+++ /dev/null
-From ac190f0da6ce367cc833b92677266e7bbf7e2270 Mon Sep 17 00:00:00 2001
-From: Timur Sufiev <tsufiev@mirantis.com>
-Date: Thu, 5 Dec 2013 19:46:28 +0400
-Subject: [PATCH] Adds ability to configure various clients used by the Heat
-
-This commit adds config sections [clients_nova], [clients_swift],
-[clients_neutron], [clients_cinder], [clients_ceilometer] and
-[clients_keystone]. These sections contain additional configuration
-options for corresponding OpenStack clients.
-Currently those are only SSL-related setting ca_file, cert_file,
-key_file and insecure. Note, than not every client library is
-currently capable of utilizing all of the SSL settings.
-
-There is also a plain [clients] section that holds shared client
-options. Each option searched first at specific group (clients_xxx)
-and if it not found there then the value from [clients] group
-are taken (or default values if there is no such setting in this
-group). This allows defining shared configuration that would be
-used by most (or all) clients without repeating the same settings
-for each and every client separately
-
-Closes-Bug: #1213122
-Implements: blueprint clients-ssl-options
-Ported from: icehouse.
----
- etc/heat/heat.conf.sample | 182 ++++++++++++++++++++++++++++++++++---
- heat/common/config.py | 28 +++++-
- heat/common/heat_keystoneclient.py | 17 ++++
- heat/engine/clients.py | 30 +++++-
- heat/tests/test_heatclient.py | 36 ++++++--
- 5 files changed, 268 insertions(+), 25 deletions(-)
-
-diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample
-index 1444f9b..20dadd3 100644
---- a/etc/heat/heat.conf.sample
-+++ b/etc/heat/heat.conf.sample
-@@ -473,6 +473,43 @@
- #matchmaker_heartbeat_ttl=600
-
-
-+[clients_swift]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[auth_password]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Allow orchestration of multiple clouds (boolean value)
-+#multi_cloud=false
-+
-+# Allowed keystone endpoints for auth_uri when multi_cloud is
-+# enabled. At least one endpoint needs to be specified. (list
-+# value)
-+#allowed_auth_uris=
-+
-+
- [ssl]
-
- #
-@@ -568,6 +605,104 @@
- #api_paste_config=api-paste.ini
-
-
-+[clients_cinder]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[clients]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[clients_nova]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[matchmaker_ring]
-+
-+#
-+# Options defined in heat.openstack.common.rpc.matchmaker_ring
-+#
-+
-+# Matchmaker ring file (JSON) (string value)
-+#ringfile=/etc/oslo/matchmaker_ring.json
-+
-+
-+[clients_ceilometer]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
- [rpc_notifier2]
-
- #
-@@ -683,29 +818,26 @@
- #workers=0
-
-
--[auth_password]
-+[clients_neutron]
-
- #
- # Options defined in heat.common.config
- #
-
--# Allow orchestration of multiple clouds (boolean value)
--#multi_cloud=false
--
--# Allowed keystone endpoints for auth_uri when multi_cloud is
--# enabled. At least one endpoint needs to be specified. (list
-+# Optional CA cert file to use in SSL connections (string
- # value)
--#allowed_auth_uris=
-+#ca_file=<None>
-
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-
--[matchmaker_ring]
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-
--#
--# Options defined in heat.openstack.common.rpc.matchmaker_ring
--#
--
--# Matchmaker ring file (JSON) (string value)
--#ringfile=/etc/oslo/matchmaker_ring.json
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-
-
- [matchmaker_redis]
-@@ -724,3 +856,25 @@
- #password=<None>
-
-
-+[clients_keystone]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-diff --git a/heat/common/config.py b/heat/common/config.py
-index 82b4ca5..b115f20 100644
---- a/heat/common/config.py
-+++ b/heat/common/config.py
-@@ -17,7 +17,7 @@
- """
- Routines for configuring Heat
- """
--
-+import copy
- import logging as sys_logging
- import os
-
-@@ -133,6 +133,31 @@ auth_password_opts = [
- help=_('Allowed keystone endpoints for auth_uri when '
- 'multi_cloud is enabled. At least one endpoint needs '
- 'to be specified.'))]
