From 9240fef1b29fefd125a3e5c0066fe9a89519437c Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 4 May 2015 18:42:48 -0700 Subject: [PATCH] VMware: insecure option should be exposed Commit Ida730db66b154a4d445f7a91bccb9ca5b5a26f5e introduced certificate verification but did not expose the option to turn on/off verification using the insecure boolean of oslo.vmware. DocImpact Change-Id: I834c9fb407c8790dab14db0308f7e7f1d551669e Closes-Bug: #1451633 --- cinder/tests/unit/test_vmware_vmdk.py | 4 +++- cinder/volume/drivers/vmware/vmdk.py | 13 +++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/cinder/tests/unit/test_vmware_vmdk.py b/cinder/tests/unit/test_vmware_vmdk.py index 761525a34..eb1f68b07 100644 --- a/cinder/tests/unit/test_vmware_vmdk.py +++ b/cinder/tests/unit/test_vmware_vmdk.py @@ -165,6 +165,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase): self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS self._config.vmware_tmp_dir = self.TMP_DIR self._config.vmware_ca_file = self.CA_FILE + self._config.vmware_insecure = False self._db = mock.Mock() self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config, db=self._db) @@ -2851,7 +2852,8 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase): self._config.vmware_task_poll_interval, wsdl_loc=self._config.safe_get('vmware_wsdl_location'), pbm_wsdl_loc=None, - cacert=self._config.vmware_ca_file) + cacert=self._config.vmware_ca_file, + insecure=self._config.vmware_insecure) class ImageDiskTypeTest(test.TestCase): diff --git a/cinder/volume/drivers/vmware/vmdk.py b/cinder/volume/drivers/vmware/vmdk.py index af7600dab..fbed40ac9 100644 --- a/cinder/volume/drivers/vmware/vmdk.py +++ b/cinder/volume/drivers/vmware/vmdk.py @@ -109,7 +109,14 @@ vmdk_opts = [ 'backup and restore.'), cfg.StrOpt('vmware_ca_file', default=None, - help='CA bundle file to verify vCenter server certificate.') + help='CA bundle file to use in verifying the vCenter server ' + 'certificate.'), + cfg.BoolOpt('vmware_insecure', + default=False, + help='If true, the vCenter server certificate is not ' + 'verified. If false, then the default CA truststore is ' + 'used for verification. This option is ignored if ' + '"vmware_ca_file" is set.'), ] CONF = cfg.CONF @@ -1888,12 +1895,14 @@ class VMwareVcVmdkDriver(VMwareEsxVmdkDriver): wsdl_loc = self.configuration.safe_get('vmware_wsdl_location') pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None ca_file = self.configuration.vmware_ca_file + insecure = self.configuration.vmware_insecure self._session = api.VMwareAPISession(ip, username, password, api_retry_count, task_poll_interval, wsdl_loc=wsdl_loc, pbm_wsdl_loc=pbm_wsdl, - cacert=ca_file) + cacert=ca_file, + insecure=insecure) return self._session def _get_vc_version(self): -- 2.45.2