Stop processing requests verify args

Now that openstacksdk handles insecure properly, we can get rid of the logic here that re-does things. Change-Id: I5a1abd781b12b73fa73f166d91687c2d5dd35356 Depends-On: https://review.openstack.org/580795
2018-07-07 09:44:01 -04:00 · 2018-07-07 09:44:01 -04:00 · 891ed89657
parent 5bcb012ec9
commit 891ed89657
3 changed files with 8 additions and 42 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -44,7 +44,7 @@ munch==2.1.0
 netaddr==0.7.18
 netifaces==0.10.4
 openstackdocstheme==1.18.1
-openstacksdk==0.13.0
+openstacksdk==0.15.0
 os-service-types==1.2.0
 os-testr==1.0.0
 oslo.concurrency==3.25.0
--- a/osc_lib/clientmanager.py
+++ b/osc_lib/clientmanager.py
@ -101,46 +101,12 @@ class ClientManager(object):
        # self.verify is the Requests-compatible form
        # self.cacert is the form used by the legacy client libs
        # self.insecure is not needed, use 'not self.verify'
-
-        # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
-        #                --insecure overrides any --os-cacert setting
-
-        # Set a hard default
-        self.verify = True
-        if self._cli_options.insecure:
-            # Handle --insecure
-            self.verify = False
-            self.cacert = None
-        else:
-            if (self._cli_options.cacert is not None
-                    and self._cli_options.cacert != ''):
-                # --cacert implies --verify here
-                self.verify = self._cli_options.cacert
-                self.cacert = self._cli_options.cacert
-            else:
-                # Fall through also gets --verify
-                if self._cli_options.verify is not None:
-                    self.verify = self._cli_options.verify
-                self.cacert = None
-
-        # Set up client certificate and key
-        # NOTE(cbrandily): This converts client certificate/key to requests
-        #                  cert argument: None (no client certificate), a path
-        #                  to client certificate or a tuple with client
-        #                  certificate/key paths.
-        self.cert = self._cli_options.cert
-        if self.cert and self._cli_options.key:
-            self.cert = self.cert, self._cli_options.key
-
-        # TODO(mordred) The logic above to set all of these is duplicated in
-        # os-client-config but needs more effort to tease apart and ensure that
-        # values are being passed in. For now, let osc_lib do it and just set
-        # the values in occ.config
-        self._cli_options.config['verify'] = self.verify
-        self._cli_options.config['cacert'] = self.cacert
-        # Attack of the killer passthrough values
-        self._cli_options.config['cert'] = self._cli_options.cert
-        self._cli_options.config['key'] = self._cli_options.key
+        self.cacert = None
+        self.verify, self.cert = self._cli_options.get_requests_verify_args()
+        # If there is a cacert and we're verifying, it'll be in the verify
+        # argument.
+        if not isinstance(self.verify, bool):
+            self.cacert = self.verify

        # TODO(mordred) We also don't have any support for setting or passing
        # in api_timeout, which is set in occ defaults but we skip occ defaults
--- a/requirements.txt
+++ b/requirements.txt
@ -7,7 +7,7 @@ six>=1.10.0 # MIT
 Babel!=2.4.0,>=2.3.4 # BSD
 cliff!=2.9.0,>=2.8.0 # Apache-2.0
 keystoneauth1>=3.7.0 # Apache-2.0
-openstacksdk>=0.13.0 # Apache-2.0
+openstacksdk>=0.15.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0
 oslo.utils>=3.33.0 # Apache-2.0
 simplejson>=3.5.1 # MIT