From 4337dfb81c893522af34e9869f65f5a73b72d7b5 Mon Sep 17 00:00:00 2001 From: Ruoyu Ying Date: Thu, 15 Aug 2019 19:34:32 +0800 Subject: Enable AAF RootCA in rest call to MUSIC Add AAF RootCA cert in the rest call Switch to Https interface Issue-ID: OPTFRA-562 Signed-off-by: Ruoyu Ying Change-Id: Ie1860fe8f8ceb11d911d3f1fd83c1b6feea9b8f5 Signed-off-by: Ruoyu Ying --- conductor/conductor/common/music/api.py | 13 +++++++++++++ .../conductor/tests/unit/controller/test_translator.py | 1 + .../conductor/tests/unit/controller/test_translator_svc.py | 1 + conductor/conductor/tests/unit/music/test_api.py | 1 + conductor/conductor/tests/unit/reservation/test_service.py | 1 + .../conductor/tests/unit/solver/test_order_lock_service.py | 1 + 6 files changed, 18 insertions(+) (limited to 'conductor') diff --git a/conductor/conductor/common/music/api.py b/conductor/conductor/common/music/api.py index dc351c6..0ca4301 100644 --- a/conductor/conductor/common/music/api.py +++ b/conductor/conductor/common/music/api.py @@ -84,10 +84,16 @@ MUSIC_API_OPTS = [ cfg.IntOpt('third_datacenter_replicas', help='Number of replicas in third data center'), cfg.BoolOpt('music_new_version', help='new or old version'), + cfg.BoolOpt('enable_https_mode', help='enable HTTPs mode for music connection'), cfg.StrOpt('music_version', help='for version'), cfg.StrOpt('aafuser', help='username value that used for creating basic authorization header'), cfg.StrOpt('aafpass', help='password value that used for creating basic authorization header'), cfg.StrOpt('aafns', help='AAF namespace field used in MUSIC request header'), + cfg.StrOpt('certificate_authority_bundle_file', + default='certificate_authority_bundle.pem', + help='Certificate Authority Bundle file in pem format. ' + 'Must contain the appropriate trust chain for the ' + 'Certificate file.'), ] CONF.register_opts(MUSIC_API_OPTS, group='music_api') @@ -131,6 +137,13 @@ class MusicAPI(object): } self.rest = rest.REST(**kwargs) + # Set one parameter for connection mode + # Currently depend on music version + if (CONF.music_api.enable_https_mode): + self.rest.server_url = 'https://{}:{}/{}'.format( + host, port, version, path.rstrip('/').lstrip('/')) + self.rest.session.verify = CONF.music_api.certificate_authority_bundle_file + if(CONF.music_api.music_new_version): MUSIC_version = CONF.music_api.music_version.split(".") diff --git a/conductor/conductor/tests/unit/controller/test_translator.py b/conductor/conductor/tests/unit/controller/test_translator.py index 2eea9b5..0d4048a 100644 --- a/conductor/conductor/tests/unit/controller/test_translator.py +++ b/conductor/conductor/tests/unit/controller/test_translator.py @@ -48,6 +48,7 @@ class TestNoExceptionTranslator(unittest.TestCase): cfg.CONF.set_override('keyspace', 'conductor') cfg.CONF.set_override('keyspace', 'conductor_rpc', 'messaging_server') cfg.CONF.set_override('concurrent', True, 'controller') + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') conf = cfg.CONF self.Translator = Translator( conf, 'some_template', str(uuid.uuid4()), get_template()) diff --git a/conductor/conductor/tests/unit/controller/test_translator_svc.py b/conductor/conductor/tests/unit/controller/test_translator_svc.py index c94ad15..a99aa5b 100644 --- a/conductor/conductor/tests/unit/controller/test_translator_svc.py +++ b/conductor/conductor/tests/unit/controller/test_translator_svc.py @@ -52,6 +52,7 @@ class TestTranslatorServiceNoException(unittest.TestCase): cfg.CONF.set_override('concurrent', True, 'controller') cfg.CONF.set_override('keyspace', 'conductor_rpc', 'messaging_server') + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') self.conf = cfg.CONF self.Plan = plan_prepare(self.conf) kwargs = self.Plan diff --git a/conductor/conductor/tests/unit/music/test_api.py b/conductor/conductor/tests/unit/music/test_api.py index 6908ee2..90bd57d 100644 --- a/conductor/conductor/tests/unit/music/test_api.py +++ b/conductor/conductor/tests/unit/music/test_api.py @@ -28,6 +28,7 @@ class TestMusicApi(unittest.TestCase): def setUp(self): cfg.CONF.set_override('debug', True, 'music_api') + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') self.mock_lock_id = mock.patch.object(MusicAPI, '_lock_id_create', return_value='12345678') self.mock_lock_acquire = mock.patch.object(MusicAPI, diff --git a/conductor/conductor/tests/unit/reservation/test_service.py b/conductor/conductor/tests/unit/reservation/test_service.py index 210d85a..a8e7687 100644 --- a/conductor/conductor/tests/unit/reservation/test_service.py +++ b/conductor/conductor/tests/unit/reservation/test_service.py @@ -31,6 +31,7 @@ from mock import patch import json def plan_prepare(conf): + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') music = api.API() music.keyspace_create(keyspace=conf.keyspace) plan_tmp = base.create_dynamic_model( diff --git a/conductor/conductor/tests/unit/solver/test_order_lock_service.py b/conductor/conductor/tests/unit/solver/test_order_lock_service.py index 141aa6e..cb56466 100644 --- a/conductor/conductor/tests/unit/solver/test_order_lock_service.py +++ b/conductor/conductor/tests/unit/solver/test_order_lock_service.py @@ -31,6 +31,7 @@ from oslo_config import cfg class TestOrdersLockingService(unittest.TestCase): def setUp(self): # Initialize music API + cfg.CONF.set_override('certificate_authority_bundle_file', '../AAF_RootCA.cer', 'music_api') music = api.API() cfg.CONF.set_override('keyspace', 'conductor') music.keyspace_create(keyspace=cfg.CONF.keyspace) -- cgit 1.2.3-korg