-+clients_opts = [
-+ cfg.StrOpt('ca_file',
-+ help=_('Optional CA cert file to use in SSL connections')),
-+ cfg.StrOpt('cert_file',
-+ help=_('Optional PEM-formatted certificate chain file')),
-+ cfg.StrOpt('key_file',
-+ help=_('Optional PEM-formatted file that contains the '
-+ 'private key')),
-+ cfg.BoolOpt('insecure',
-+ default=False,
-+ help=_("If set then the server's certificate will not "
-+ "be verified"))]
-+
-+
-+def register_clients_opts():
-+ cfg.CONF.register_opts(clients_opts, group='clients')
-+ for client in ('nova', 'swift', 'neutron', 'cinder',
-+ 'ceilometer', 'keystone'):
-+ client_specific_group = 'clients_' + client
-+ # register opts copy and put it to globals in order to
-+ # generate_sample.sh to work
-+ opts_copy = copy.deepcopy(clients_opts)
-+ globals()[client_specific_group + '_opts'] = opts_copy
-+ cfg.CONF.register_opts(opts_copy, group=client_specific_group)
-+
-
- cfg.CONF.register_opts(db_opts)
- cfg.CONF.register_opts(engine_opts)
-@@ -142,6 +167,7 @@ cfg.CONF.register_group(paste_deploy_group)
- cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group)
- cfg.CONF.register_group(auth_password_group)
- cfg.CONF.register_opts(auth_password_opts, group=auth_password_group)
-+register_clients_opts()
-
-
- def rpc_set_default():
-diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py
-index 8fb13f7..d052a67 100644
---- a/heat/common/heat_keystoneclient.py
-+++ b/heat/common/heat_keystoneclient.py
-@@ -100,6 +100,10 @@ class KeystoneClient(object):
- logger.error("Keystone v2 API connection failed, no password or "
- "auth_token!")
- raise exception.AuthorizationFailure()
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
- client_v2 = kc.Client(**kwargs)
-
- client_v2.authenticate(**auth_kwargs)
-@@ -161,12 +165,25 @@ class KeystoneClient(object):
- "auth_token!")
- raise exception.AuthorizationFailure()
-
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
- client = kc_v3.Client(**kwargs)
- # Have to explicitly authenticate() or client.auth_ref is None
- client.authenticate()
-
- return client
-
-+ def _get_client_option(self, option):
-+ try:
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group='clients_keystone')
-+ return getattr(cfg.CONF.clients_keystone, option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-+
- def create_trust_context(self):
- """
- If cfg.CONF.deferred_auth_method is trusts, we create a
-diff --git a/heat/engine/clients.py b/heat/engine/clients.py
-index 6deae5b..a749cd2 100644
---- a/heat/engine/clients.py
-+++ b/heat/engine/clients.py
-@@ -103,7 +103,9 @@ class OpenStackClients(object):
- 'service_type': service_type,
- 'username': None,
- 'api_key': None,
-- 'extensions': extensions
-+ 'extensions': extensions,
-+ 'cacert': self._get_client_option('nova', 'ca_file'),
-+ 'insecure': self._get_client_option('nova', 'insecure')
- }
-
- client = novaclient.Client(1.1, **args)
-@@ -133,7 +135,9 @@ class OpenStackClients(object):
- 'key': None,
- 'authurl': None,
- 'preauthtoken': self.auth_token,
-- 'preauthurl': self.url_for(service_type='object-store')
-+ 'preauthurl': self.url_for(service_type='object-store'),
-+ 'cacert': self._get_client_option('swift', 'ca_file'),
-+ 'insecure': self._get_client_option('swift', 'insecure')
- }
- self._swift = swiftclient.Connection(**args)
- return self._swift
-@@ -153,7 +157,9 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'service_type': 'network',
- 'token': self.auth_token,
-- 'endpoint_url': self.url_for(service_type='network')
-+ 'endpoint_url': self.url_for(service_type='network'),
-+ 'ca_cert': self._get_client_option('neutron', 'ca_file'),
-+ 'insecure': self._get_client_option('neutron', 'insecure')
- }
-
- self._neutron = neutronclient.Client(**args)
