diff options
author | Chuck Short <chucks@redhat.com> | 2018-07-31 09:45:22 -0400 |
---|---|---|
committer | Keith Berger <keith.berger@suse.com> | 2020-06-10 00:33:29 +0000 |
commit | abdfc35f37520f94f7d6b99c1bc786a9120aa11c (patch) | |
tree | 87854a22605a07e2c8a68bfd80719e1fecd1fd35 | |
parent | 89bdebd2a92f83a199c86855a63fd3deab9a489c (diff) | |
download | cinder-abdfc35f37520f94f7d6b99c1bc786a9120aa11c.tar.gz |
tintri: Enable SSL with requests
SSL requests are not being verified when contacting the
REST API. Use the driver_ssl_cert_verify config option
to turn on or off. Defaults to False.
Change-Id: I3a40a5865cfed8e29dd58d31d955840ec6370a69
Signed-off-by: Chuck Short <chucks@redhat.com>
(cherry picked from commit 7d85fa9a0cc484af24a688f6db568e15d82acaa0)
-rw-r--r-- | cinder/volume/drivers/tintri.py | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/cinder/volume/drivers/tintri.py b/cinder/volume/drivers/tintri.py index 63bf80e9b..d82dae3e6 100644 --- a/cinder/volume/drivers/tintri.py +++ b/cinder/volume/drivers/tintri.py @@ -113,6 +113,9 @@ class TintriDriver(driver.ManageableVD, self._api_version = getattr(self.configuration, 'tintri_api_version') self._image_cache_expiry = getattr(self.configuration, 'tintri_image_cache_expiry_days') + self.verify_ssl = getattr(self.configuration, 'driver_ssl_cert_verify') + self.ssl_cert_path = getattr(self.configuration, + 'driver_ssl_cert_path') def get_pool(self, volume): """Returns pool name where volume resides. @@ -841,24 +844,31 @@ class TClient(object): url = self.api_url + api return requests.get(url, headers=self.headers, - params=query, verify=False) + params=query, verify=self.verify_ssl, + cert=self.ssl_cert_path) def delete(self, api): url = self.api_url + api - return requests.delete(url, headers=self.headers, verify=False) + return requests.delete(url, headers=self.headers, + verify=self.verify_ssl, + cert=self.ssl_cert_path) def put(self, api, payload): url = self.api_url + api return requests.put(url, data=json.dumps(payload), - headers=self.headers, verify=False) + headers=self.headers, + verify=self.verify_ssl, + cert=self.ssl_cert_path) def post(self, api, payload): url = self.api_url + api return requests.post(url, data=json.dumps(payload), - headers=self.headers, verify=False) + headers=self.headers, + verify=self.verify_ssl, + cert=self.ssl_cert_path) def login(self, username, password): # Payload, header and URL for login @@ -872,7 +882,9 @@ class TClient(object): url = self.api_url + '/' + self.api_version + '/session/login' r = requests.post(url, data=json.dumps(payload), - headers=headers, verify=False) + headers=headers, + verify=self.verify_ssl, + cert=self.ssl_cert_path) if r.status_code != 200: msg = _('Failed to login for user %s.') % username @@ -883,7 +895,9 @@ class TClient(object): def logout(self): url = self.api_url + '/' + self.api_version + '/session/logout' - requests.get(url, headers=self.headers, verify=False) + requests.get(url, headers=self.headers, + verify=self.verify_ssl, + cert=self.ssl_cert_path) @staticmethod def _remove_prefix(volume_path, prefix): |