← Back to branch summary

~jimbaker/pyjuju/debug-relation-hook-context

« back to all changes in this revision

Viewing changes to juju/providers/ec2/__init__.py

https://launchpad.net/bugs/781949
[r=hazmat][f=781949] Make it so EC2 provider can check SSL cert validity

Show diffs side-by-side

added added

removed removed

Lines of Context:
juju/providers/ec2/__init__.py
5
5
 
6
6
from txaws.ec2.exception import EC2Error
7
7
from txaws.service import AWSServiceRegion
 
8
from txaws.util import parse as parse_url
 
9
from .utils import ssl
8
10
 
9
11
from juju.errors import (
10
12
    MachinesNotFound, ProviderError, ProviderInteractionError)
16
18
from .securitygroup import (
17
19
    open_provider_port, close_provider_port, get_provider_opened_ports,
18
20
    remove_security_groups, destroy_environment_security_group)
19
 
from .utils import convert_zone, get_region_uri, DEFAULT_REGION, INSTANCE_TYPES
 
21
from .utils import get_region_uri, log
 
22
from .utils import (
 
23
    convert_zone, get_region_uri, DEFAULT_REGION, INSTANCE_TYPES, log)
20
24
 
21
25
 
22
26
class MachineProvider(MachineProviderBase):
35
39
            secret_key=config.get("secret-key", ""),
36
40
            ec2_uri=ec2_uri,
37
41
            s3_uri=config.get("s3-uri", ""))
 
42
        ssl_verify = self.config.get("ssl-hostname-verification", False)
 
43
        if ssl and ssl_verify: 
 
44
            self._service.ec2_endpoint.ssl_hostname_verification = True
 
45
            self._service.s3_endpoint.ssl_hostname_verification = True
 
46
        elif ssl:
 
47
            log.warn('ssl-hostname-verification is disabled for this environment')
 
48
        else:
 
49
            log.warn('txaws.client.ssl unavailable for SSL hostname verification')
 
50
            ssl_verify = False
 
51
 
 
52
        for endpoint, endpoint_type in [(self._service.ec2_endpoint,'EC2'),
 
53
                         (self._service.s3_endpoint,'S3')]:
 
54
            if endpoint.scheme != 'https':
 
55
                log.warn('%s API calls not using secure transport' % endpoint_type)
 
56
            elif not ssl_verify:
 
57
                log.warn('%s API calls encrypted but not authenticated' % endpoint_type)
 
58
 
 
59
        if not ssl_verify:
 
60
            log.warn('Ubuntu Cloud Image lookups encrypted but not authenticated')
 
61
 
38
62
        self.s3 = self._service.get_s3_client()
39
63
        self.ec2 = self._service.get_ec2_client()
40
64