Add support for processing insecure

python-openstackclient uses this on the command line - and has to go
through a bunch of shenanigans to get it processed correct. Just do it
ourselves from the get-go so that we can just remove the stress from
osc.

Change-Id: I25ce459eb38ec246260e1792035f26d46729c920
This commit is contained in:
Monty Taylor 2018-07-07 09:34:07 -04:00
parent 66f3d14437
commit cf47f3f7c0
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
2 changed files with 19 additions and 4 deletions

View File

@ -174,11 +174,16 @@ class CloudRegion(object):
def get_requests_verify_args(self):
"""Return the verify and cert values for the requests library."""
if self.config.get('verify') and self.config.get('cacert'):
verify = self.config.get('cacert')
insecure = self.config.get('insecure', False)
verify = self.config.get('verify', True)
cacert = self.config.get('cacert')
# Insecure is the most aggressive setting, so it wins
if insecure:
verify = False
if verify and cacert:
verify = cacert
else:
verify = self.config.get('verify')
if self.config.get('cacert'):
if cacert:
warnings.warn(
"You are specifying a cacert for the cloud {full_name}"
" but also to ignore the host verification. The host SSL"

View File

@ -99,6 +99,11 @@ class TestCloudRegion(base.TestCase):
(verify, cert) = cc.get_requests_verify_args()
self.assertTrue(verify)
config_dict['insecure'] = True
cc = cloud_region.CloudRegion("test1", "region-xx", config_dict)
(verify, cert) = cc.get_requests_verify_args()
self.assertFalse(verify)
def test_verify_cacert(self):
config_dict = copy.deepcopy(fake_config_dict)
config_dict['cacert'] = "certfile"
@ -113,6 +118,11 @@ class TestCloudRegion(base.TestCase):
(verify, cert) = cc.get_requests_verify_args()
self.assertEqual("certfile", verify)
config_dict['insecure'] = True
cc = cloud_region.CloudRegion("test1", "region-xx", config_dict)
(verify, cert) = cc.get_requests_verify_args()
self.assertEqual(False, verify)
def test_cert_with_key(self):
config_dict = copy.deepcopy(fake_config_dict)
config_dict['cacert'] = None