Skip to content

S
slapos.core
Commit 2586f844 authored by Titouan Soulard's avatar Titouan Soulard
Browse files
Options

slapos: use Software Instance certificate/key pair for request

parent 9f79a6dd
Hide whitespace changes
Inline Side-by-side
Showing with 29 additions and 18 deletions
slapos/grid/slapgrid.py
View file @ 2586f844
......@@ -1629,7 +1629,16 @@ stderr_logfile_backups=1
# even if something is terribly wrong while processing an instance, it
# won't prevent processing other ones.
if not self.api_backward_compatibility:
computer_partition = self.slap.jio_api_connector.get(computer_partition["get_parameters"])
# Try to use partition certificate
# TODO: find a clean way to request the certificate
partition_certificate_file = os.path.join(self.certificate_repository_path, computer_partition["compute_partition_id"] + ".crt")
partition_key_file = os.path.join(self.certificate_repository_path, computer_partition["compute_partition_id"] + ".key")
if os.path.exists(partition_certificate_file) and os.path.exists(partition_key_file):
computer_partition = self.slap.jio_api_connector.get(computer_partition["get_parameters"],
cert_key=(partition_certificate_file, partition_key_file))
else:
computer_partition = self.slap.jio_api_connector.get(computer_partition["get_parameters"])
try:
# Process the partition itself
self.processComputerPartition(computer_partition)
......
slapos/slap/hateoas.py
View file @ 2586f844
......@@ -87,7 +87,7 @@ class ConnectionHelper:
cache=FileCache(os.path.expanduser("~/.slapos_cached_get")))
def do_request(self, method, path, params=None, data=None, headers=None,
expect_json_error=False):
expect_json_error=False, cert_key=None):
url = parse.urljoin(self.slapgrid_uri, path)
if headers is None:
headers = {}
......@@ -97,10 +97,8 @@ class ConnectionHelper:
# raise ValueError('method path should be relative: %s' % path)
try:
if url.startswith('https'):
cert = (self.cert_file, self.key_file)
else:
cert = None
if url.startswith('https') and cert_key is None:
cert_key = (self.cert_file, self.key_file)
# XXX TODO: handle host cert verify
......@@ -114,7 +112,7 @@ class ConnectionHelper:
req = method(url=url,
params=params,
cert=cert,
cert=cert_key,
verify=False,
data=data,
headers=headers,
......
slapos/slap/slap.py
View file @ 2586f844
......@@ -796,30 +796,34 @@ def json_loads_byteified(json_text):
)
class JioAPIConnectionHelper(ConnectionHelper):
def apiCall(self, path, data):
def apiCall(self, path, data, cert_key=None):
req = self.do_request(requests.post,
path=path,
data=json.dumps(data),
headers={'Content-type': 'application/json'},
expect_json_error=True)
expect_json_error=True,
cert_key=cert_key)
return json_loads_byteified(req.text)
def get(self, data):
def get(self, data, cert_key=None):
return self.apiCall(path="get/",
data=data)
data=data,
cert_key=cert_key)
def post(self, data):
def post(self, data, cert_key=None):
return self.apiCall(path="post/",
data=data)
data=data,
cert_key=cert_key)
def put(self, data):
def put(self, data, cert_key=None):
return self.apiCall(path="put/",
data=data)
data=data,
cert_key=cert_key)
def allDocs(self, data):
def allDocs(self, data, cert_key=None):
return self.apiCall(path="allDocs/",
data=data)
data=data,
cert_key=cert_key)
getHateoasUrl_cache = {}
getjIOAPI_cache = {}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7