diff options
| author | Monty Taylor <mordred@inaugust.com> | 2015-06-02 15:56:17 -0500 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2015-06-03 14:52:28 -0500 |
| commit | a0df67704ace186b18fd1ecdc220a7e56409bc6f (patch) | |
| tree | 0efdea4715739d969f8d203c8325a9d6345f7b67 | |
| parent | ba0986f58ce7468bdc91380ecd1b07086fa37964 (diff) | |
| download | os-client-config-a0df67704ace186b18fd1ecdc220a7e56409bc6f.tar.gz | |
Provide a helper method to get requests ssl values1.3.0
There is a weird logic around the interaction between how the openstack
things all accept cacert and verify/insecure parameters and how requests
wants them. Rather than spreading the parameter combining logic across
the universe, put it here.
Note that this inverts the usual requests logic in that !verify will
override the presence of a cacert value and cause verification to NOT
occur. This is intended to become the normal mode of operation for
OpenStack clients.
Change-Id: I3c76d9a10e6e5d60a593ceefc87dafdc6857d9c6
| -rw-r--r-- | os_client_config/cloud_config.py | 13 | ||||
| -rw-r--r-- | os_client_config/tests/test_cloud_config.py | 29 |
2 files changed, 42 insertions, 0 deletions
diff --git a/os_client_config/cloud_config.py b/os_client_config/cloud_config.py index 347eb7c..d8ac85d 100644 --- a/os_client_config/cloud_config.py +++ b/os_client_config/cloud_config.py @@ -39,3 +39,16 @@ class CloudConfig(object): def __ne__(self, other): return not self == other + + def get_requests_verify_args(self): + """Return the verify and cert values for the requests library.""" + if self.config['verify'] and self.config['cacert']: + verify = self.config['cacert'] + else: + verify = self.config['verify'] + + cert = self.config.get('cert', None) + if cert: + if self.config['key']: + cert = (cert, self.config['key']) + return (verify, cert) diff --git a/os_client_config/tests/test_cloud_config.py b/os_client_config/tests/test_cloud_config.py index 1f79b3e..729bc99 100644 --- a/os_client_config/tests/test_cloud_config.py +++ b/os_client_config/tests/test_cloud_config.py @@ -10,6 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. +import copy from os_client_config import cloud_config from os_client_config.tests import base @@ -59,3 +60,31 @@ class TestCloudConfig(base.TestCase): cc2 = cloud_config.CloudConfig("test1", "region-al", {}) self.assertNotEqual(cc1, cc2) + + def test_verify(self): + config_dict = copy.deepcopy(fake_config_dict) + config_dict['cacert'] = None + + config_dict['verify'] = False + cc = cloud_config.CloudConfig("test1", "region-xx", config_dict) + (verify, cacert) = cc.get_requests_verify_args() + self.assertFalse(verify) + + config_dict['verify'] = True + cc = cloud_config.CloudConfig("test1", "region-xx", config_dict) + (verify, cacert) = cc.get_requests_verify_args() + self.assertTrue(verify) + + def test_verify_cacert(self): + config_dict = copy.deepcopy(fake_config_dict) + config_dict['cacert'] = "certfile" + + config_dict['verify'] = False + cc = cloud_config.CloudConfig("test1", "region-xx", config_dict) + (verify, cacert) = cc.get_requests_verify_args() + self.assertFalse(verify) + + config_dict['verify'] = True + cc = cloud_config.CloudConfig("test1", "region-xx", config_dict) + (verify, cacert) = cc.get_requests_verify_args() + self.assertEqual("certfile", verify) |