diff options
author | Aparna <aparnavtce@gmail.com> | 2015-12-15 05:58:16 +0000 |
---|---|---|
committer | Aparna <aparnavtce@gmail.com> | 2015-12-15 07:15:33 +0000 |
commit | d404492aed582fd275495a860ef1d153623ce3fa (patch) | |
tree | fabdba249a4c26c9e46aac12f9f6f36009ffa909 | |
parent | 98cdbff13264a935a5ab28563709581bca03ff3f (diff) | |
download | ironic-d404492aed582fd275495a860ef1d153623ce3fa.tar.gz |
Ironic doesn't use cacert while talking to Swift
Currently we have a keystonemiddleware.auth_token.cafile
which is used for talking to Openstack services using https.
Ironic doesn't pass this down to swiftclient for verifying
https connections.
Closes-Bug: #1454353
Change-Id: Id085ea6c0f1d072ec631b9851ddfde96852aca56
(cherry picked from commit aa73025c1c3f99252654d2e3875be3866f5e2862)
-rw-r--r-- | ironic/common/swift.py | 3 | ||||
-rw-r--r-- | ironic/tests/test_swift.py | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/ironic/common/swift.py b/ironic/common/swift.py index a4444e29f..a0adcc73d 100644 --- a/ironic/common/swift.py +++ b/ironic/common/swift.py @@ -48,6 +48,8 @@ CONF.import_opt('auth_version', 'keystonemiddleware.auth_token', group='keystone_authtoken') CONF.import_opt('insecure', 'keystonemiddleware.auth_token', group='keystone_authtoken') +CONF.import_opt('cafile', 'keystonemiddleware.auth_token', + group='keystone_authtoken') LOG = logging.getLogger(__name__) @@ -72,6 +74,7 @@ class SwiftAPI(object): auth_url = keystone.get_keystone_url(auth_url, auth_version) params = {'retries': CONF.swift.swift_max_retries, 'insecure': CONF.keystone_authtoken.insecure, + 'cacert': CONF.keystone_authtoken.cafile, 'user': user, 'tenant_name': tenant_name, 'key': key, diff --git a/ironic/tests/test_swift.py b/ironic/tests/test_swift.py index 9daa06ead..26aa8e91f 100644 --- a/ironic/tests/test_swift.py +++ b/ironic/tests/test_swift.py @@ -42,6 +42,7 @@ class SwiftTestCase(base.TestCase): self.config(auth_version='2', group='keystone_authtoken') self.config(swift_max_retries=2, group='swift') self.config(insecure=0, group='keystone_authtoken') + self.config(cafile='/path/to/ca/file', group='keystone_authtoken') # The constructor of SwiftAPI accepts arguments whose # default values are values of some config options above. So reload @@ -56,6 +57,7 @@ class SwiftTestCase(base.TestCase): 'tenant_name': 'tenant', 'key': 'password', 'authurl': 'http://authurl/v2.0', + 'cacert': '/path/to/ca/file', 'auth_version': '2'} connection_mock.assert_called_once_with(**params) |