diff options
author | Sabari Kumar Murugesan <smurugesan@vmware.com> | 2016-01-20 00:12:07 -0800 |
---|---|---|
committer | Flavio Percoco <flaper87@gmail.com> | 2016-02-26 11:07:26 -0400 |
commit | cfc3664524b8b4c8833088266467c746bb6fd068 (patch) | |
tree | 276ac051906b61dc9c458f0f90ec7e98a6bcae2b | |
parent | 0379fa4c5b567db45b54ecb989de7b42c013799d (diff) | |
download | glance_store-cfc3664524b8b4c8833088266467c746bb6fd068.tar.gz |
Add new config options for HTTPS store
The patch introduces three new config options: -
disable_https_verification - A way to disable HTTPS Verification
https_ca_bundle - A way to provide a certificate bundle for verification
http_proxy_information - A way to provide proxy information
Implements: blueprint http-store-on-requests
Change-Id: I83066b50405966535cb34faee85601bc79af75fd
-rw-r--r-- | glance_store/_drivers/http.py | 27 | ||||
-rw-r--r-- | glance_store/tests/unit/test_opts.py | 3 |
2 files changed, 30 insertions, 0 deletions
diff --git a/glance_store/_drivers/http.py b/glance_store/_drivers/http.py index ef2ed4c..3e858bc 100644 --- a/glance_store/_drivers/http.py +++ b/glance_store/_drivers/http.py @@ -15,7 +15,9 @@ import logging +from oslo_config import cfg from oslo_utils import encodeutils + from six.moves import urllib import requests @@ -31,6 +33,26 @@ LOG = logging.getLogger(__name__) MAX_REDIRECTS = 5 +_HTTP_OPTS = [ + cfg.StrOpt('https_ca_certificates_file', + help=_('Specify the path to the CA bundle file to use in ' + 'verifying the remote server certificate.')), + cfg.BoolOpt('https_insecure', + default=True, + help=_('If true, the remote server certificate is not ' + 'verified. If false, then the default CA truststore is ' + 'used for verification. This option is ignored if ' + '"https_ca_certificates_file" is set.')), + cfg.DictOpt('http_proxy_information', + default={}, + help=_('Specify the http/https proxy information that should ' + 'be used to connect to the remote server. The proxy ' + 'information should be a key value pair of the ' + 'scheme and proxy. e.g. http:10.0.0.1:3128. You can ' + 'specify proxies for multiple schemes by seperating ' + 'the key value pairs with a comma.' + 'e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.'))] + class StoreLocation(glance_store.location.StoreLocation): @@ -126,6 +148,7 @@ class Store(glance_store.driver.Store): _CAPABILITIES = (capabilities.BitMasks.READ_ACCESS | capabilities.BitMasks.DRIVER_REUSABLE) + OPTIONS = _HTTP_OPTS @capabilities.check def get(self, location, offset=0, chunk_size=None, context=None): @@ -253,5 +276,9 @@ class Store(glance_store.driver.Store): def _get_response(self, location, verb): if not hasattr(self, 'session'): self.session = requests.Session() + ca_bundle = self.conf.glance_store.https_ca_certificates_file + disable_https = self.conf.glance_store.https_insecure + self.session.verify = ca_bundle if ca_bundle else not disable_https + self.session.proxies = self.conf.glance_store.http_proxy_information return self.session.request(verb, location.get_uri(), stream=True, allow_redirects=False) diff --git a/glance_store/tests/unit/test_opts.py b/glance_store/tests/unit/test_opts.py index 6b0daaf..f795ae4 100644 --- a/glance_store/tests/unit/test_opts.py +++ b/glance_store/tests/unit/test_opts.py @@ -71,10 +71,13 @@ class OptsTestCase(base.StoreBaseTest): 'cinder_store_password', 'cinder_store_project_name', 'default_swift_reference', + 'https_insecure', 'filesystem_store_datadir', 'filesystem_store_datadirs', 'filesystem_store_file_perm', 'filesystem_store_metadata_file', + 'http_proxy_information', + 'https_ca_certificates_file', 'rbd_store_ceph_conf', 'rbd_store_chunk_size', 'rbd_store_pool', |