arif/zaza-openstack-tests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #199 from openstack-charmers/verify-tls

Browse Source 
radosgw: Pass local CA cert to client when relevant
This commit is contained in:
Alex Kavanagh
2020-03-23 10:44:00 +00:00
committed by GitHub
parent 682a641086 1ece576981
commit ab6a7692a4
4 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
zaza/openstack/charm_tests/ceph/tests.py
+10 -5
View File
@@ -605,7 +605,8 @@ class CephRGWTest(test_utils.OpenStackBaseTest):
region_name = 'RegionOne'
swift_client = zaza_openstack.get_swift_session_client(
keystone_session,
region_name
region_name,
cacert=self.cacert,
)
_container = 'demo-container'
_test_data = 'Test data from Zaza'
@@ -629,7 +630,8 @@ class CephRGWTest(test_utils.OpenStackBaseTest):
keystone_session = zaza_openstack.get_overcloud_keystone_session()
source_client = zaza_openstack.get_swift_session_client(
keystone_session,
region_name='east-1'
region_name='east-1',
cacert=self.cacert,
)
_container = 'demo-container'
_test_data = 'Test data from Zaza'
@@ -643,7 +645,8 @@ class CephRGWTest(test_utils.OpenStackBaseTest):
target_client = zaza_openstack.get_swift_session_client(
keystone_session,
region_name='east-1'
region_name='east-1',
cacert=self.cacert,
)
@tenacity.retry(wait=tenacity.wait_exponential(multiplier=1, max=60),
@@ -675,11 +678,13 @@ class CephRGWTest(test_utils.OpenStackBaseTest):
keystone_session = zaza_openstack.get_overcloud_keystone_session()
source_client = zaza_openstack.get_swift_session_client(
keystone_session,
region_name='east-1'
region_name='east-1',
cacert=self.cacert,
)
target_client = zaza_openstack.get_swift_session_client(
keystone_session,
region_name='west-1'
region_name='west-1',
cacert=self.cacert,
)
zaza_model.run_action_on_leader(
'slave-ceph-radosgw',
zaza/openstack/charm_tests/swift/tests.py
+1
View File
@@ -266,6 +266,7 @@ class S3APITest(test_utils.OpenStackBaseTest):
'aws_access_key_id': self.ec2_creds.access,
'aws_secret_access_key': self.ec2_creds.secret,
'endpoint_url': self.s3_endpoint,
'verify': self.cacert,
}
s3_client = boto3.client('s3', **kwargs)
s3 = boto3.resource('s3', **kwargs)
zaza/openstack/charm_tests/test_utils.py
+1
View File
@@ -131,6 +131,7 @@ class OpenStackBaseTest(unittest.TestCase):
cls.application_name,
model_name=cls.model_name)
logging.debug('Leader unit is {}'.format(cls.lead_unit))
cls.cacert = openstack_utils.get_cacert()
def config_current(self, application_name=None, keys=None):
"""Get Current Config of an application normalized into key-values.
zaza/openstack/utilities/openstack.py
+16 -2
View File
@@ -158,6 +158,16 @@ KEYSTONE_REMOTE_CACERT = (
KEYSTONE_LOCAL_CACERT = ("/tmp/{}".format(KEYSTONE_CACERT))
def get_cacert():
"""Return path to CA Certificate bundle for verification during test.
:returns: Path to CA Certificate bundle or None.
:rtype: Optional[str]
"""
if os.path.exists(KEYSTONE_LOCAL_CACERT):
return KEYSTONE_LOCAL_CACERT
# Openstack Client helpers
def get_ks_creds(cloud_creds, scope='PROJECT'):
"""Return the credentials for authenticating against keystone.
@@ -244,18 +254,22 @@ def get_neutron_session_client(session):
def get_swift_session_client(session,
region_name='RegionOne'):
region_name='RegionOne',
cacert=None):
"""Return swiftclient authenticated by keystone session.
:param session: Keystone session object
:type session: keystoneauth1.session.Session object
:param region_name: Optional region name to use
:type region_name: str
:param cacert: Path to CA Certificate
:type cacert: Optional[str]
:returns: Authenticated swiftclient
:rtype: swiftclient.Client object
"""
return swiftclient.Connection(session=session,
os_options={'region_name': region_name})
os_options={'region_name': region_name},
cacert=cacert)
def get_octavia_session_client(session, service_type='load-balancer',