diff options
author | Ruoyu Ying <ruoyu.ying@intel.com> | 2019-08-15 19:34:32 +0800 |
---|---|---|
committer | Ruoyu Ying <ruoyu.ying@intel.com> | 2019-08-31 08:59:16 +0800 |
commit | 4337dfb81c893522af34e9869f65f5a73b72d7b5 (patch) | |
tree | 62031eee4ced02d7fd570bc9897c55b2d6aef3b7 | |
parent | 6b09bcaf2cea9abd3151dcf5dcd159ce684fc479 (diff) |
Enable AAF RootCA in rest call to MUSIC
Add AAF RootCA cert in the rest call
Switch to Https interface
Issue-ID: OPTFRA-562
Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com>
Change-Id: Ie1860fe8f8ceb11d911d3f1fd83c1b6feea9b8f5
Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com>
7 files changed, 26 insertions, 0 deletions
diff --git a/conductor.conf b/conductor.conf index 0c0ae2b..75e4e70 100755 --- a/conductor.conf +++ b/conductor.conf @@ -470,6 +470,10 @@ replication_factor = 3 #music_new_version = <None> music_new_version = True +# Enabling HTTPs mode (boolean value) +#enable_https_mode = <None> +enable_https_mode = False + # for version (string value) #music_version = <None> music_version = "3.0.23" @@ -485,6 +489,10 @@ music_version = "3.0.23" # AAF namespace field used in MUSIC request header (string value) #aafns = <None> +# Certificate Authority Bundle file in pem format. Must contain the appropriate +# trust chain for the Certificate file. (string value) +#certificate_authority_bundle_file = certificate_authority_bundle.pem +certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer [prometheus] diff --git a/conductor/conductor/common/music/api.py b/conductor/conductor/common/music/api.py index dc351c6..0ca4301 100644 --- a/conductor/conductor/common/music/api.py +++ b/conductor/conductor/common/music/api.py @@ -84,10 +84,16 @@ MUSIC_API_OPTS = [ cfg.IntOpt('third_datacenter_replicas', help='Number of replicas in third data center'), cfg.BoolOpt('music_new_version', help='new or old version'), + cfg.BoolOpt('enable_https_mode', help='enable HTTPs mode for music connection'), cfg.StrOpt('music_version', help='for version'), cfg.StrOpt('aafuser', help='username value that used for creating basic authorization header'), cfg.StrOpt('aafpass', help='password value that used for creating basic authorization header'), cfg.StrOpt('aafns', help='AAF namespace field used in MUSIC request header'), + cfg.StrOpt('certificate_authority_bundle_file', + default='certificate_authority_bundle.pem', + help='Certificate Authority Bundle file in pem format. ' + 'Must contain the appropriate trust chain for the ' + 'Certificate file.'), ] CONF.register_opts(MUSIC_API_OPTS, group='music_api') @@ -131,6 +137,13 @@ class MusicAPI(object): } self.rest = rest.REST(**kwargs) + # Set one parameter for connection mode + # Currently depend on music version + if (CONF.music_api.enable_https_mode): + self.rest.server_url = 'https://{}:{}/{}'.format( + host, port, version, path.rstrip('/').lstrip('/')) + self.rest.session.verify = CONF.music_api.certificate_authority_bundle_file + if(CONF.music_api.music_new_version): MUSIC_version = CONF.music_api.music_version.split(".") diff --git a/conductor/conductor/tests/unit/controller/test_translator.py b/conductor/conductor/tests/unit/controller/test_translator.py index 2eea9b5..0d4048a 100644 --- a/conductor/conductor/tests/unit/controller/test_translator.py +++ b/conductor/conductor/tests/unit/controller/test_translator.py @@ -48,6 +48,7 @@ class TestNoExceptionTranslator(unittest.TestCase): cfg.CONF.set_override('keyspace', 'conductor') cfg.CONF.set_override('keyspace', 'conductor_rpc', 'messaging_server') cfg.CONF.set_override('concurrent', True, 'controller') + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') conf = cfg.CONF self.Translator = Translator( conf, 'some_template', str(uuid.uuid4()), get_template()) diff --git a/conductor/conductor/tests/unit/controller/test_translator_svc.py b/conductor/conductor/tests/unit/controller/test_translator_svc.py index c94ad15..a99aa5b 100644 --- a/conductor/conductor/tests/unit/controller/test_translator_svc.py +++ b/conductor/conductor/tests/unit/controller/test_translator_svc.py @@ -52,6 +52,7 @@ class TestTranslatorServiceNoException(unittest.TestCase): cfg.CONF.set_override('concurrent', True, 'controller') cfg.CONF.set_override('keyspace', 'conductor_rpc', 'messaging_server') + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') self.conf = cfg.CONF self.Plan = plan_prepare(self.conf) kwargs = self.Plan diff --git a/conductor/conductor/tests/unit/music/test_api.py b/conductor/conductor/tests/unit/music/test_api.py index 6908ee2..90bd57d 100644 --- a/conductor/conductor/tests/unit/music/test_api.py +++ b/conductor/conductor/tests/unit/music/test_api.py @@ -28,6 +28,7 @@ class TestMusicApi(unittest.TestCase): def setUp(self): cfg.CONF.set_override('debug', True, 'music_api') + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') self.mock_lock_id = mock.patch.object(MusicAPI, '_lock_id_create', return_value='12345678') self.mock_lock_acquire = mock.patch.object(MusicAPI, diff --git a/conductor/conductor/tests/unit/reservation/test_service.py b/conductor/conductor/tests/unit/reservation/test_service.py index 210d85a..a8e7687 100644 --- a/conductor/conductor/tests/unit/reservation/test_service.py +++ b/conductor/conductor/tests/unit/reservation/test_service.py @@ -31,6 +31,7 @@ from mock import patch import json def plan_prepare(conf): + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') music = api.API() music.keyspace_create(keyspace=conf.keyspace) plan_tmp = base.create_dynamic_model( diff --git a/conductor/conductor/tests/unit/solver/test_order_lock_service.py b/conductor/conductor/tests/unit/solver/test_order_lock_service.py index 141aa6e..cb56466 100644 --- a/conductor/conductor/tests/unit/solver/test_order_lock_service.py +++ b/conductor/conductor/tests/unit/solver/test_order_lock_service.py @@ -31,6 +31,7 @@ from oslo_config import cfg class TestOrdersLockingService(unittest.TestCase): def setUp(self): # Initialize music API + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') music = api.API() cfg.CONF.set_override('keyspace', 'conductor') music.keyspace_create(keyspace=cfg.CONF.keyspace) |