diff --git a/README.rst b/README.rst index 39ad69d..c7ed0a1 100644 --- a/README.rst +++ b/README.rst @@ -35,6 +35,7 @@ Usage usage: flame [-h] [--username USERNAME] [--password PASSWORD] [--project PROJECT] [--region REGION] [--auth_url AUTH_URL] [--os-auth-token OS_AUTH_TOKEN] [--insecure] + [--os-cert ] [--os-key ] [--endpoint_type ENDPOINT_TYPE] [--exclude-servers] [--exclude-volumes] [--exclude-keypairs] [--generate-stack-data] [--extract-ports] @@ -51,6 +52,12 @@ Usage --auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL]. --os-auth-token OS_AUTH_TOKEN User's auth token. Defaults to env[OS_AUTH_TOKEN]. + --os-cert + Path to user's certificate needed to establish + two-way SSL connection with the identity service. + Defaults to env[OS_CERT]. + --os-key Path to the user's certificate private key. + Defaults to env[OS_KEY]. --insecure Explicitly allow clients to perform"insecure" SSL (https) requests. The server's certificate will not be verified against any certificate authorities. This @@ -76,6 +83,12 @@ To use Flame you can provide yours OpenStack credentials as arguments : Or you can source your OpenStack RC file and use Flame without arguments. +To establish a two-way SSL connection with the identity service : + + $flame --username arezmerita --os-auth-token keystonetoken \ + --project project-arezmerita --auth_url http://:5000/v2.0 + --os-cert --os-key + Flame can be used with either a login and password pair or a keystone token by exporting the OS_AUTH_TOKEN variable (the token is obtained with keystone token-get). diff --git a/doc/source/usage.rst b/doc/source/usage.rst index 0cab5a8..15f480d 100644 --- a/doc/source/usage.rst +++ b/doc/source/usage.rst @@ -11,6 +11,7 @@ To use the CLI of flame:: usage: flame [-h] [--username USERNAME] [--password PASSWORD] [--project PROJECT] [--region REGION] [--auth_url AUTH_URL] [--os-auth-token OS_AUTH_TOKEN] [--insecure] + [--os-cert ] [--os-key ] [--endpoint_type ENDPOINT_TYPE] [--exclude-servers] [--exclude-volumes] [--exclude-keypairs] [--generate-stack-data] [--extract-ports] @@ -27,6 +28,12 @@ To use the CLI of flame:: --auth_url AUTH_URL Authentication URL. Defaults to env[OS_AUTH_URL]. --os-auth-token OS_AUTH_TOKEN User's auth token. Defaults to env[OS_AUTH_TOKEN]. + --os-cert + Path to user's certificate needed to establish + two-way SSL connection with the identity service. + Defaults to env[OS_CERT]. + --os-key Path to the user's certificate private key. + Defaults to env[OS_KEY]. --insecure Explicitly allow clients to perform"insecure" SSL (https) requests. The server's certificate will not be verified against any certificate authorities. This @@ -55,6 +62,12 @@ Or a token and a tenant:: $ flame --username arezmerita --os-auth-token keystonetoken \ --project project-arezmerita --auth_url https://example.com/v2.0/ +To establish a two-way SSL connection with the identity service :: + + $flame --username arezmerita --os-auth-token keystonetoken \ + --project project-arezmerita --auth_url https://example.com/v2.0/ + --os-cert --os-key + Or you can source your OpenStack RC file and use Flame without arguments:: $ source credential.rc diff --git a/flameclient/cmd.py b/flameclient/cmd.py index 5cd5990..fde8276 100644 --- a/flameclient/cmd.py +++ b/flameclient/cmd.py @@ -67,6 +67,14 @@ def main(args=None): default=os.environ.get("OS_ENDPOINT_TYPE", "publicURL"), help="Defaults to env[OS_ENDPOINT_TYPE] or publicURL") + parser.add_argument("--os-cert", type=str, metavar='', + default=os.environ.get("OS_CERT"), + help="User's certificate. " + "Defaults to env[OS_CERT].") + parser.add_argument("--os-key", type=str, metavar='', + default=os.environ.get("OS_KEY"), + help="User's key. " + "Defaults to env[OS_KEY].") parser.add_argument('--exclude-servers', action='store_true', default=False, help="Do not export in template server resources") @@ -88,6 +96,7 @@ def main(args=None): flame = client.Client(args.username, args.password, args.project, args.auth_url, args.os_auth_token, + cert=args.os_cert, key=args.os_key, region_name=args.region, endpoint_type=args.endpoint_type, insecure=args.insecure) diff --git a/flameclient/flame.py b/flameclient/flame.py index 9cf891c..49cd611 100644 --- a/flameclient/flame.py +++ b/flameclient/flame.py @@ -107,13 +107,14 @@ class Resource(object): class TemplateGenerator(object): def __init__(self, username, password, tenant_name, auth_url, - auth_token=None, insecure=False, endpoint_type='publicURL', - region_name=None): + auth_token=None, cert=None, key=None, insecure=False, + endpoint_type='publicURL', region_name=None): self.thread_pool = concurrent.futures.ThreadPoolExecutor(10) self.generate_data = False self._setup_templates() - self._setup_managers(username, password, tenant_name, auth_url, - insecure, endpoint_type, region_name, auth_token) + self._setup_managers(username, password, tenant_name, auth_url, cert, + key, insecure, endpoint_type, region_name, + auth_token) def _setup_templates(self): self.template = yaml.load(template_skeleton) @@ -124,12 +125,12 @@ class TemplateGenerator(object): self.stack_data['resources'] = {} def _setup_managers(self, username, password, tenant_name, auth_url, - insecure, endpoint_type, region_name=None, - auth_token=None): + insecure, endpoint_type, cert=None, key=None, + region_name=None, auth_token=None): self.keystone = managers.KeystoneManager( username, password, tenant_name, - auth_url, insecure, + auth_url, cert, key, insecure, endpoint_type, region_name=region_name, auth_token=auth_token diff --git a/flameclient/managers.py b/flameclient/managers.py index ab04ae4..c17a479 100644 --- a/flameclient/managers.py +++ b/flameclient/managers.py @@ -33,11 +33,14 @@ class KeystoneManager(object): _client = None def __init__(self, username, password, project, auth_url, insecure, - endpoint_type='publicURL', region_name=None, auth_token=None): + endpoint_type='publicURL', cert=None, key=None, + region_name=None, auth_token=None): self.username = username self.password = password self.project = project self.auth_url = auth_url + self.cert = cert + self.key = key self.insecure = insecure self.region_name = region_name self.endpoint_type = endpoint_type @@ -54,6 +57,8 @@ class KeystoneManager(object): password=self.password, tenant_name=self.project, auth_url=self.auth_url, + cert=self.cert, + key=self.key, region_name=self.region_name, insecure=self.insecure, endpoint_type=self.endpoint_type,