From 0c369cbcf6c874f4efe25d7391be4226d2adcf7b Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 27 Feb 2017 13:43:48 +0200 Subject: [PATCH] RabbitMQ: Standardize SSL parameter names This makes the SSL-related parameters to be similar to the ones used by the AMQP and pika drivers. This will enable easier configuration of these parameters if the transport URL is used. And easier migration from one driver to the other when needed. Change-Id: Ic32b2cb253fa0dc43aad7226b24919b7e588faa9 --- oslo_messaging/_drivers/impl_rabbit.py | 54 +++++++++---------- .../tests/drivers/test_impl_rabbit.py | 14 ++--- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/oslo_messaging/_drivers/impl_rabbit.py b/oslo_messaging/_drivers/impl_rabbit.py index 6f7afd529..ddcad8fe3 100644 --- a/oslo_messaging/_drivers/impl_rabbit.py +++ b/oslo_messaging/_drivers/impl_rabbit.py @@ -54,25 +54,29 @@ TCP_USER_TIMEOUT = 18 rabbit_opts = [ - cfg.StrOpt('kombu_ssl_version', + cfg.BoolOpt('ssl', + default=False, + deprecated_name='rabbit_use_ssl', + help='Connect over SSL.'), + cfg.StrOpt('ssl_version', default='', - deprecated_group='DEFAULT', + deprecated_name='kombu_ssl_version', help='SSL version to use (valid only if SSL enabled). ' 'Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, ' 'TLSv1_1, and TLSv1_2 may be available on some ' 'distributions.' ), - cfg.StrOpt('kombu_ssl_keyfile', + cfg.StrOpt('ssl_key_file', default='', - deprecated_group='DEFAULT', + deprecated_name='kombu_ssl_keyfile', help='SSL key file (valid only if SSL enabled).'), - cfg.StrOpt('kombu_ssl_certfile', + cfg.StrOpt('ssl_cert_file', default='', - deprecated_group='DEFAULT', + deprecated_name='kombu_ssl_certfile', help='SSL cert file (valid only if SSL enabled).'), - cfg.StrOpt('kombu_ssl_ca_certs', + cfg.StrOpt('ssl_ca_file', default='', - deprecated_group='DEFAULT', + deprecated_name='kombu_ssl_ca_certs', help='SSL certification authority file ' '(valid only if SSL enabled).'), cfg.FloatOpt('kombu_reconnect_delay', @@ -116,10 +120,6 @@ rabbit_opts = [ deprecated_for_removal=True, deprecated_reason="Replaced by [DEFAULT]/transport_url", help='RabbitMQ HA cluster host:port pairs.'), - cfg.BoolOpt('rabbit_use_ssl', - default=False, - deprecated_group='DEFAULT', - help='Connect over SSL for RabbitMQ.'), cfg.StrOpt('rabbit_userid', default='guest', deprecated_group='DEFAULT', @@ -479,17 +479,17 @@ class Connection(object): self.kombu_reconnect_delay = driver_conf.kombu_reconnect_delay self.amqp_durable_queues = driver_conf.amqp_durable_queues self.amqp_auto_delete = driver_conf.amqp_auto_delete - self.rabbit_use_ssl = driver_conf.rabbit_use_ssl + self.ssl = driver_conf.ssl self.kombu_missing_consumer_retry_timeout = \ driver_conf.kombu_missing_consumer_retry_timeout self.kombu_failover_strategy = driver_conf.kombu_failover_strategy self.kombu_compression = driver_conf.kombu_compression - if self.rabbit_use_ssl: - self.kombu_ssl_version = driver_conf.kombu_ssl_version - self.kombu_ssl_keyfile = driver_conf.kombu_ssl_keyfile - self.kombu_ssl_certfile = driver_conf.kombu_ssl_certfile - self.kombu_ssl_ca_certs = driver_conf.kombu_ssl_ca_certs + if self.ssl: + self.ssl_version = driver_conf.ssl_version + self.ssl_key_file = driver_conf.ssl_key_file + self.ssl_cert_file = driver_conf.ssl_cert_file + self.ssl_ca_file = driver_conf.ssl_ca_file # Try forever? if self.max_retries <= 0: @@ -697,19 +697,19 @@ class Connection(object): """Handles fetching what ssl params should be used for the connection (if any). """ - if self.rabbit_use_ssl: + if self.ssl: ssl_params = dict() # http://docs.python.org/library/ssl.html - ssl.wrap_socket - if self.kombu_ssl_version: + if self.ssl_version: ssl_params['ssl_version'] = self.validate_ssl_version( - self.kombu_ssl_version) - if self.kombu_ssl_keyfile: - ssl_params['keyfile'] = self.kombu_ssl_keyfile - if self.kombu_ssl_certfile: - ssl_params['certfile'] = self.kombu_ssl_certfile - if self.kombu_ssl_ca_certs: - ssl_params['ca_certs'] = self.kombu_ssl_ca_certs + self.ssl_version) + if self.ssl_key_file: + ssl_params['keyfile'] = self.ssl_key_file + if self.ssl_cert_file: + ssl_params['certfile'] = self.ssl_cert_file + if self.ssl_ca_file: + ssl_params['ca_certs'] = self.ssl_ca_file # We might want to allow variations in the # future with this? ssl_params['cert_reqs'] = ssl.CERT_REQUIRED diff --git a/oslo_messaging/tests/drivers/test_impl_rabbit.py b/oslo_messaging/tests/drivers/test_impl_rabbit.py index 51f0c0c40..8a8b96a60 100644 --- a/oslo_messaging/tests/drivers/test_impl_rabbit.py +++ b/oslo_messaging/tests/drivers/test_impl_rabbit.py @@ -162,15 +162,15 @@ class TestRabbitDriverLoad(test_utils.BaseTestCase): class TestRabbitDriverLoadSSL(test_utils.BaseTestCase): scenarios = [ ('no_ssl', dict(options=dict(), expected=False)), - ('no_ssl_with_options', dict(options=dict(kombu_ssl_version='TLSv1'), + ('no_ssl_with_options', dict(options=dict(ssl_version='TLSv1'), expected=False)), - ('just_ssl', dict(options=dict(rabbit_use_ssl=True), + ('just_ssl', dict(options=dict(ssl=True), expected=True)), - ('ssl_with_options', dict(options=dict(rabbit_use_ssl=True, - kombu_ssl_version='TLSv1', - kombu_ssl_keyfile='foo', - kombu_ssl_certfile='bar', - kombu_ssl_ca_certs='foobar'), + ('ssl_with_options', dict(options=dict(ssl=True, + ssl_version='TLSv1', + ssl_key_file='foo', + ssl_cert_file='bar', + ssl_ca_file='foobar'), expected=dict(ssl_version=3, keyfile='foo', certfile='bar',