diff --git a/src/vnsw/agent/init/agent_param.cc b/src/vnsw/agent/init/agent_param.cc index 15f64230aac..2b042746580 100644 --- a/src/vnsw/agent/init/agent_param.cc +++ b/src/vnsw/agent/init/agent_param.cc @@ -543,8 +543,8 @@ void AgentParam::ParseServiceInstance() { "SERVICE-INSTANCE.netns_timeout"); GetValueFromTree(si_lb_ssl_cert_path_, "SERVICE-INSTANCE.lb_ssl_cert_path"); - GetValueFromTree(si_lb_keystone_auth_conf_path_, - "SERVICE-INSTANCE.lb_keystone_auth_conf_path"); + GetValueFromTree(si_lb_custom_attr_conf_path_, + "SERVICE-INSTANCE.lb_custom_attr_conf_path"); } void AgentParam::ParseNexthopServer() { diff --git a/src/vnsw/agent/init/agent_param.h b/src/vnsw/agent/init/agent_param.h index fded652b309..cec81e1dcd0 100644 --- a/src/vnsw/agent/init/agent_param.h +++ b/src/vnsw/agent/init/agent_param.h @@ -121,8 +121,8 @@ class AgentParam { std::string si_lb_ssl_cert_path() const { return si_lb_ssl_cert_path_; } - std::string si_lb_keystone_auth_conf_path() const { - return si_lb_keystone_auth_conf_path_; + std::string si_lb_custom_attr_conf_path() const { + return si_lb_custom_attr_conf_path_; } std::string nexthop_server_endpoint() const { @@ -405,7 +405,7 @@ class AgentParam { int si_netns_workers_; int si_netns_timeout_; std::string si_lb_ssl_cert_path_; - std::string si_lb_keystone_auth_conf_path_; + std::string si_lb_custom_attr_conf_path_; VmwareMode vmware_mode_; // List of IP addresses on the compute node. AddressList compute_node_address_list_; diff --git a/src/vnsw/agent/oper/instance_manager.cc b/src/vnsw/agent/oper/instance_manager.cc index c502c871aa3..c693d5ac7e6 100644 --- a/src/vnsw/agent/oper/instance_manager.cc +++ b/src/vnsw/agent/oper/instance_manager.cc @@ -99,12 +99,13 @@ class InstanceManager::NamespaceStaleCleaner { //If Loadbalncer, delete the config files as well if (prop.service_type == ServiceInstance::LoadBalancer) { std::stringstream pathgen; - std::stringstream conf_path, json_path, sock_path; + std::stringstream conf_path, json_path, sock_path, crt_path; pathgen << manager_->loadbalancer_config_path_ << prop.pool_id; conf_path << pathgen.str() << ".haproxy.conf"; json_path << pathgen.str() << ".conf.json"; sock_path << pathgen.str() << ".haproxy.sock"; + crt_path << pathgen.str() << ".crtbundle.pem"; boost::system::error_code error; if (fs::exists(conf_path.str())) { @@ -130,6 +131,14 @@ class InstanceManager::NamespaceStaleCleaner { << error.message()); } } + + if (fs::exists(crt_path.str())) { + fs::remove_all(crt_path.str(), error); + if (error) { + LOG(ERROR, "Stale loadbalancer certificate file delete error" + << error.message()); + } + } } } } @@ -764,10 +773,11 @@ void InstanceManager::LoadbalancerObserver( lb_config_->GenerateConfig(pathgen.str(), loadbalancer->uuid(), *loadbalancer->properties()); } else { - std::stringstream conf_path, json_path, sock_path; + std::stringstream conf_path, json_path, sock_path, crt_path; conf_path << pathgen.str() << ".haproxy.conf"; json_path << pathgen.str() << ".conf.json"; sock_path << pathgen.str() << ".haproxy.sock"; + crt_path << pathgen.str() << ".crtbundle.pem"; boost::filesystem::path conf_file(conf_path.str()); if (boost::filesystem::exists(conf_file, error)) { @@ -783,6 +793,11 @@ void InstanceManager::LoadbalancerObserver( if (boost::filesystem::exists(json_file, error)) { boost::filesystem::remove_all(json_path.str(), error); } + + boost::filesystem::path crt_file(crt_path.str()); + if (boost::filesystem::exists(crt_file, error)) { + boost::filesystem::remove_all(crt_path.str(), error); + } } } diff --git a/src/vnsw/agent/oper/netns_instance_adapter.cc b/src/vnsw/agent/oper/netns_instance_adapter.cc index f3bde8a0d87..df7bd0b8330 100644 --- a/src/vnsw/agent/oper/netns_instance_adapter.cc +++ b/src/vnsw/agent/oper/netns_instance_adapter.cc @@ -38,9 +38,9 @@ InstanceTask* NetNSInstanceAdapter::CreateStartTask(const ServiceInstance::Prope cmd_str << " --cfg-file " << loadbalancer_config_path_ << props.pool_id << ".conf.json"; cmd_str << " --pool-id " << props.pool_id; - if (!agent_->params()->si_lb_keystone_auth_conf_path().empty()) { - cmd_str << " --keystone-auth-cfg-file " << - agent_->params()->si_lb_keystone_auth_conf_path(); + if (!agent_->params()->si_lb_custom_attr_conf_path().empty()) { + cmd_str << " --custom-attr-cfg-file " << + agent_->params()->si_lb_custom_attr_conf_path(); } } diff --git a/src/vnsw/opencontrail-vrouter-netns/SConscript b/src/vnsw/opencontrail-vrouter-netns/SConscript index e5b7c6dfb45..e5d4103b0f5 100644 --- a/src/vnsw/opencontrail-vrouter-netns/SConscript +++ b/src/vnsw/opencontrail-vrouter-netns/SConscript @@ -33,7 +33,8 @@ sources = [ 'opencontrail_vrouter_netns/linux/utils.py', 'opencontrail_vrouter_netns/tests/__init__.py', 'opencontrail_vrouter_netns/tests/test_vrouter_netns.py', - 'opencontrail_vrouter_netns/tests/test_vrouter_docker.py' + 'opencontrail_vrouter_netns/tests/test_vrouter_docker.py', + 'opencontrail_vrouter_netns/tests/test_lbaas_custom_attributes.py' ] cd_cmd = 'cd ' + Dir('.').path + ' && ' diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_cert.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_cert.py index a4eff02bd7d..799987f39a7 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_cert.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_cert.py @@ -1,16 +1,48 @@ import json -import keystone_auth import sys import logging +import os +import requests +import abc +import six -class Barbican_Cert_Manager(object): +@six.add_metaclass(abc.ABCMeta) +class Cert_Manager(object): + """Class to download certs from specific + drivers mentioned in the conf_file""" + def __init__(self): + pass + + def _request(self, url, headers=None, body=None, request_type=None): + try: + if request_type == 'PUT': + encoded_body = json.dumps(body) + return requests.put(url, headers=headers, data=encoded_body) + elif request_type == 'POST': + encoded_body = json.dumps(body) + return requests.post(url, headers=headers, data=encoded_body) + else: + return requests.get(url, headers=headers) + + except Exception as e: + logging.error("Failed sending request to keystone") + return None + + @abc.abstractmethod + def _validate_tls_secret(self, tls_container_ref): + pass + + @abc.abstractmethod + def _populate_tls_pem(self, tls_container_ref): + pass + +class Barbican_Cert_Manager(Cert_Manager): """Class to download certs from barbican and populate the pem file as required by HAProxy """ - def __init__(self, keystone_auth_conf_file): - self.identity = keystone_auth.Identity(keystone_auth_conf_file) - if not self.identity: - raise Exception() + def __init__(self, identity=None): + super(Barbican_Cert_Manager, self).__init__() + self.identity = identity def _get_barbican_entity(self, barbican_ep, auth_token, entity_ref, metadata=True): @@ -25,7 +57,7 @@ def _get_barbican_entity(self, barbican_ep, auth_token, "X-Auth-Token": "%s" % auth_token } url = entity_ref - resp = keystone_auth._request(url, headers, 'GET') + resp = self._request(url, headers, 'GET') if resp.status_code in range(200, 299): if metadata: return json.loads(resp.text) @@ -102,3 +134,32 @@ def _populate_tls_pem(self, tls_container_ref): except Exception as e: logging.error("%s while populating SSL Pem file" % str(e)) return None + + +class Generic_Cert_Manager(Cert_Manager): + """Class to download certs from Generic Cert Manager and + populate the pem file as required by HAProxy + """ + def __init__(self, identity=None): + super(Generic_Cert_Manager, self).__init__() + + def _validate_tls_secret(self, tls_container_ref): + if tls_container_ref is None: + return False + + # Check if the file exists + if not os.path.isfile(tls_container_ref): + return False + + # Check if file is readable + if not os.access(tls_container_ref, os.R_OK): + return False + + return True + + def _populate_tls_pem(self, tls_container_ref): + secret_text = '' + with open(tls_container_ref) as tls_container: + secret_text = tls_container.read() + + return secret_text diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_config.