From b4295c1459a4d9102fc29f0fafebafe28ff8ab9a Mon Sep 17 00:00:00 2001 From: Shay Halsband Date: Tue, 22 Dec 2015 15:48:49 +0200 Subject: [PATCH] XtremIO: Set the location of a CA certificate * The current CA verification will only work for known CAs which are bundled with requests. The extra parameter allows to configure a custom location for the CA bundle, which can be relavnt to all drivers. Closes-Bug: #1528855 Change-Id: I335ba99a9bc1546b6e70ac9879449a4e0f03c16e --- cinder/tests/unit/test_emc_xtremio.py | 15 ++++++++++++++- cinder/volume/driver.py | 4 ++++ cinder/volume/drivers/emc/xtremio.py | 8 ++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/cinder/tests/unit/test_emc_xtremio.py b/cinder/tests/unit/test_emc_xtremio.py index fb2a032c4..32b3d2690 100644 --- a/cinder/tests/unit/test_emc_xtremio.py +++ b/cinder/tests/unit/test_emc_xtremio.py @@ -571,9 +571,11 @@ class EMCXIODriverTestCase(test.TestCase): configuration.san_password = '' configuration.san_ip = '' configuration.xtremio_cluster_name = '' + configuration.driver_ssl_cert_verify = True + configuration.driver_ssl_cert_path = '/test/path/root_ca.crt' def safe_get(key): - getattr(configuration, key) + return getattr(configuration, key) configuration.safe_get = safe_get self.driver = xtremio.XtremIOISCSIDriver(configuration=configuration) @@ -601,6 +603,17 @@ class EMCXIODriverTestCase(test.TestCase): req.side_effect = busy_request self.driver.create_volume(self.data.test_volume) + def test_verify_cert(self, req): + good_response = mock.MagicMock() + good_response.status_code = 200 + + def request_verify_cert(*args, **kwargs): + self.assertEqual(kwargs['verify'], '/test/path/root_ca.crt') + return good_response + + req.side_effect = request_verify_cert + self.driver.client.req('volumes') + @mock.patch('cinder.volume.drivers.emc.xtremio.XtremIOClient.req') class EMCXIODriverFibreChannelTestCase(test.TestCase): diff --git a/cinder/volume/driver.py b/cinder/volume/driver.py index dc579eed1..378b2a5e4 100644 --- a/cinder/volume/driver.py +++ b/cinder/volume/driver.py @@ -204,6 +204,10 @@ volume_opts = [ default=False, help='If set to True the http client will validate the SSL ' 'certificate of the backend endpoint.'), + cfg.StrOpt('driver_ssl_cert_path', + help='Can be used to specify a non default path to a ' + 'CA_BUNDLE file or directory with certificates of ' + 'trusted CAs, which will be used to validate the backend'), cfg.ListOpt('trace_flags', help='List of options that control which trace info ' 'is written to the DEBUG log level to assist ' diff --git a/cinder/volume/drivers/emc/xtremio.py b/cinder/volume/drivers/emc/xtremio.py index 55e7a1125..d46473315 100644 --- a/cinder/volume/drivers/emc/xtremio.py +++ b/cinder/volume/drivers/emc/xtremio.py @@ -88,8 +88,12 @@ class XtremIOClient(object): self.configuration = configuration self.cluster_id = cluster_id self.verify = (self.configuration. - safe_get('driver_ssl_cert_verify') - or False) + safe_get('driver_ssl_cert_verify') or False) + if self.verify: + verify_path = (self.configuration. + safe_get('driver_ssl_cert_path') or None) + if verify_path: + self.verify = verify_path def get_base_url(self, ver): if ver == 'v1': -- 2.45.2