From bb60e96011934ccb1a90583dcb87e55cb5880c4e Mon Sep 17 00:00:00 2001 From: Ignatious Johnson Christopher Date: Wed, 19 Oct 2016 12:42:18 -0700 Subject: [PATCH] Making certfile/keyfile optional, so that contrail plugin can rely on CA or CA/CERT. Change-Id: I3cd9656c2665aebaf100947f473a8f01be0bbdb8 Closes-Bug: 1630513 --- .../plugins/opencontrail/contrail_plugin.py | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py b/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py index 2126473..b6f87d2 100644 --- a/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py +++ b/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py @@ -103,9 +103,15 @@ def _build_auth_details(self): kscafile=cfg.CONF.keystone_authtoken.cafile self._use_ks_certs=False - if kscertfile and kskeyfile and kscafile \ - and cfg.CONF.keystone_authtoken.auth_protocol == _DEFAULT_SECURE_SERVER_CONNECT: - certs=[kscertfile, kskeyfile, kscafile] + if cfg.CONF.keystone_authtoken.auth_protocol == _DEFAULT_SECURE_SERVER_CONNECT: + certs = [] + if kscafile: + certs.append(kscafile) + if kscertfile: + certs.append(kscertfile) + if kskeyfile: + certs.append(kskeyfile) + if certs: self._kscertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_KS_CERT_BUNDLE,certs) self._use_ks_certs=True @@ -122,8 +128,15 @@ def _build_auth_details(self): self._apiserverconnect=_DEFAULT_SERVER_CONNECT self._use_api_certs=False - if apicertfile and apikeyfile and apicafile and self._apiusessl: - certs=[apicertfile, apikeyfile, apicafile] + if self._apiusessl: + certs = [] + if apicafile: + certs.append(apicafile) + if apicertfile: + certs.append(apicertfile) + if apikeyfile: + certs.append(apikeyfile) + if certs: self._apicertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_API_CERT_BUNDLE,certs) self._use_api_certs=True