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_config.py index 49e65263d40..9c6e80cdddc 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_config.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_config.py @@ -2,19 +2,20 @@ import os import logging -def validate_custom_attributes(config, section, keystone_auth_conf_file=None): +def validate_custom_attributes(config, section, custom_attr_conf_file=None): return {} try: from haproxy_validator import validate_custom_attributes as validator from haproxy_validator import custom_attributes_dict - from haproxy_cert import Barbican_Cert_Manager except ImportError: validator = validate_custom_attributes custom_attributes_dict = {} # Setup logger -logging.basicConfig(filename='/var/log/contrail/haproxy_parse.log', level=logging.WARNING) +FORMAT="[%(filename)s:%(lineno)s] %(message)s" +logging.basicConfig(filename='/var/log/contrail/haproxy_parse.log', + level=logging.WARNING, format=FORMAT) # Setup global definitions PROTO_TCP = 'TCP' @@ -44,7 +45,7 @@ def validate_custom_attributes(config, section, keystone_auth_conf_file=None): HTTPS_PORT = 443 -def build_config(pool_id, conf_file, keystone_auth_conf_file): +def build_config(pool_id, conf_file, custom_attr_conf_file=None): with open(conf_file) as data_file: config = json.load(data_file) conf_dir = os.path.dirname(conf_file) @@ -53,14 +54,15 @@ def build_config(pool_id, conf_file, keystone_auth_conf_file): sock_path = conf_dir + '/' + pool_id + '.haproxy.sock' conf = _set_global_config(config, sock_path) + '\n\n' conf += _set_defaults(config) + '\n\n' - conf += _set_frontend(config, conf_dir, keystone_auth_conf_file) + '\n\n' + conf += _set_frontend(config, conf_dir, custom_attr_conf_file) + '\n\n' conf += _set_backend(config) + '\n' filename = conf_dir + '/' + pool_id + '.haproxy.conf' conf_file = open(filename, 'w') conf_file.write(conf) return filename -def _construct_config_block(lb_config, conf, custom_attr_section, custom_attributes): +def _construct_config_block(lb_config, conf, custom_attr_section, + custom_attributes): for key, value in custom_attributes.iteritems(): cmd = custom_attributes_dict[custom_attr_section][key]['cmd'] conf.append(cmd % value) @@ -92,7 +94,8 @@ def _set_global_config(config, sock_path): ] conf.append('stats socket %s mode 0666 level user' % sock_path) - return _construct_config_block(config, conf, "global", global_custom_attributes) + return _construct_config_block(config, conf, "global", + global_custom_attributes) def _set_defaults(config): @@ -114,16 +117,17 @@ def _set_defaults(config): 'timeout server %d' % server_timeout, ] - return _construct_config_block(config, conf, "default", default_custom_attributes) + return _construct_config_block(config, conf, "default", + default_custom_attributes) -def _set_frontend(config, conf_dir, keystone_auth_conf_file): +def _set_frontend(config, conf_dir, custom_attr_conf_file=None): port = config['vip']['port'] - vip_custom_attributes = validator(config, 'vip', keystone_auth_conf_file) + vip_custom_attributes = validator(config, 'vip', custom_attr_conf_file) ssl = '' if 'tls_container' in vip_custom_attributes: data = vip_custom_attributes.pop('tls_container', None) - crt_file = _populate_pem_file(data, conf_dir) + crt_file = _populate_pem_file(data, conf_dir, config['pool']['id']) else: crt_file = config['ssl-crt'] @@ -220,8 +224,8 @@ def _get_codes(codes): response.add(code) return response -def _populate_pem_file(data, conf_dir): - crt_filename = conf_dir + '/crtbundle.pem' +def _populate_pem_file(data, conf_dir, pool_id): + crt_filename = conf_dir + '/' + pool_id + '.crtbundle.pem' with open(crt_filename, 'w+') as outfile: outfile.write(data) diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py index 14bdb888e50..546d310615b 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py @@ -17,10 +17,10 @@ def stop_haproxy(conf_file, daemon_mode=False): pass def start_update_haproxy(conf_file, netns, daemon_mode=False, - keystone_auth_conf_file=None): + custom_attr_conf_file=None): pool_id = conf_file.split('.')