From cfc3664524b8b4c8833088266467c746bb6fd068 Mon Sep 17 00:00:00 2001 From: Sabari Kumar Murugesan Date: Wed, 20 Jan 2016 00:12:07 -0800 Subject: Add new config options for HTTPS store The patch introduces three new config options: - disable_https_verification - A way to disable HTTPS Verification https_ca_bundle - A way to provide a certificate bundle for verification http_proxy_information - A way to provide proxy information Implements: blueprint http-store-on-requests Change-Id: I83066b50405966535cb34faee85601bc79af75fd --- glance_store/_drivers/http.py | 27 +++++++++++++++++++++++++++ glance_store/tests/unit/test_opts.py | 3 +++ 2 files changed, 30 insertions(+) diff --git a/glance_store/_drivers/http.py b/glance_store/_drivers/http.py index ef2ed4c..3e858bc 100644 --- a/glance_store/_drivers/http.py +++ b/glance_store/_drivers/http.py @@ -15,7 +15,9 @@ import logging +from oslo_config import cfg from oslo_utils import encodeutils + from six.moves import urllib import requests @@ -31,6 +33,26 @@ LOG = logging.getLogger(__name__) MAX_REDIRECTS = 5 +_HTTP_OPTS = [ + cfg.StrOpt('https_ca_certificates_file', + help=_('Specify the path to the CA bundle file to use in ' + 'verifying the remote server certificate.')), + cfg.BoolOpt('https_insecure', + default=True, + help=_('If true, the remote server certificate is not ' + 'verified. If false, then the default CA truststore is ' + 'used for verification. This option is ignored if ' + '"https_ca_certificates_file" is set.')), + cfg.DictOpt('http_proxy_information', + default={}, + help=_('Specify the http/https proxy information that should ' + 'be used to connect to the remote server. The proxy ' + 'information should be a key value pair of the ' + 'scheme and proxy. e.g. http:10.0.0.1:3128. You can ' + 'specify proxies for multiple schemes by seperating ' + 'the key value pairs with a comma.' + 'e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.'))] + class StoreLocation(glance_store.location.StoreLocation): @@ -126,6 +148,7 @@ class Store(glance_store.driver.Store): _CAPABILITIES = (capabilities.BitMasks.READ_ACCESS | capabilities.BitMasks.DRIVER_REUSABLE) + OPTIONS = _HTTP_OPTS @capabilities.check def get(self, location, offset=0, chunk_size=None, context=None): @@ -253,5 +276,9 @@ class Store(glance_store.driver.Store): def _get_response(self, location, verb): if not hasattr(self, 'session'): self.session = requests.Session() + ca_bundle = self.conf.glance_store.https_ca_certificates_file + disable_https = self.conf.glance_store.https_insecure + self.session.verify = ca_bundle if ca_bundle else not disable_https + self.session.proxies = self.conf.glance_store.http_proxy_information return self.session.request(verb, location.get_uri(), stream=True, allow_redirects=False) diff --git a/glance_store/tests/unit/test_opts.py b/glance_store/tests/unit/test_opts.py index 6b0daaf..f795ae4 100644 --- a/glance_store/tests/unit/test_opts.py +++ b/glance_store/tests/unit/test_opts.py @@ -71,10 +71,13 @@ class OptsTestCase(base.StoreBaseTest): 'cinder_store_password', 'cinder_store_project_name', 'default_swift_reference', + 'https_insecure', 'filesystem_store_datadir', 'filesystem_store_datadirs', 'filesystem_store_file_perm', 'filesystem_store_metadata_file', + 'http_proxy_information', + 'https_ca_certificates_file', 'rbd_store_ceph_conf', 'rbd_store_chunk_size', 'rbd_store_pool', -- cgit v1.2.1