-@@ -176,7 +182,9 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'project_id': con.tenant,
- 'username': None,
-- 'api_key': None
-+ 'api_key': None,
-+ 'cacert': self._get_client_option('cinder', 'ca_file'),
-+ 'insecure': self._get_client_option('cinder', 'insecure')
- }
-
- self._cinder = cinderclient.Client('1', **args)
-@@ -202,6 +210,10 @@ class OpenStackClients(object):
- 'project_id': con.tenant,
- 'token': lambda: self.auth_token,
- 'endpoint': self.url_for(service_type='metering'),
-+ 'ca_file': self._get_client_option('ceilometer', 'ca_file'),
-+ 'cert_file': self._get_client_option('ceilometer', 'cert_file'),
-+ 'key_file': self._get_client_option('ceilometer', 'key_file'),
-+ 'insecure': self._get_client_option('ceilometer', 'insecure')
- }
-
- client = ceilometerclient.Client(**args)
-@@ -209,6 +221,16 @@ class OpenStackClients(object):
- self._ceilometer = client
- return self._ceilometer
-
-+ def _get_client_option(self, client, option):
-+ try:
-+ group_name = 'clients_' + client
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group=group_name)
-+ return getattr(getattr(cfg.CONF, group_name), option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-+
-
- if cfg.CONF.cloud_backend:
- cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend)
-diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py
-index 7e195dc..712ffa5 100644
---- a/heat/tests/test_heatclient.py
-+++ b/heat/tests/test_heatclient.py
-@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url=mox.IgnoreArg(),
- tenant_name='test_tenant',
-- token='abcd1234')
-+ token='abcd1234',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- elif method == 'password':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
-@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase):
- tenant_name='test_tenant',
- tenant_id='test_tenant_id',
- username='test_username',
-- password='password')
-+ password='password',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- if method == 'trust':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url='http://server.test:5000/v2.0',
- password='verybadpass',
- tenant_name='service',
-- username='heat')
-+ username='heat',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate(trust_id='atrust123',
- tenant_id='test_tenant_id'
- ).AndReturn(auth_ok)
-@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- token='abcd1234', project_name='test_tenant',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'password':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='test_username',
-@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase):
- project_name='test_tenant',
- project_id='test_tenant_id',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'trust':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='heat',
- password='verybadpass',
- project_name='service',
-- auth_url='http://server.test:5000/v3')
-+ auth_url='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_v3_client.authenticate().AndReturn(auth_ok)
-
- def test_username_length(self):
---
-1.8.3.2
-
default-sqlite.patch
-Ability-to-configure-various-clients-used-by-the-Heat.patch
Allow-Address-Pairs-feature.patch
+++ /dev/null
-From ac190f0da6ce367cc833b92677266e7bbf7e2270 Mon Sep 17 00:00:00 2001
-From: Timur Sufiev <tsufiev@mirantis.com>
-Date: Thu, 5 Dec 2013 19:46:28 +0400
-Subject: [PATCH] Adds ability to configure various clients used by the Heat
-
-This commit adds config sections [clients_nova], [clients_swift],
-[clients_neutron], [clients_cinder], [clients_ceilometer] and
-[clients_keystone]. These sections contain additional configuration
-options for corresponding OpenStack clients.
-Currently those are only SSL-related setting ca_file, cert_file,
-key_file and insecure. Note, than not every client library is
-currently capable of utilizing all of the SSL settings.
