Merge "Expose pymongo's SSL cert options"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
005bf960ab
@ -146,9 +146,36 @@
|
|||||||
# Options defined in marconi.storage.mongodb
|
# Options defined in marconi.storage.mongodb
|
||||||
#
|
#
|
||||||
|
|
||||||
# Mongodb Connection URI. (string value)
|
# Mongodb Connection URI. If ssl connection enabled,
|
||||||
|
# then the following 'ssl_keyfile', 'ssl_certfile',
|
||||||
|
# 'ssl_cert_reqs', 'ssl_ca_certs' need to be set accordingly.
|
||||||
|
# (string value)
|
||||||
#uri=<None>
|
#uri=<None>
|
||||||
|
|
||||||
|
# The private keyfile used to identify the local connection
|
||||||
|
# against mongod. If included with the 'certifle' then only
|
||||||
|
# the ssl_certfile is needed. (string value)
|
||||||
|
#ssl_keyfile=<None>
|
||||||
|
|
||||||
|
# The certificate file used to identify the local connection
|
||||||
|
# against mongod. (string value)
|
||||||
|
#ssl_certfile=<None>
|
||||||
|
|
||||||
|
# Specifies whether a certificate is required from the other
|
||||||
|
# side of the connection, and whether it will be validated
|
||||||
|
# if provided. It must be one of the three values 'CERT_NONE'
|
||||||
|
# (certificates ignored), 'CERT_OPTIONAL'(not required, but
|
||||||
|
# validated if provided), or 'CERT_REQUIRED'(required and validated).
|
||||||
|
# If the value of this parameter is not 'CERT_NONE', then the
|
||||||
|
# 'ssl_ca_certs' parameter must point to a file of CA certificates.
|
||||||
|
# (string value)
|
||||||
|
#ssl_cert_reqs=CERT_REQUIRED
|
||||||
|
|
||||||
|
# The ca_certs file contains a set of concatenated certification
|
||||||
|
# authority certificates, which are used to validate certificates
|
||||||
|
# passed from the other end of the connection. (string value)
|
||||||
|
#ssl_ca_certs=<None>
|
||||||
|
|
||||||
# Database name. (string value)
|
# Database name. (string value)
|
||||||
#database=marconi
|
#database=marconi
|
||||||
|
|
||||||
|
|||||||
@ -15,6 +15,8 @@
|
|||||||
|
|
||||||
"""Mongodb storage driver implementation."""
|
"""Mongodb storage driver implementation."""
|
||||||
|
|
||||||
|
import ssl
|
||||||
|
|
||||||
import pymongo
|
import pymongo
|
||||||
import pymongo.errors
|
import pymongo.errors
|
||||||
|
|
||||||
@ -34,6 +36,29 @@ def _connection(conf):
|
|||||||
else:
|
else:
|
||||||
MongoClient = pymongo.MongoClient
|
MongoClient = pymongo.MongoClient
|
||||||
|
|
||||||
|
if 'ssl=true' in conf.uri.lower():
|
||||||
|
kwargs = {}
|
||||||
|
|
||||||
|
# Default to CERT_REQUIRED
|
||||||
|
ssl_cert_reqs = ssl.CERT_REQUIRED
|
||||||
|
|
||||||
|
if conf.ssl_cert_reqs == 'CERT_OPTIONAL':
|
||||||
|
ssl_cert_reqs = ssl.CERT_OPTIONAL
|
||||||
|
|
||||||
|
if conf.ssl_cert_reqs == 'CERT_NONE':
|
||||||
|
ssl_cert_reqs = ssl.CERT_NONE
|
||||||
|
|
||||||
|
kwargs['ssl_cert_reqs'] = ssl_cert_reqs
|
||||||
|
|
||||||
|
if conf.ssl_keyfile:
|
||||||
|
kwargs['ssl_keyfile'] = conf.ssl_keyfile
|
||||||
|
if conf.ssl_certfile:
|
||||||
|
kwargs['ssl_certfile'] = conf.ssl_certfile
|
||||||
|
if conf.ssl_ca_certs:
|
||||||
|
kwargs['ssl_ca_certs'] = conf.ssl_ca_certs
|
||||||
|
|
||||||
|
return MongoClient(conf.uri, **kwargs)
|
||||||
|
|
||||||
return MongoClient(conf.uri)
|
return MongoClient(conf.uri)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -18,7 +18,39 @@ from oslo.config import cfg
|
|||||||
|
|
||||||
|
|
||||||
MONGODB_OPTIONS = (
|
MONGODB_OPTIONS = (
|
||||||
cfg.StrOpt('uri', help='Mongodb Connection URI.'),
|
|
||||||
|
cfg.StrOpt('ssl_keyfile',
|
||||||
|
help=('The private keyfile used to identify the local '
|
||||||
|
'connection against mongod. If included with the '
|
||||||
|
'``certifle`` then only the ``ssl_certfile`` '
|
||||||
|
'is needed.')),
|
||||||
|
|
||||||
|
cfg.StrOpt('ssl_certfile',
|
||||||
|
help=('The certificate file used to identify the local '
|
||||||
|
'connection against mongod.')),
|
||||||
|
|
||||||
|
cfg.StrOpt('ssl_cert_reqs', default='CERT_REQUIRED',
|
||||||
|
help=('Specifies whether a certificate is required from '
|
||||||
|
'the other side of the connection, and whether it '
|
||||||
|
'will be validated if provided. It must be one of '
|
||||||
|
'the three values ``CERT_NONE``(certificates ignored), '
|
||||||
|
'``CERT_OPTIONAL``(not required, but validated if '
|
||||||
|
'provided), or ``CERT_REQUIRED``(required and '
|
||||||
|
'validated). If the value of this parameter is not '
|
||||||
|
'``CERT_NONE``, then the ``ssl_ca_cert`` parameter '
|
||||||
|
'must point to a file of CA certificates.')),
|
||||||
|
|
||||||
|
cfg.StrOpt('ssl_ca_certs',
|
||||||
|
help=('The ca_certs file contains a set of concatenated '
|
||||||
|
'"certification authority" certificates, which are '
|
||||||
|
'used to validate certificates passed from the other '
|
||||||
|
'end of the connection.')),
|
||||||
|
|
||||||
|
cfg.StrOpt('uri',
|
||||||
|
help=('Mongodb Connection URI. If ssl connection enabled, '
|
||||||
|
'then ``ssl_keyfile``, ``ssl_certfile``, '
|
||||||
|
'``ssl_cert_reqs``, ``ssl_ca_certs`` need to be set '
|
||||||
|
'accordingly.')),
|
||||||
|
|
||||||
cfg.StrOpt('database', default='marconi', help='Database name.'),
|
cfg.StrOpt('database', default='marconi', help='Database name.'),
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user