def _get_cert_provider(self, nsx_cert, key):
     cert_file = self.certpath
     data_cert_file = nsx_cert
     data_key_file = key
     if (not os.path.isfile(data_key_file)
             and not os.path.isfile(data_cert_file)):
         print("Filepaths %s and %s do not exist for PEM encoded NSX "
               "certificate and key pair." %
               (data_cert_file, data_key_file))
         return
     # Cert file was not created or is no longer found in filesystem
     filenames = [data_key_file, data_cert_file]
     # Create a single file from the cert and key data since NSX expects
     # one single file for certificate.
     with open(cert_file, 'w') as c_file:
         for filename in filenames:
             try:
                 with open(filename) as fname:
                     for line in fname:
                         c_file.write(line)
             except Exception as e:
                 print("Unable to write file %s to create client cert: "
                       "%s" % (filename, str(e)))
                 return
     print("Successfully created certificate file %s for NSX client "
           "connection." % cert_file)
     return client_cert.ClientCertProvider(cert_file)
Exemplo n.º 2
0
def get_client_cert_provider(conf_path=cfg.CONF.nsx_v3):
    if not conf_path.nsx_use_client_auth:
        return None

    if conf_path.nsx_client_cert_storage.lower() == 'none':
        # Admin is responsible for providing cert file, the plugin
        # should not touch it
        return client_cert.ClientCertProvider(conf_path.nsx_client_cert_file)

    if conf_path.nsx_client_cert_storage.lower() == 'nsx-db':
        # Cert data is stored in DB, and written to file system only
        # when new connection is opened, and deleted immediately after.
        return DbCertProvider
Exemplo n.º 3
0
def get_client_cert_provider():
    if not cfg.CONF.nsx_v3.nsx_use_client_auth:
        return None

    if cfg.CONF.nsx_v3.nsx_client_cert_storage.lower() == 'none':
        # Admin is responsible for providing cert file, the plugin
        # should not touch it
        return client_cert.ClientCertProvider(
            cfg.CONF.nsx_v3.nsx_client_cert_file)

    if cfg.CONF.nsx_v3.nsx_client_cert_storage.lower() == 'nsx-db':
        # Cert data is stored in DB, and written to file system only
        # when new connection is opened, and deleted immediately after.
        # Pid is appended to avoid file collisions between neutron servers
        return DbCertProvider()
Exemplo n.º 4
0
def get_nsxlib_config_with_client_cert():
    return config.NsxLibConfig(
        client_cert_provider=client_cert.ClientCertProvider(CLIENT_CERT),
        retries=NSX_HTTP_RETRIES,
        insecure=NSX_INSECURE,
        ca_file=NSX_CERT,
        concurrent_connections=NSX_CONCURENT_CONN,
        http_timeout=NSX_HTTP_TIMEOUT,
        http_read_timeout=NSX_HTTP_READ_TIMEOUT,
        conn_idle_timeout=NSX_CONN_IDLE_TIME,
        http_provider=None,
        nsx_api_managers=[],
        plugin_scope=PLUGIN_SCOPE,
        plugin_tag=PLUGIN_TAG,
        plugin_ver=PLUGIN_VER)
Exemplo n.º 5
0
    def test_new_connection_with_client_auth(self):
        mock_api = mock.Mock()
        mock_api.nsxlib_config = mock.Mock()
        mock_api.nsxlib_config.retries = 100
        mock_api.nsxlib_config.insecure = True
        mock_api.nsxlib_config.ca_file = None
        mock_api.nsxlib_config.http_timeout = 99
        mock_api.nsxlib_config.conn_idle_timeout = 39
        cert_provider_inst = client_cert.ClientCertProvider('/etc/cert.pem')
        mock_api.nsxlib_config.client_cert_provider = cert_provider_inst
        provider = cluster.NSXRequestsHTTPProvider()
        with mock.patch.object(cluster.TimeoutSession,
                               'request',
                               return_value=get_sess_create_resp()):
            session = provider.new_connection(
                mock_api,
                cluster.Provider('9.8.7.6', 'https://9.8.7.6', None, None,
                                 None))

            self.assertIsNone(session.auth)
            self.assertFalse(session.verify)
            self.assertEqual(cert_provider_inst, session.cert_provider)
            self.assertEqual(99, session.timeout)