From 5670a3838dfc67797c85612194f02be7ba86b5e4 Mon Sep 17 00:00:00 2001 From: Timur Nurlygayanov Date: Mon, 24 Aug 2015 11:32:04 +0300 Subject: [PATCH] Fixed issue with cacert parameter We need to use parameter cacert instead of ca_file parameter to work with CA certificates like python clients for other OpenStack services. Also fixed typo (after copy paste from Glance code). (cherry picked from commit 1141dd59aff141bee6618806a4496b57c214c7c1) Change-Id: Ibe36390aab2f2edb0fe7670f76f61caeb350d34b Closes-Bug: #1487099 --- muranoclient/common/http.py | 6 +++--- muranoclient/shell.py | 11 ++++++----- muranoclient/tests/test_common_http.py | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/muranoclient/common/http.py b/muranoclient/common/http.py index b2dc4ee5..b587786f 100644 --- a/muranoclient/common/http.py +++ b/muranoclient/common/http.py @@ -66,7 +66,7 @@ class HTTPClient(object): self.timeout = kwargs.get('timeout') self.ssl_connection_params = { - 'ca_file': kwargs.get('ca_file'), + 'cacert': kwargs.get('cacert'), 'cert_file': kwargs.get('cert_file'), 'key_file': kwargs.get('key_file'), 'insecure': kwargs.get('insecure'), @@ -77,7 +77,7 @@ class HTTPClient(object): if kwargs.get('insecure'): self.verify_cert = False else: - self.verify_cert = kwargs.get('ca_file', get_system_ca_file()) + self.verify_cert = kwargs.get('cacert', get_system_ca_file()) def log_curl_request(self, method, url, kwargs): curl = ['curl -i -X %s' % method] @@ -90,7 +90,7 @@ class HTTPClient(object): conn_params_fmt = [ ('key_file', '--key %s'), ('cert_file', '--cert %s'), - ('ca_file', '--cacert %s'), + ('cacert', '--cacert %s'), ] for (key, fmt) in conn_params_fmt: value = self.ssl_connection_params.get(key) diff --git a/muranoclient/shell.py b/muranoclient/shell.py index 8a0574b5..326993f4 100644 --- a/muranoclient/shell.py +++ b/muranoclient/shell.py @@ -30,6 +30,7 @@ import six from muranoclient import client as apiclient from muranoclient.common import utils from muranoclient.openstack.common.apiclient import exceptions as exc +from muranoclient.openstack.common.gettextutils import _ logger = logging.getLogger(__name__) @@ -73,6 +74,7 @@ class MuranoShell(object): parser.add_argument('--os-cacert', metavar='', default=utils.env('OS_CACERT', default=None), + dest='os_cacert', help='Specify a CA bundle file to use in ' 'verifying a TLS (https) server certificate. ' 'Defaults to env[OS_CACERT]') @@ -88,10 +90,9 @@ class MuranoShell(object): 'key is prepended to your cert file.') parser.add_argument('--ca-file', - help='Path of CA SSL certificate(s) used to verify' - ' the remote server certificate. Without ' - 'this option glance looks for the default ' - 'system CA certificates.') + dest='os_cacert', + help=_('DEPRECATED! Use %(arg)s.') % + {'arg': '--os-cacert'}) parser.add_argument('--api-timeout', help='Number of seconds to wait for an ' @@ -338,7 +339,7 @@ class MuranoShell(object): kwargs = { 'token': token, 'insecure': args.insecure, - 'ca_file': args.ca_file, + 'cacert': args.os_cacert, 'cert_file': args.cert_file, 'key_file': args.key_file, 'username': args.os_username, diff --git a/muranoclient/tests/test_common_http.py b/muranoclient/tests/test_common_http.py index a9a857ab..f8161143 100644 --- a/muranoclient/tests/test_common_http.py +++ b/muranoclient/tests/test_common_http.py @@ -442,7 +442,7 @@ class HttpClientTest(testtools.TestCase): self.assertFalse(client.verify_cert) def test_passed_cert_to_verify_cert(self, mock_request): - client = http.HTTPClient('https://foo', ca_file="NOWHERE") + client = http.HTTPClient('https://foo', cacert="NOWHERE") self.assertEqual("NOWHERE", client.verify_cert) with mock.patch('muranoclient.common.http.get_system_ca_file') as gsf: