Accept and use a TLS certificate from the agent

Accepts the certificate from a heartbeat and stores its path in driver_internal_info for further usage by the agent client (or any 3rd party deploy implementations). Similarly to agent_url, the certificate is protected from further changes (unless the local copy does not exist) and is removed on reboot or tear down (unless fast-tracking). Change-Id: I81b326116e62cd86ad22b533f55d061e5ed53e96 Story: #2007214 Task: #40603
author: Dmitry Tantsur <dtantsur@protonmail.com> 2020-08-20 12:26:08 +0200
committer: Dmitry Tantsur <dtantsur@protonmail.com> 2020-09-09 17:27:30 +0200
commit: 2b676a68640d47c7883214a622971b4638670a6b (patch)
tree: b8d09ee957c1be7eb66f55bd532daa696c75cfb6 /ironic/api/controllers/v1/utils.py
parent: f6b65cb68fbfa306f3fa6bb5dc5a658d519eed88 (diff)
download: ironic-2b676a68640d47c7883214a622971b4638670a6b.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ironic/api/controllers/v1/utils.py b/ironic/api/controllers/v1/utils.py
index 742625e6d..10f2fa629 100644
--- a/ironic/api/controllers/v1/utils.py
+++ b/ironic/api/controllers/v1/utils.py
@@ -1391,3 +1391,8 @@ def allow_local_link_connection_network_type():
     """Check if network_type is allowed in ports link_local_connection"""
     return (api.request.version.minor
             >= versions.MINOR_64_LOCAL_LINK_CONNECTION_NETWORK_TYPE)
+
+
+def allow_verify_ca_in_heartbeat():
+    """Check if heartbeat accepts agent_verify_ca."""
+    return api.request.version.minor >= versions.MINOR_68_HEARTBEAT_VERIFY_CA
author	Dmitry Tantsur <dtantsur@protonmail.com>	2020-08-20 12:26:08 +0200
committer	Dmitry Tantsur <dtantsur@protonmail.com>	2020-09-09 17:27:30 +0200
commit	2b676a68640d47c7883214a622971b4638670a6b (patch)
tree	b8d09ee957c1be7eb66f55bd532daa696c75cfb6 /ironic/api/controllers/v1/utils.py
parent	f6b65cb68fbfa306f3fa6bb5dc5a658d519eed88 (diff)
download	ironic-2b676a68640d47c7883214a622971b4638670a6b.tar.gz