-
-There is also a plain [clients] section that holds shared client
-options. Each option searched first at specific group (clients_xxx)
-and if it not found there then the value from [clients] group
-are taken (or default values if there is no such setting in this
-group). This allows defining shared configuration that would be
-used by most (or all) clients without repeating the same settings
-for each and every client separately
-
-Closes-Bug: #1213122
-Implements: blueprint clients-ssl-options
-Ported from: icehouse.
----
- etc/heat/heat.conf.sample | 182 ++++++++++++++++++++++++++++++++++---
- heat/common/config.py | 28 +++++-
- heat/common/heat_keystoneclient.py | 17 ++++
- heat/engine/clients.py | 30 +++++-
- heat/tests/test_heatclient.py | 36 ++++++--
- 5 files changed, 268 insertions(+), 25 deletions(-)
-
-diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample
-index 1444f9b..20dadd3 100644
---- a/etc/heat/heat.conf.sample
-+++ b/etc/heat/heat.conf.sample
-@@ -473,6 +473,43 @@
- #matchmaker_heartbeat_ttl=600
-
-
-+[clients_swift]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[auth_password]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Allow orchestration of multiple clouds (boolean value)
-+#multi_cloud=false
-+
-+# Allowed keystone endpoints for auth_uri when multi_cloud is
-+# enabled. At least one endpoint needs to be specified. (list
-+# value)
-+#allowed_auth_uris=
-+
-+
- [ssl]
-
- #
-@@ -568,6 +605,104 @@
- #api_paste_config=api-paste.ini
-
-
-+[clients_cinder]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[clients]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[clients_nova]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-+[matchmaker_ring]
-+
-+#
-+# Options defined in heat.openstack.common.rpc.matchmaker_ring
-+#
-+
-+# Matchmaker ring file (JSON) (string value)
-+#ringfile=/etc/oslo/matchmaker_ring.json
-+
-+
-+[clients_ceilometer]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
- [rpc_notifier2]
-
- #
-@@ -683,29 +818,26 @@
- #workers=0
-
-
--[auth_password]
-+[clients_neutron]
-
- #
- # Options defined in heat.common.config
- #
-
--# Allow orchestration of multiple clouds (boolean value)
--#multi_cloud=false
--
--# Allowed keystone endpoints for auth_uri when multi_cloud is
--# enabled. At least one endpoint needs to be specified. (list
-+# Optional CA cert file to use in SSL connections (string
- # value)
--#allowed_auth_uris=
-+#ca_file=<None>
-
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-
--[matchmaker_ring]
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-
--#
--# Options defined in heat.openstack.common.rpc.matchmaker_ring
--#
--
--# Matchmaker ring file (JSON) (string value)
--#ringfile=/etc/oslo/matchmaker_ring.json
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-
-
- [matchmaker_redis]
-@@ -724,3 +856,25 @@
- #password=<None>
-
-
-+[clients_keystone]
-+
-+#
-+# Options defined in heat.common.config
-+#
-+
-+# Optional CA cert file to use in SSL connections (string
-+# value)
-+#ca_file=<None>
-+
-+# Optional PEM-formatted certificate chain file (string value)
-+#cert_file=<None>
-+
-+# Optional PEM-formatted file that contains the private key
-+# (string value)
-+#key_file=<None>
-+
-+# If set then the server's certificate will not be verified
-+# (boolean value)
-+#insecure=false
-+
-+
-diff --git a/heat/common/config.py b/heat/common/config.py
-index 82b4ca5..b115f20 100644
---- a/heat/common/config.py
-+++ b/heat/common/config.py
-@@ -17,7 +17,7 @@
- """
- Routines for configuring Heat
- """
--
-+import copy
- import logging as sys_logging
- import os
-
-@@ -133,6 +133,31 @@ auth_password_opts = [
- help=_('Allowed keystone endpoints for auth_uri when '
- 'multi_cloud is enabled. At least one endpoint needs '
- 'to be specified.'))]
