Merge "Adds setting to disable SSL cert validation"
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 3cbe1b5..d12da44 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -7,6 +7,9 @@
# custom Keystone service catalog implementation, you probably want to leave
# this value as "identity"
catalog_type = identity
+# Ignore SSL certificate validation failures? Use when in testing
+# environments that have self-signed SSL certs.
+disable_ssl_certificate_validation = False
# Set to True if your test environment's Keystone authentication service should
# be accessed over HTTPS
use_ssl = False
diff --git a/tempest/common/rest_client.py b/tempest/common/rest_client.py
index 287ef56..7beef3f 100644
--- a/tempest/common/rest_client.py
+++ b/tempest/common/rest_client.py
@@ -103,7 +103,8 @@
params['headers'] = {'User-Agent': 'Test-Client', 'X-Auth-User': user,
'X-Auth-Key': password}
- self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
resp, body = self.http_obj.request(auth_url, 'GET', **params)
try:
return resp['x-auth-token'], resp['x-server-management-url']
@@ -125,7 +126,8 @@
}
}
- self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
headers = {'Content-Type': 'application/json'}
body = json.dumps(creds)
resp, body = self.http_obj.request(auth_url, 'POST',
@@ -200,7 +202,8 @@
if (self.token is None) or (self.base_url is None):
self._set_auth()
- self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
headers['X-Auth-Token'] = self.token
diff --git a/tempest/config.py b/tempest/config.py
index 8233dd5..45e8bc4 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -31,6 +31,9 @@
cfg.StrOpt('catalog_type',
default='identity',
help="Catalog type of the Identity service."),
+ cfg.BoolOpt('disable_ssl_certificate_validation',
+ default=False,
+ help="Set to True if using self-signed SSL certificates."),
cfg.StrOpt('host',
default="127.0.0.1",
help="Host IP for making Identity API requests."),
diff --git a/tempest/manager.py b/tempest/manager.py
index 513e5d9..cfe8a5c 100644
--- a/tempest/manager.py
+++ b/tempest/manager.py
@@ -128,6 +128,7 @@
# Novaclient adds a /tokens/ part to the auth URL automatically
auth_url = self.config.identity.auth_url.rstrip('tokens')
+ dscv = self.config.identity.disable_ssl_certificate_validation
client_args = (username, password, tenant_name, auth_url)
@@ -136,14 +137,17 @@
return novaclient.client.Client(self.NOVACLIENT_VERSION,
*client_args,
service_type=service_type,
- no_cache=True)
+ no_cache=True,
+ insecure=dscv)
def _get_image_client(self):
keystone = self._get_identity_client()
token = keystone.auth_token
endpoint = keystone.service_catalog.url_for(service_type='image',
endpoint_type='publicURL')
- return glanceclient.Client('1', endpoint=endpoint, token=token)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ return glanceclient.Client('1', endpoint=endpoint, token=token,
+ insecure=dscv)
def _get_identity_client(self, username=None, password=None,
tenant_name=None):
@@ -163,11 +167,13 @@
raise exceptions.InvalidConfiguration(msg)
auth_url = self.config.identity.auth_url.rstrip('tokens')
+ dscv = self.config.identity.disable_ssl_certificate_validation
return keystoneclient.v2_0.client.Client(username=username,
password=password,
tenant_name=tenant_name,
- auth_url=auth_url)
+ auth_url=auth_url,
+ insecure=dscv)
def _get_network_client(self):
# The intended configuration is for the network client to have
@@ -187,11 +193,13 @@
raise exceptions.InvalidConfiguration(msg)
auth_url = self.config.identity.auth_url.rstrip('tokens')
+ dscv = self.config.identity.disable_ssl_certificate_validation
return quantumclient.v2_0.client.Client(username=username,
password=password,
tenant_name=tenant_name,
- auth_url=auth_url)
+ auth_url=auth_url,
+ insecure=dscv)
class ComputeFuzzClientManager(FuzzClientManager):
diff --git a/tempest/services/identity/json/admin_client.py b/tempest/services/identity/json/admin_client.py
index c4e6c95..a0da4ca 100644
--- a/tempest/services/identity/json/admin_client.py
+++ b/tempest/services/identity/json/admin_client.py
@@ -207,6 +207,7 @@
def __init__(self, config):
self.auth_url = config.identity.auth_url
+ self.config = config
def auth(self, user, password, tenant):
creds = {
@@ -225,7 +226,8 @@
def request(self, method, url, headers=None, body=None):
"""A simple HTTP request interface."""
- self.http_obj = httplib2.Http()
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
diff --git a/tempest/services/identity/xml/admin_client.py b/tempest/services/identity/xml/admin_client.py
index 60897e9..46a1255 100644
--- a/tempest/services/identity/xml/admin_client.py
+++ b/tempest/services/identity/xml/admin_client.py
@@ -243,6 +243,7 @@
def __init__(self, config):
self.auth_url = config.identity.auth_url
+ self.config = config
def auth(self, user, password, tenant):
passwordCreds = Element("passwordCredentials",
@@ -257,7 +258,8 @@
def request(self, method, url, headers=None, body=None):
"""A simple HTTP request interface."""
- self.http_obj = httplib2.Http()
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
diff --git a/tempest/services/image/service.py b/tempest/services/image/service.py
index 154b5b8..3ffdd10 100644
--- a/tempest/services/image/service.py
+++ b/tempest/services/image/service.py
@@ -41,12 +41,15 @@
import glanceclient
import keystoneclient.v2_0.client
+ dscv = self.config.identity.disable_ssl_certificate_validation
+
auth_url = self.config.identity.auth_url.rstrip('tokens')
keystone = keystoneclient.v2_0.client.Client(
username=config.images.username,
password=config.images.password,
tenant_name=config.images.tenant_name,
- auth_url=auth_url)
+ auth_url=auth_url,
+ insecure=dscv)
token = keystone.auth_token
endpoint = keystone.service_catalog.url_for(
service_type='image',
@@ -54,7 +57,8 @@
self._client = glanceclient.Client('1',
endpoint=endpoint,
- token=token)
+ token=token,
+ insecure=dscv)
else:
raise NotImplementedError
diff --git a/tempest/services/object_storage/object_client.py b/tempest/services/object_storage/object_client.py
index b0f75d4..03cd209 100644
--- a/tempest/services/object_storage/object_client.py
+++ b/tempest/services/object_storage/object_client.py
@@ -133,7 +133,8 @@
def request(self, method, url, headers=None, body=None, wait=None):
"""A simple HTTP request interface."""
- self.http_obj = httplib2.Http()
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
if self.base_url is None: