From: Tom Swanson Date: Tue, 12 May 2015 17:37:43 +0000 (-0500) Subject: Dell: Added verify cert option for REST calls X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=6e0e4d368318354b3ac3650aa6eeb13c29e8d50b;p=openstack-build%2Fcinder-build.git Dell: Added verify cert option for REST calls If one goes through the trouble to create a cert and install it on the Dell Data Collector and on the cinder node then we can enable certificate verification on the request calls to the Dell REST API. This simply makes dell_sc_verify_cert a cinder.conf option for a Dell backend and directly uses that as the verify option on the REST requests. Default is False. The update_migrated_volume function arrived via a rebase and had a merge issue that was fixed. Specifically the dell_sc_ssn value is no longer part of the api.find_sc call. Spelling error also corrected in a LOG message. SecImpact Change-Id: I22348d5e0b55d56f44f1fc4f0c830790a6670494 Implements: blueprint dell-sc-add-verify-cert --- diff --git a/cinder/tests/unit/test_dellsc.py b/cinder/tests/unit/test_dellsc.py index 045f7b124..f65fb0d80 100644 --- a/cinder/tests/unit/test_dellsc.py +++ b/cinder/tests/unit/test_dellsc.py @@ -1095,6 +1095,6 @@ class DellSCSanISCSIDriverTestCase(test.TestCase): volume = {'id': 111} backend_volume = {'id': None} rt = self.driver.update_migrated_volume(None, volume, backend_volume) - mock_find_sc.assert_called_once_with(12345) - mock_find_volume.assert_called_once_with(12345, None) + mock_find_sc.assert_called_once_with() + mock_find_volume.assert_called_once_with(None) self.assertEqual(None, rt) diff --git a/cinder/tests/unit/test_dellscapi.py b/cinder/tests/unit/test_dellscapi.py index 31b36b154..96bdf5458 100644 --- a/cinder/tests/unit/test_dellscapi.py +++ b/cinder/tests/unit/test_dellscapi.py @@ -1434,6 +1434,14 @@ class DellSCSanAPITestCase(test.TestCase): self.configuration.dell_sc_ssn = 12345 self.configuration.dell_sc_server_folder = 'opnstktst' self.configuration.dell_sc_volume_folder = 'opnstktst' + # Note that we set this to True even though we do not + # test this functionality. This is sent directly to + # the requests calls as the verify parameter and as + # that is a third party library deeply stubbed out is + # not directly testable by this code. Note that in the + # case that this fails the driver fails to even come + # up. + self.configuration.dell_sc_verify_cert = True self.configuration.dell_sc_api_port = 3033 self.configuration.iscsi_ip_address = '192.168.1.1' self.configuration.iscsi_port = 3260 @@ -1444,7 +1452,8 @@ class DellSCSanAPITestCase(test.TestCase): self.configuration.san_ip, self.configuration.dell_sc_api_port, self.configuration.san_login, - self.configuration.san_password) + self.configuration.san_password, + self.configuration.dell_sc_verify_cert) # Set up the scapi configuration vars self.scapi.ssn = self.configuration.dell_sc_ssn @@ -3896,6 +3905,14 @@ class DellSCSanAPIConnectionTestCase(test.TestCase): self.configuration.dell_sc_ssn = 12345 self.configuration.dell_sc_server_folder = 'openstack' self.configuration.dell_sc_volume_folder = 'openstack' + # Note that we set this to True even though we do not + # test this functionality. This is sent directly to + # the requests calls as the verify parameter and as + # that is a third party library deeply stubbed out is + # not directly testable by this code. Note that in the + # case that this fails the driver fails to even come + # up. + self.configuration.dell_sc_verify_cert = True self.configuration.dell_sc_api_port = 3033 self.configuration.iscsi_ip_address = '192.168.1.1' self.configuration.iscsi_port = 3260 @@ -3906,7 +3923,8 @@ class DellSCSanAPIConnectionTestCase(test.TestCase): self.configuration.san_ip, self.configuration.dell_sc_api_port, self.configuration.san_login, - self.configuration.san_password) + self.configuration.san_password, + self.configuration.dell_sc_verify_cert) # Set up the scapi configuration vars self.scapi.ssn = self.configuration.dell_sc_ssn diff --git a/cinder/volume/drivers/dell/dell_storagecenter_api.py b/cinder/volume/drivers/dell/dell_storagecenter_api.py index 8579e9aae..6053ecdb5 100644 --- a/cinder/volume/drivers/dell/dell_storagecenter_api.py +++ b/cinder/volume/drivers/dell/dell_storagecenter_api.py @@ -59,14 +59,14 @@ class HttpClient(object): Helper for making the REST calls. ''' - def __init__(self, host, port, user, password): + def __init__(self, host, port, user, password, verify): self.baseUrl = 'https://%s:%s/api/rest/' % (host, port) self.session = requests.Session() self.session.auth = (user, password) self.header = {} self.header['Content-Type'] = 'application/json; charset=utf-8' self.header['x-dell-api-version'] = '2.0' - self.verify = False + self.verify = verify def __enter__(self): return self @@ -132,7 +132,8 @@ class StorageCenterApiHelper(object): connection = StorageCenterApi(self.config.san_ip, self.config.dell_sc_api_port, self.config.san_login, - self.config.san_password) + self.config.san_password, + self.config.dell_sc_verify_cert) # This instance is for a single backend. That backend has a # few items of information we should save rather than passing them # about. @@ -155,7 +156,7 @@ class StorageCenterApi(object): APIVERSION = '1.0.1' - def __init__(self, host, port, user, password): + def __init__(self, host, port, user, password, verify): self.notes = 'Created by Dell Cinder Driver' self.ssn = None self.vfname = 'openstack' @@ -163,7 +164,8 @@ class StorageCenterApi(object): self.client = HttpClient(host, port, user, - password) + password, + verify) def __enter__(self): return self diff --git a/cinder/volume/drivers/dell/dell_storagecenter_common.py b/cinder/volume/drivers/dell/dell_storagecenter_common.py index d44eeab0a..2c19c71c0 100644 --- a/cinder/volume/drivers/dell/dell_storagecenter_common.py +++ b/cinder/volume/drivers/dell/dell_storagecenter_common.py @@ -34,7 +34,10 @@ common_opts = [ help='Name of the server folder to use on the Storage Center'), cfg.StrOpt('dell_sc_volume_folder', default='openstack', - help='Name of the volume folder to use on the Storage Center') + help='Name of the volume folder to use on the Storage Center'), + cfg.BoolOpt('dell_sc_verify_cert', + default=False, + help='Enable HTTPS SC certificate verification.') ] LOG = logging.getLogger(__name__) @@ -343,15 +346,13 @@ class DellCommonDriver(san.SanDriver): 'o': original_volume_name}) if original_volume_name: with self._client.open_connection() as api: - ssn = api.find_sc(self.configuration.dell_sc_ssn) - if ssn is not None: - scvolume = api.find_volume(ssn, - current_name) - if scvolume: - if api.rename_volume(scvolume, original_volume_name): - model_update = {'_name_id': None} - return model_update + if api.find_sc(): + scvolume = api.find_volume(current_name) + if (scvolume and + api.rename_volume(scvolume, original_volume_name)): + model_update = {'_name_id': None} + return model_update # The world was horrible to us so we should error and leave. - LOG.error(_LE('Unabled to rename the logical volume for volume: %s'), + LOG.error(_LE('Unable to rename the logical volume for volume: %s'), original_volume_name) return None