-+clients_opts = [
-+ cfg.StrOpt('ca_file',
-+ help=_('Optional CA cert file to use in SSL connections')),
-+ cfg.StrOpt('cert_file',
-+ help=_('Optional PEM-formatted certificate chain file')),
-+ cfg.StrOpt('key_file',
-+ help=_('Optional PEM-formatted file that contains the '
-+ 'private key')),
-+ cfg.BoolOpt('insecure',
-+ default=False,
-+ help=_("If set then the server's certificate will not "
-+ "be verified"))]
-+
-+
-+def register_clients_opts():
-+ cfg.CONF.register_opts(clients_opts, group='clients')
-+ for client in ('nova', 'swift', 'neutron', 'cinder',
-+ 'ceilometer', 'keystone'):
-+ client_specific_group = 'clients_' + client
-+ # register opts copy and put it to globals in order to
-+ # generate_sample.sh to work
-+ opts_copy = copy.deepcopy(clients_opts)
-+ globals()[client_specific_group + '_opts'] = opts_copy
-+ cfg.CONF.register_opts(opts_copy, group=client_specific_group)
-+
-
- cfg.CONF.register_opts(db_opts)
- cfg.CONF.register_opts(engine_opts)
-@@ -142,6 +167,7 @@ cfg.CONF.register_group(paste_deploy_group)
- cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group)
- cfg.CONF.register_group(auth_password_group)
- cfg.CONF.register_opts(auth_password_opts, group=auth_password_group)
-+register_clients_opts()
-
-
- def rpc_set_default():
-diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py
-index 8fb13f7..d052a67 100644
---- a/heat/common/heat_keystoneclient.py
-+++ b/heat/common/heat_keystoneclient.py
-@@ -100,6 +100,10 @@ class KeystoneClient(object):
- logger.error("Keystone v2 API connection failed, no password or "
- "auth_token!")
- raise exception.AuthorizationFailure()
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
- client_v2 = kc.Client(**kwargs)
-
- client_v2.authenticate(**auth_kwargs)
-@@ -161,12 +165,25 @@ class KeystoneClient(object):
- "auth_token!")
- raise exception.AuthorizationFailure()
-
-+ kwargs['cacert'] = self._get_client_option('ca_file')
-+ kwargs['insecure'] = self._get_client_option('insecure')
-+ kwargs['cert'] = self._get_client_option('cert_file')
-+ kwargs['key'] = self._get_client_option('key_file')
- client = kc_v3.Client(**kwargs)
- # Have to explicitly authenticate() or client.auth_ref is None
- client.authenticate()
-
- return client
-
-+ def _get_client_option(self, option):
-+ try:
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group='clients_keystone')
-+ return getattr(cfg.CONF.clients_keystone, option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-+
- def create_trust_context(self):
- """
- If cfg.CONF.deferred_auth_method is trusts, we create a
-diff --git a/heat/engine/clients.py b/heat/engine/clients.py
-index 6deae5b..a749cd2 100644
---- a/heat/engine/clients.py
-+++ b/heat/engine/clients.py
-@@ -103,7 +103,9 @@ class OpenStackClients(object):
- 'service_type': service_type,
- 'username': None,
- 'api_key': None,
-- 'extensions': extensions
-+ 'extensions': extensions,
-+ 'cacert': self._get_client_option('nova', 'ca_file'),
-+ 'insecure': self._get_client_option('nova', 'insecure')
- }
-
- client = novaclient.Client(1.1, **args)
-@@ -133,7 +135,9 @@ class OpenStackClients(object):
- 'key': None,
- 'authurl': None,
- 'preauthtoken': self.auth_token,
-- 'preauthurl': self.url_for(service_type='object-store')
-+ 'preauthurl': self.url_for(service_type='object-store'),
-+ 'cacert': self._get_client_option('swift', 'ca_file'),
-+ 'insecure': self._get_client_option('swift', 'insecure')
- }
- self._swift = swiftclient.Connection(**args)
- return self._swift
-@@ -153,7 +157,9 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'service_type': 'network',
- 'token': self.auth_token,
-- 'endpoint_url': self.url_for(service_type='network')
-+ 'endpoint_url': self.url_for(service_type='network'),
-+ 'ca_cert': self._get_client_option('neutron', 'ca_file'),
-+ 'insecure': self._get_client_option('neutron', 'insecure')
- }
-
- self._neutron = neutronclient.Client(**args)
