Adds https support for metadata agent
Adds two configure options to support https client for metadata proxy * auth_insecure: turn off verification of the certificate for ssl, or * auth_ca_cert: CA cert to check against with for ssl. Change-Id: I3ffb86ae9ce31931436a4e13957aae30eebf9d92 Closes-Bug: #1263872
This commit is contained in:
parent
c009212cb6
commit
a7d1e6582e
@ -5,6 +5,10 @@
|
||||
# The Neutron user information for accessing the Neutron API.
|
||||
auth_url = http://localhost:5000/v2.0
|
||||
auth_region = RegionOne
|
||||
# Turn off verification of the certificate for ssl
|
||||
# auth_insecure = False
|
||||
# Certificate Authority public key (CA cert) file for ssl
|
||||
# auth_ca_cert =
|
||||
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||
admin_user = %SERVICE_USER%
|
||||
admin_password = %SERVICE_PASSWORD%
|
||||
|
@ -61,6 +61,14 @@ class MetadataProxyHandler(object):
|
||||
help=_("The type of authentication to use")),
|
||||
cfg.StrOpt('auth_region',
|
||||
help=_("Authentication region")),
|
||||
cfg.BoolOpt('auth_insecure',
|
||||
default=False,
|
||||
help=_("Turn off verification of the certificate for"
|
||||
" ssl")),
|
||||
cfg.StrOpt('auth_ca_cert',
|
||||
default=None,
|
||||
help=_("Certificate Authority public key (CA cert) "
|
||||
"file for ssl")),
|
||||
cfg.StrOpt('endpoint_type',
|
||||
default='adminURL',
|
||||
help=_("Network service endpoint type to pull from "
|
||||
@ -89,6 +97,8 @@ class MetadataProxyHandler(object):
|
||||
auth_strategy=self.conf.auth_strategy,
|
||||
region_name=self.conf.auth_region,
|
||||
token=self.auth_info.get('auth_token'),
|
||||
insecure=self.conf.auth_insecure,
|
||||
ca_cert=self.conf.auth_ca_cert,
|
||||
endpoint_url=self.auth_info.get('endpoint_url'),
|
||||
endpoint_type=self.conf.endpoint_type
|
||||
)
|
||||
|
@ -34,6 +34,8 @@ class FakeConf(object):
|
||||
auth_url = 'http://127.0.0.1'
|
||||
auth_strategy = 'keystone'
|
||||
auth_region = 'region'
|
||||
auth_insecure = False
|
||||
auth_ca_cert = None
|
||||
endpoint_type = 'adminURL'
|
||||
nova_metadata_ip = '9.9.9.9'
|
||||
nova_metadata_port = 8775
|
||||
@ -100,6 +102,8 @@ class TestMetadataProxyHandler(base.BaseTestCase):
|
||||
password=FakeConf.admin_password,
|
||||
auth_strategy=FakeConf.auth_strategy,
|
||||
token=None,
|
||||
insecure=FakeConf.auth_insecure,
|
||||
ca_cert=FakeConf.auth_ca_cert,
|
||||
endpoint_url=None,
|
||||
endpoint_type=FakeConf.endpoint_type)
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user