[openstack-dev] [containers][magnum] Make certs insecure in magnum drivers

Kevin Lefevre lefevre.kevin at gmail.com
Fri Feb 10 10:05:42 UTC 2017


This change (https://review.openstack.org/#/c/383493/) makes certificates request to magnum_api insecure since is a common use case.

In swarm drivers, the make-cert.py script is in python whereas in K8s for CoreOS and Atomic, it is a shell script.

I wanted to make the change (https://review.openstack.org/#/c/430755/) but it gets flagged by bandit because of python requests pacakage insecure TLS.

I know that we should supports Custom CA in the futur but if right now (and according to the previous merged change) insecure request are by default, what should we do ?

Do we disable bandit for the the swarm drivers ? Or do you use the same scripts (and keep it as simple as possible) for all the drivers, possibly without python as it is not included in CoreOS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170210/47e405b0/attachment.pgp>

More information about the OpenStack-dev mailing list