Configure and use SSL-related requests options

This patch adds standard SSL options to IPA config and makes use of them when making HTTP requests. For now, a single set of certificates is used when needed. In the future configuration can be expanded to allow per-service certificates. Besides, the 'insecure' option (defaults to False) can be overridden through kernel command line parameter 'ipa-insecure'. This will allow running IPA in CI-like environments with self-signed SSL certificates. Change-Id: I259d9b3caa9ba1dc3d7382f375b8e086a5348d80 Closes-Bug: #1642515
author: Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> 2016-11-17 13:26:28 +0200
committer: Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> 2017-01-13 11:33:44 +0200
commit: fdd11b54a5e3d7a9ee89628baba2990e4e00abdd (patch)
tree: 5a2fe131c6cc2c75cd03738ee6218bc54e0a2f07 /ironic_python_agent/tests/unit/test_utils.py
parent: 51ab461af85ab15fe321f84303a1151697b1e6eb (diff)
download: ironic-python-agent-fdd11b54a5e3d7a9ee89628baba2990e4e00abdd.tar.gz
1 files changed, 30 insertions, 0 deletions
diff --git a/ironic_python_agent/tests/unit/test_utils.py b/ironic_python_agent/tests/unit/test_utils.py
index 487e6aee..0f8e3b85 100644
--- a/ironic_python_agent/tests/unit/test_utils.py
+++ b/ironic_python_agent/tests/unit/test_utils.py
@@ -455,3 +455,33 @@ class TestUtils(testtools.TestCase):
             file_list=['/var/log'],
             io_dict={'iptables': mock.ANY, 'ip_addr': mock.ANY, 'ps': mock.ANY,
                      'dmesg': mock.ANY, 'df': mock.ANY})
+
+    def test_get_ssl_client_options(self):
+        # defaults
+        conf = mock.Mock(insecure=False, cafile=None,
+                         keyfile=None, certfile=None)
+        self.assertEqual((True, None), utils.get_ssl_client_options(conf))
+
+        # insecure=True overrides cafile
+        conf = mock.Mock(insecure=True, cafile='spam',
+                         keyfile=None, certfile=None)
+        self.assertEqual((False, None), utils.get_ssl_client_options(conf))
+
+        # cafile returned as verify when not insecure
+        conf = mock.Mock(insecure=False, cafile='spam',
+                         keyfile=None, certfile=None)
+        self.assertEqual(('spam', None), utils.get_ssl_client_options(conf))
+
+        # only both certfile and keyfile produce non-None result
+        conf = mock.Mock(insecure=False, cafile=None,
+                         keyfile=None, certfile='ham')
+        self.assertEqual((True, None), utils.get_ssl_client_options(conf))
+
+        conf = mock.Mock(insecure=False, cafile=None,
+                         keyfile='ham', certfile=None)
+        self.assertEqual((True, None), utils.get_ssl_client_options(conf))
+
+        conf = mock.Mock(insecure=False, cafile=None,
+                         keyfile='spam', certfile='ham')
+        self.assertEqual((True, ('ham', 'spam')),
+                         utils.get_ssl_client_options(conf))
author	Pavlo Shchelokovskyy <shchelokovskyy@gmail.com>	2016-11-17 13:26:28 +0200
committer	Pavlo Shchelokovskyy <shchelokovskyy@gmail.com>	2017-01-13 11:33:44 +0200
commit	fdd11b54a5e3d7a9ee89628baba2990e4e00abdd (patch)
tree	5a2fe131c6cc2c75cd03738ee6218bc54e0a2f07 /ironic_python_agent/tests/unit/test_utils.py
parent	51ab461af85ab15fe321f84303a1151697b1e6eb (diff)
download	ironic-python-agent-fdd11b54a5e3d7a9ee89628baba2990e4e00abdd.tar.gz