password='password')
-+ password='password',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- if method == 'trust':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url='http://server.test:5000/v2.0',
- password='verybadpass',
- tenant_name='service',
-- username='heat')
-+ username='heat',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate(trust_id='atrust123',
- tenant_id='test_tenant_id'
- ).AndReturn(auth_ok)
-@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- token='abcd1234', project_name='test_tenant',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'password':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='test_username',
-@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase):
- project_name='test_tenant',
- project_id='test_tenant_id',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'trust':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='heat',
- password='verybadpass',
- project_name='service',
-- auth_url='http://server.test:5000/v3')
-+ auth_url='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_v3_client.authenticate().AndReturn(auth_ok)
-
- def test_username_length(self):
---
-1.7.9.5
-
Code Review / openstack-build / heat-build.git / commitdiff