From 9f8f7046d3978b6dbd05c7e5ad645b3dd9201249 Mon Sep 17 00:00:00 2001 From: dhebeha Date: Wed, 11 Dec 2019 12:35:37 +0530 Subject: Add AAF root cert location to conductor.conf Modify multicloud.py to verify the session using AAF root certificate if https Issue-ID: OPTFRA-328 Change-Id: Ica47cbda3821120a020f34c97a4e398e2f7bbda5 Signed-off-by: dhebeha --- .gitignore | 5 +++++ conductor.conf | 9 +++++++++ conductor/conductor/data/plugins/vim_controller/multicloud.py | 9 +++++++++ .../unit/data/plugins/inventory_provider/test_multicloud.py | 1 + 4 files changed, 24 insertions(+) diff --git a/.gitignore b/.gitignore index a5cf397..e434753 100644 --- a/.gitignore +++ b/.gitignore @@ -104,3 +104,8 @@ _ReSharper*/ # FIXME: Put all paths to temporarily hide under here. # This must be considered temporary and is to be cleaned out! conductor/api/extra/ + +#eclipse +.project +.settings/ +.pydevproject diff --git a/conductor.conf b/conductor.conf index 75e4e70..b4f09b1 100755 --- a/conductor.conf +++ b/conductor.conf @@ -400,6 +400,15 @@ concurrent = true # The version of Multicloud API. (string value) #server_url_version = v0 +# Certificate Authority Bundle file in pem format. Must contain the appropriate +# trust chain for the Certificate file. (string value) +#certificate_authority_bundle_file = certificate_authority_bundle.pem +certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer + +# Enabling HTTPs mode (boolean value) +# enable_https_mode = +# default is false +enable_https_mode = True [music_api] diff --git a/conductor/conductor/data/plugins/vim_controller/multicloud.py b/conductor/conductor/data/plugins/vim_controller/multicloud.py index 3d904b4..5c2b5f7 100644 --- a/conductor/conductor/data/plugins/vim_controller/multicloud.py +++ b/conductor/conductor/data/plugins/vim_controller/multicloud.py @@ -45,6 +45,12 @@ MULTICLOUD_OPTS = [ cfg.StrOpt('server_url_version', default='v0', help='The version of Multicloud API.'), + cfg.StrOpt('certificate_authority_bundle_file', + default='certificate_authority_bundle.pem', + help='Certificate Authority Bundle file in pem format. ' + 'Must contain the appropriate trust chain for the ' + 'Certificate file.'), + cfg.BoolOpt('enable_https_mode', default = False, help='enable HTTPs mode for multicloud connection'), ] CONF.register_opts(MULTICLOUD_OPTS, group='multicloud') @@ -109,6 +115,9 @@ class MULTICLOUD(base.VimControllerBase): "read_timeout": self.timeout, } self.rest = rest.REST(**kwargs) + if(self.conf.multicloud.enable_https_mode): + self.rest.server_url = self.base[:4]+'s'+self.base[4:] + self.rest.session.verify =self.conf.multicloud.certificate_authority_bundle_file def check_vim_capacity(self, vim_request): LOG.debug("Invoking check_vim_capacity api") diff --git a/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py b/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py index 1f4013e..34319d2 100644 --- a/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py +++ b/conductor/conductor/tests/unit/data/plugins/inventory_provider/test_multicloud.py @@ -35,6 +35,7 @@ class TestMultiCloud(unittest.TestCase): ] cfg.CONF.register_cli_opts(cli_opts) self.mc_ep = mc.MULTICLOUD() + self.mc_ep.conf.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'multicloud') self.mc_ep.conf.set_override('debug', False) def tearDown(self): -- cgit 1.2.3-korg