[0].split('/')[-1] haproxy_cfg_file = haproxy_config.build_config(pool_id, conf_file, \ - keystone_auth_conf_file) + custom_attr_conf_file) try: if daemon_mode: _start_haproxy_daemon(netns, haproxy_cfg_file) diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_validator.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_validator.py index 03b85939252..a62b88f1ce1 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_validator.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_validator.py @@ -1,7 +1,10 @@ import logging import inspect -from haproxy_cert import Barbican_Cert_Manager +import ConfigParser +import keystone_auth import os +import sys +import haproxy_cert class CustomAttr(object): """This type handles non-flat data-types like @@ -18,9 +21,48 @@ def post_validation(self, conf_list): return class CustomAttrTlsContainer(CustomAttr): - def __init__(self, keystone_auth_conf_file, key, value): + def __init__(self, key, value, custom_attr_conf_file=None): super(CustomAttrTlsContainer, self).__init__(key, value) - self.cert_manager = Barbican_Cert_Manager(keystone_auth_conf_file) + if not custom_attr_conf_file: + logging.error("Missing custom attr conf file name in vrouter-agent.conf") + raise Exception() + + if not self._read_config(custom_attr_conf_file): + logging.error("Error reading %s" % custom_attr_conf_file) + raise Exception() + + cert_dict = self._parse_args(self._config, 'CERT') + if not cert_dict or not 'cert_manager' in cert_dict: + logging.error("Missing CERT section") + raise Exception() + + if cert_dict['cert_manager'] == 'Barbican_Cert_Manager': + # Make sure keystone credentials are present + auth_dict = self._parse_args(self._config, 'KEYSTONE') + if not auth_dict: + logging.error("Missing KEYSTONE section") + raise Exception() + identity = keystone_auth.Identity(auth_dict) + else: + identity = None + + self.cert_manager = getattr(haproxy_cert, + cert_dict['cert_manager'])(identity=identity) + + def _read_config(self, conf_file): + config = ConfigParser.ConfigParser() + if not len(config.read(conf_file)): + return False + else: + self._config = config + return True + + def _parse_args(self, config, section): + try: + return dict(config.items(section)) + except Exception as e: + logging.error(str(e)) + return None def validate(self): if self._key != 'tls_container': @@ -118,7 +160,7 @@ def post_validation(self): 'pool': {}, } -def validate_custom_attributes(config, section, keystone_auth_conf_file=None): +def validate_custom_attributes(config, section, custom_attr_conf_file=None): section_dict = {} if 'custom-attributes' in config and section in custom_attributes_dict: custom_attributes = config['custom-attributes'] @@ -152,8 +194,8 @@ def validate_custom_attributes(config, section, keystone_auth_conf_file=None): logging.info("Skipping key: %s, value: %s due to" \ "validation failure" % (key, value)) elif inspect.isclass(type_attr): - new_custom_attr = type_attr(keystone_auth_conf_file, \ - key, value) + new_custom_attr = type_attr(key, value, + custom_attr_conf_file) if new_custom_attr.validate(): value = new_custom_attr.post_validation() section_dict.update({key:value}) diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/keystone_auth.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/keystone_auth.py index bdacd186486..5de72eabc3e 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/keystone_auth.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/keystone_auth.py @@ -1,44 +1,33 @@ -import requests import json import os -import ConfigParser import logging - -def _request(url, headers=None, body=None, request_type=None): - try: - if request_type == 'PUT': - encoded_body = json.dumps(body) - return requests.put(url, headers=headers, data=encoded_body) - elif request_type == 'POST': - encoded_body = json.dumps(body) - return requests.post(url, headers=headers, data=encoded_body) - else: - return requests.get(url, headers=headers) - - except Exception as e: - logging.error("Failed sending request to keystone") - return None +import requests class Identity(): '''Identity class to get project-scoped tokens for user''' - def __init__(self, conf_file): - config = ConfigParser.RawConfigParser() - config.read(conf_file) - if not self._parse_config(config): + def __init__(self, args_dict): + if not self._parse_args(args_dict): raise Exception() - def _parse_config(self, config): + def _parse_args(self, args_dict): + if 'keystone_version' not in args_dict: + args_dict['keystone_version'] = 'v2.0' + + if 'barbican_endpoint' not in args_dict: + args_dict['barbican_endpoint'] = '' + + if 'domain_name' not in args_dict: + args_dict['domain_name'] = 'default' + try: - self.keystone_ep = config.get('DEFAULT', 'keystone_endpoint') - self.barbican_ep = config.get('DEFAULT', 'barbican_endpoint') - self.domain_name = config.get('DEFAULT', 'domain_name') - self.os_username = config.get('DEFAULT', 'username') - self.os_password = config.get('DEFAULT', 'password') - self.os_project_name = \ - config.get('DEFAULT', 'project_name') - self.identity_version = \ - config.get('DEFAULT', 'keystone_version') + self.keystone_ep = args_dict['keystone_endpoint'] + self.barbican_ep = args_dict['barbican_endpoint'] + self.domain_name = args_dict['domain_name'] + self.os_username = args_dict['username'] + self.os_password = args_dict['password'] + self.os_project_name = args_dict['project_name'] + self.identity_version = args_dict['keystone_version'] self.auth_token = None if not self.keystone_ep: @@ -81,6 +70,21 @@ def _parse_config(self, config): logging.error(str(e)) return False + def _request(self, url, headers=None, body=None, request_type=None): + try: + if request_type == 'PUT': + encoded_body = json.dumps(body) + return requests.put(url, headers=headers, data=encoded_body) + elif request_type == 'POST': + encoded_body = json.dumps(body) + return requests.post(url, headers=headers, data=encoded_body) + else: + return requests.get(url, headers=headers) + + except Exception as e: + logging.error("Failed sending request to keystone") + return None + def _get_v3_project_scoped_auth_token(self): try: headers = { @@ -108,7 +112,7 @@ def _get_v3_project_scoped_auth_token(self): } url = self.keystone_ep + "/auth/tokens" - resp = _request(url, headers, body, 'POST') + resp = self._request(url, headers, body, 'POST') if resp and resp.status_code in range(200, 299): headers = resp.headers if headers and 'x-subject-token' in headers: @@ -136,7 +140,7 @@ def _get_v2_project_scoped_auth_token(self): } url = self.keystone_ep + "/tokens" - resp = _request(url, headers, body, 'POST') + resp = self._request(url, headers, body, 'POST') if resp and resp.status_code in range(200, 299): json_data = json.loads(resp.text) self.auth_token = json_data['access']['token']['id'] diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/tests/test_lbaas_custom_attributes.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/tests/test_lbaas_custom_attributes.py new file mode 100644 index 00000000000..4d9732d8817 --- /dev/null +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/tests/test_lbaas_custom_attributes.py @@ -0,0 +1,86 @@ +# Copyright (c) 2016 Symantec +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# @author: Varun Lodaya, Symantec. + +import unittest +import mock +from opencontrail_vrouter_netns.haproxy_cert import Generic_Cert_Manager, Barbican_Cert_Manager +import opencontrail_vrouter_netns.keystone_auth as keystone_auth +import opencontrail_vrouter_netns.haproxy_validator as haproxy_validator +from sys import version_info +if version_info.major == 2: + import __builtin__ as builtins +else: + import builtins + + +def mocked_requests_get(*args, **kwargs): + class MockResponse: + def __init__(self, data, data_type, status_code): + self.text = data + self.status_code = status_code + self.data_type = data_type + + def text(self): + return self.text + + if args[0] == 'http://barbican/v1/containers/uuid': + return MockResponse('{"secret_refs": [{"secret_ref": "http://barbican/v1/secrets/uuid"}]}', "json", 200) + else: + return MockResponse("secret", "text", 200) + + return MockResponse("", "text", 404) + +class MockedIdentity: + def __init__(self, args_dict): + self.barbican_ep = 'http://barbican/v1' + self.auth_token = '1234' + +class CustomAttributeTest(unittest.TestCase): + def test_false_custom_attributes(self): + fake_config = { + 'custom-attributes': {'key1': 'value1', 'key2': 'value2'} + } + resp_dict = haproxy_validator.validate_custom_attributes(fake_config, 'global', None) + self.assertFalse('key1' in resp_dict.keys() or 'key2' in resp_dict.keys()) + + def test_mixed_custom_attributes(self): + fake_config = { + 'custom-attributes': {'key': 'value', 'server_timeout': '50000'} + } + resp_dict = haproxy_validator.validate_custom_attributes(fake_config, 'default', None) + self.assertTrue('key' not in resp_dict.keys() and 'server_timeout' in resp_dict.keys()) + + def test_missing_custom_attr_conf_file(self): + fake_config = { + 'custom-attributes': {'tls_container': 'http://barbican/v1'} + } + self.assertRaises(haproxy_validator.validate_custom_attributes(fake_config, 'vip', None)) + + def test_generic_cert_manager_read(self): + with mock.patch.object(builtins, 'open', mock.mock_open(read_data='secret')): + cert_manager = Generic_Cert_Manager() + self.assertEqual(cert_manager._populate_tls_pem('foo'), 'secret') + + @mock.patch('keystone_auth.Identity', side_effect=MockedIdentity) + @mock.patch('haproxy_cert.requests.get', side_effect=mocked_requests_get) + def test_barbican_cert_manager_read(self, mockClass, mock_get): + fake_args_dict = {} + identity = keystone_auth.Identity(fake_args_dict) + cert_manager = Barbican_Cert_Manager(identity) + data = cert_manager._populate_tls_pem('http://barbican/v1/containers/uuid') + self.assertEqual(data, "secret\n") + diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/vrouter_netns.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/vrouter_netns.py index 003ac3effd7..87ac82de5c4 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/vrouter_netns.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/vrouter_netns.py @@ -61,7 +61,7 @@ class NetnsManager(object): def __init__(self, vm_uuid, nic_left, nic_right, other_nics=None, root_helper='sudo', cfg_file=None, update=False, pool_id=None, gw_ip=None, namespace_name=None, - keystone_auth_cfg_file=None): + custom_attr_cfg_file=None): self.vm_uuid = vm_uuid if namespace_name is None: self.namespace = self.NETNS_PREFIX + self.vm_uuid @@ -86,7 +86,7 @@ def __init__(self, vm_uuid, nic_left, nic_right, other_nics=None, self.cfg_file = cfg_file self.update = update self.gw_ip = gw_ip - self.keystone_auth_cfg_file = keystone_auth_cfg_file + self.custom_attr_cfg_file = custom_attr_cfg_file def _get_tap_name(self, uuid_str): return (self.TAP_PREFIX + uuid_str)[:self.DEV_NAME_LEN] @@ -136,7 +136,7 @@ def set_lbaas(self): self.create() haproxy_process.start_update_haproxy(self.cfg_file, self.namespace, True, - self.keystone_auth_cfg_file) + self.custom_attr_cfg_file) try: self.ip_ns.netns.execute(['route', 'add', 'default', 'gw', self.gw_ip]) @@ -313,9 +313,9 @@ def _parse_args(self, args_str): default=None, help=("Loadbalancer Pool")) create_parser.add_argument( - "--keystone-auth-cfg-file", + "--custom-attr-cfg-file", default=None, - help=("Keystone auth config file for lbaas")) + help=("Custom Attributes config file for lbaas")) create_parser.set_defaults(func=self.create) destroy_parser = subparsers.add_parser('destroy') @@ -378,7 +378,7 @@ def create(self): cfg_file=self.args.cfg_file, update=self.args.update, gw_ip=self.args.gw_ip, pool_id=self.args.pool_id, - keystone_auth_cfg_file=self.args.keystone_auth_cfg_file) + custom_attr_cfg_file=self.args.custom_attr_cfg_file) if (self.args.update is False): if netns_mgr.is_netns_already_exists():