Heat integration tests failing against https endpoints
Provide ca_file option to pass the ca certificate to verify https
connection. Also pass verify parameter to the test cases which
directly call requests library methods.
Change-Id: I4a81047136d6a64b151180e95c254edea8165349
Closes-Bug: #1553898
diff --git a/common/clients.py b/common/clients.py
index 85bfea5..acbf239 100644
--- a/common/clients.py
+++ b/common/clients.py
@@ -79,6 +79,8 @@
raise ValueError(_('Incorrectly specified auth_url config: no '
'version found.'))
+ self.insecure = self.conf.disable_ssl_certificate_validation
+ self.ca_file = self.conf.ca_file
self.identity_client = self._get_identity_client()
self.orchestration_client = self._get_orchestration_client()
self.compute_client = self._get_compute_client()
@@ -121,13 +123,15 @@
'project_domain_name': domain,
'user_domain_name': domain})
auth = password.Password(**kwargs)
- return KeystoneWrapperClient(
- auth,
- not self.conf.disable_ssl_certificate_validation)
+ if self.insecure:
+ verify_cert = False
+ else:
+ verify_cert = self.ca_file or True
+
+ return KeystoneWrapperClient(auth, verify_cert)
def _get_compute_client(self):
- dscv = self.conf.disable_ssl_certificate_validation
region = self.conf.region
client_args = (
@@ -146,11 +150,11 @@
endpoint_type='publicURL',
region_name=region,
no_cache=True,
- insecure=dscv,
+ insecure=self.insecure,
+ cacert=self.ca_file,
http_log_debug=True)
def _get_network_client(self):
- dscv = self.conf.disable_ssl_certificate_validation
return neutron_client.Client(
username=self.conf.username,
@@ -159,12 +163,12 @@
endpoint_type='publicURL',
# neutronclient can not use v3 url
auth_url=self.v2_auth_url,
- insecure=dscv)
+ insecure=self.insecure,
+ ca_cert=self.ca_file)
def _get_volume_client(self):
region = self.conf.region
endpoint_type = 'publicURL'
- dscv = self.conf.disable_ssl_certificate_validation
return cinder_client.Client(
self.CINDERCLIENT_VERSION,
self.conf.username,
@@ -174,11 +178,11 @@
self.v2_auth_url,
region_name=region,
endpoint_type=endpoint_type,
- insecure=dscv,
+ insecure=self.insecure,
+ cacert=self.ca_file,
http_log_debug=True)
def _get_object_client(self):
- dscv = self.conf.disable_ssl_certificate_validation
args = {
'auth_version': self.auth_version,
'tenant_name': self.conf.tenant_name,
@@ -186,12 +190,12 @@
'key': self.conf.password,
'authurl': self.conf.auth_url,
'os_options': {'endpoint_type': 'publicURL'},
- 'insecure': dscv,
+ 'insecure': self.insecure,
+ 'cacert': self.ca_file,
}
return swift_client.Connection(**args)
def _get_metering_client(self):
- dscv = self.conf.disable_ssl_certificate_validation
domain = self.conf.domain_name
try:
endpoint = self.identity_client.get_endpoint_url('metering',
@@ -204,7 +208,8 @@
'password': self.conf.password,
'tenant_name': self.conf.tenant_name,
'auth_url': self.conf.auth_url,
- 'insecure': dscv,
+ 'insecure': self.insecure,
+ 'cacert': self.ca_file,
'region_name': self.conf.region,
'endpoint_type': 'publicURL',
'service_type': 'metering',