summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordhebeha <dhebeha.mj71@wipro.com>2019-12-11 12:35:37 +0530
committerdhebeha <dhebeha.mj71@wipro.com>2020-01-10 16:34:49 +0530
commit9f8f7046d3978b6dbd05c7e5ad645b3dd9201249 (patch)
tree1629f9d659307e0dfb7c75d63934166a60c8fcfd
parentfa04a4a0c5a18be0c1ebaebc8721b211ff26be74 (diff)
Add AAF root cert location to conductor.conf
Modify multicloud.py to verify the session using AAF root certificate if https Issue-ID: OPTFRA-328 Change-Id: Ica47cbda3821120a020f34c97a4e398e2f7bbda5 Signed-off-by: dhebeha <dhebeha.mj71@wipro.com>
-rw-r--r--.gitignore5
-rwxr-xr-xconductor.conf9
-rw-r--r--conductor/conductor/data/plugins/vim_controller/multicloud.py9
-rw-r--r--conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py1
4 files changed, 24 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index a5cf397..e434753 100644
--- a/.gitignore
+++ b/.gitignore
@@ -104,3 +104,8 @@ _ReSharper*/
# FIXME: Put all paths to temporarily hide under here.
# This must be considered temporary and is to be cleaned out!
conductor/api/extra/
+
+#eclipse
+.project
+.settings/
+.pydevproject
diff --git a/conductor.conf b/conductor.conf
index 75e4e70..b4f09b1 100755
--- a/conductor.conf
+++ b/conductor.conf
@@ -400,6 +400,15 @@ concurrent = true
# The version of Multicloud API. (string value)
#server_url_version = v0
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# Enabling HTTPs mode (boolean value)
+# enable_https_mode = <None>
+# default is false
+enable_https_mode = True
[music_api]
diff --git a/conductor/conductor/data/plugins/vim_controller/multicloud.py b/conductor/conductor/data/plugins/vim_controller/multicloud.py
index 3d904b4..5c2b5f7 100644
--- a/conductor/conductor/data/plugins/vim_controller/multicloud.py
+++ b/conductor/conductor/data/plugins/vim_controller/multicloud.py
@@ -45,6 +45,12 @@ MULTICLOUD_OPTS = [
cfg.StrOpt('server_url_version',
default='v0',
help='The version of Multicloud API.'),
+ cfg.StrOpt('certificate_authority_bundle_file',
+ default='certificate_authority_bundle.pem',
+ help='Certificate Authority Bundle file in pem format. '
+ 'Must contain the appropriate trust chain for the '
+ 'Certificate file.'),
+ cfg.BoolOpt('enable_https_mode', default = False, help='enable HTTPs mode for multicloud connection'),
]
CONF.register_opts(MULTICLOUD_OPTS, group='multicloud')
@@ -109,6 +115,9 @@ class MULTICLOUD(base.VimControllerBase):
"read_timeout": self.timeout,
}
self.rest = rest.REST(**kwargs)
+ if(self.conf.multicloud.enable_https_mode):
+ self.rest.server_url = self.base[:4]+'s'+self.base[4:]
+ self.rest.session.verify =self.conf.multicloud.certificate_authority_bundle_file
def check_vim_capacity(self, vim_request):
LOG.debug("Invoking check_vim_capacity api")
diff --git a/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py b/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py
index 1f4013e..34319d2 100644
--- a/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py
+++ b/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py
@@ -35,6 +35,7 @@ class TestMultiCloud(unittest.TestCase):
]
cfg.CONF.register_cli_opts(cli_opts)
self.mc_ep = mc.MULTICLOUD()
+ self.mc_ep.conf.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'multicloud')
self.mc_ep.conf.set_override('debug', False)
def tearDown(self):