-@@ -176,7 +182,9 @@ class OpenStackClients(object):
- 'auth_url': con.auth_url,
- 'project_id': con.tenant,
- 'username': None,
-- 'api_key': None
-+ 'api_key': None,
-+ 'cacert': self._get_client_option('cinder', 'ca_file'),
-+ 'insecure': self._get_client_option('cinder', 'insecure')
- }
-
- self._cinder = cinderclient.Client('1', **args)
-@@ -202,6 +210,10 @@ class OpenStackClients(object):
- 'project_id': con.tenant,
- 'token': lambda: self.auth_token,
- 'endpoint': self.url_for(service_type='metering'),
-+ 'ca_file': self._get_client_option('ceilometer', 'ca_file'),
-+ 'cert_file': self._get_client_option('ceilometer', 'cert_file'),
-+ 'key_file': self._get_client_option('ceilometer', 'key_file'),
-+ 'insecure': self._get_client_option('ceilometer', 'insecure')
- }
-
- client = ceilometerclient.Client(**args)
-@@ -209,6 +221,16 @@ class OpenStackClients(object):
- self._ceilometer = client
- return self._ceilometer
-
-+ def _get_client_option(self, client, option):
-+ try:
-+ group_name = 'clients_' + client
-+ cfg.CONF.import_opt(option, 'heat.common.config',
-+ group=group_name)
-+ return getattr(getattr(cfg.CONF, group_name), option)
-+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError):
-+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
-+ return getattr(cfg.CONF.clients, option)
-+
-
- if cfg.CONF.cloud_backend:
- cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend)
-diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py
-index 7e195dc..712ffa5 100644
---- a/heat/tests/test_heatclient.py
-+++ b/heat/tests/test_heatclient.py
-@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url=mox.IgnoreArg(),
- tenant_name='test_tenant',
-- token='abcd1234')
-+ token='abcd1234',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- elif method == 'password':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
-@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase):
- tenant_name='test_tenant',
- tenant_id='test_tenant_id',
- username='test_username',
-- password='password')
-+ password='password',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate().AndReturn(auth_ok)
- if method == 'trust':
- self.mock_ks_client = heat_keystoneclient.kc.Client(
- auth_url='http://server.test:5000/v2.0',
- password='verybadpass',
- tenant_name='service',
-- username='heat')
-+ username='heat',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_client.authenticate(trust_id='atrust123',
- tenant_id='test_tenant_id'
- ).AndReturn(auth_ok)
-@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase):
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- token='abcd1234', project_name='test_tenant',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'password':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='test_username',
-@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase):
- project_name='test_tenant',
- project_id='test_tenant_id',
- auth_url='http://server.test:5000/v3',
-- endpoint='http://server.test:5000/v3')
-+ endpoint='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- elif method == 'trust':
- self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client(
- username='heat',
- password='verybadpass',
- project_name='service',
-- auth_url='http://server.test:5000/v3')
-+ auth_url='http://server.test:5000/v3',
-+ cacert=None,
-+ cert=None,
-+ insecure=False,
-+ key=None)
- self.mock_ks_v3_client.authenticate().AndReturn(auth_ok)
-
- def test_username_length(self):
---
-1.8.3.2
-
Patch1: remove-pbr-runtime-dependency.patch
# EPEL specific patch, not upstream
Patch100: heat-newdeps.patch
-Patch200: Ability-to-configure-various-clients-used-by-the-Heat.patch
Patch300: Allow-Address-Pairs-feature.patch
BuildArch: noarch
%patch0 -p1
%patch1 -p1
%patch100 -p1
-%patch200 -p1
%patch300 -p1
sed -i s/REDHATHEATVERSION/%{version}/ heat/version.py
Code Review / openstack-build / heat-build.git / commitdiff