x/synergy-scheduler-manager
Code Issues Proposed changes

NovaManager and KeystoneManager are not SSL-enabled

Browse Source 
NovaManager and KeystoneManager MUST support the HTTPS connections
for interacting with the OpenStack services.

- added two new manager config options: ssl_ca_file and ssl_cert_file

Change-Id: Ibacbf3504badd65a792c72c9134e2c7c13adea69
Sem-Ver: feature
This commit is contained in:
Lisa Zangrando 2017-01-16 12:56:29 +01:00
parent 42bdd09212
commit 447f11d315
2 changed files with 59 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
synergy_scheduler_manager/keystone_manager.py
View File

@ -78,11 +78,22 @@ class KeystoneManager(Manager):
cfg.IntOpt("clock_skew",
help="set the clock skew (seconds)",
default=60,
required=False),
cfg.StrOpt("ssl_ca_file",
help="set the PEM encoded Certificate Authority to "
"use when verifying HTTPs connections",
default=None,
required=False),
cfg.StrOpt("ssl_cert_file",
help="set the SSL client certificate (PEM encoded)",
default=None,
required=False)
]
def setup(self):
self.auth_url = CONF.KeystoneManager.auth_url
self.ssl_ca_file = CONF.KeystoneManager.ssl_ca_file
self.ssl_cert_file = CONF.KeystoneManager.ssl_cert_file
self.username = CONF.KeystoneManager.username
self.password = CONF.KeystoneManager.password
self.user_domain_name = CONF.KeystoneManager.user_domain_name
@ -187,7 +198,9 @@ class KeystoneManager(Manager):
response = requests.post(url=self.auth_url + "/auth/tokens",
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
if response.status_code != requests.codes.ok:
response.raise_for_status()
@ -216,7 +229,6 @@ class KeystoneManager(Manager):
user = User()
user.setId(info["id"])
user.setName(info["name"])
user.setProjectId(info["tenantId"])
user.setEnabled(info["enabled"])
return user
@ -680,27 +692,37 @@ class KeystoneManager(Manager):
response = requests.get(url,
headers=headers,
params=data,
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "POST":
response = requests.post(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "PUT":
response = requests.put(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "HEAD":
response = requests.head(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "DELETE":
response = requests.delete(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
else:
raise Exception("wrong HTTP method: %s" % method)

36
synergy_scheduler_manager/nova_manager.py
View File

@ -398,12 +398,23 @@ class NovaManager(Manager):
cfg.IntOpt("timeout",
help="set the http connection timeout",
default=60,
required=False),
cfg.StrOpt("ssl_ca_file",
help="set the PEM encoded Certificate Authority to "
"use when verifying HTTPs connections",
default=None,
required=False),
cfg.StrOpt("ssl_cert_file",
help="set the SSL client certificate (PEM encoded)",
default=None,
required=False)
]
def setup(self):
eventlet.monkey_patch(os=False)
self.ssl_ca_file = CONF.NovaManager.ssl_ca_file
self.ssl_cert_file = CONF.NovaManager.ssl_cert_file
self.timeout = CONF.NovaManager.timeout
if self.getManager("KeystoneManager") is None:
@ -542,7 +553,10 @@ class NovaManager(Manager):
"x-tenant-id": server.getProjectId(),
"x-instance-id-signature": digest}
request = requests.get(url, headers=headers, timeout=self.timeout)
request = requests.get(url, headers=headers,
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
if request.status_code != requests.codes.ok:
if request.status_code == 404:
@ -989,27 +1003,37 @@ class NovaManager(Manager):
if method == "GET":
request = requests.get(url, headers=headers,
params=data, timeout=self.timeout)
params=data, timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "POST":
request = requests.post(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "PUT":
request = requests.put(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "HEAD":
request = requests.head(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
elif method == "DELETE":
request = requests.delete(url,
headers=headers,
data=json.dumps(data),
timeout=self.timeout)
timeout=self.timeout,
verify=self.ssl_ca_file,
cert=self.ssl_cert_file)
else:
raise Exception("wrong HTTP method: %s" % method)