diff options
author | Srinivas Sakhamuri <srinivas.sakhamuri@hp.com> | 2015-01-13 18:38:26 +0000 |
---|---|---|
committer | Srinivas Sakhamuri <srinivas.sakhamuri@hp.com> | 2015-01-15 18:22:02 +0000 |
commit | 4d3651dd898cba1c79cf31476ed7c9b181369b2c (patch) | |
tree | 22e370da82eac3b48a36c2a48f31bdfc29c02d3f | |
parent | 4333e925dab68be4f9e8a7e17d8717d05f90c932 (diff) | |
download | python-ceilometerclient-4d3651dd898cba1c79cf31476ed7c9b181369b2c.tar.gz |
Fix improper parameter setup for cacert and client certs
The client passes cacert incorrectly, CA cert need to be passed
in verify parameter to requests library. Also at present, key file
is not being used, which if it is supplied need to be passed as a
tuple in cert parameter
Python requests library relevant doc link
http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
Change-Id: Ie71e760bce6a78ed1444373adfa0a133e82ec434
Closes-Bug: 1408372
-rw-r--r-- | ceilometerclient/client.py | 26 | ||||
-rw-r--r-- | ceilometerclient/shell.py | 2 | ||||
-rw-r--r-- | ceilometerclient/tests/test_client.py | 18 | ||||
-rw-r--r-- | ceilometerclient/v1/client.py | 2 | ||||
-rw-r--r-- | ceilometerclient/v2/client.py | 18 |
5 files changed, 46 insertions, 20 deletions
diff --git a/ceilometerclient/client.py b/ceilometerclient/client.py index feacf7c..5fe8a28 100644 --- a/ceilometerclient/client.py +++ b/ceilometerclient/client.py @@ -222,6 +222,28 @@ def Client(version, *args, **kwargs): return client_class(*args, **kwargs) +def _adjust_params(kwargs): + timeout = kwargs.get('timeout') + if timeout is not None: + timeout = int(timeout) + if timeout <= 0: + timeout = None + + insecure = strutils.bool_from_string(kwargs.get('insecure')) + verify = kwargs.get('verify') + if verify is None: + if insecure: + verify = False + else: + verify = kwargs.get('cacert') or True + + cert = kwargs.get('cert_file') + key = kwargs.get('key_file') + if cert and key: + cert = cert, key + return {'verify': verify, 'cert': cert, 'timeout': timeout} + + def get_client(version, **kwargs): """Get an authenticated client, based on the credentials in the keyword args. @@ -274,6 +296,8 @@ def get_client(version, **kwargs): } cli_kwargs.update(kwargs) + cli_kwargs.update(_adjust_params(cli_kwargs)) + return Client(version, endpoint, **cli_kwargs) @@ -283,7 +307,7 @@ def get_auth_plugin(endpoint, **kwargs): service_type=kwargs.get('service_type'), token=kwargs.get('token'), endpoint_type=kwargs.get('endpoint_type'), - cacert=kwargs.get('ca_file'), + cacert=kwargs.get('cacert'), tenant_id=kwargs.get('project_id') or kwargs.get('tenant_id'), endpoint=endpoint, username=kwargs.get('username'), diff --git a/ceilometerclient/shell.py b/ceilometerclient/shell.py index 221eca9..8057933 100644 --- a/ceilometerclient/shell.py +++ b/ceilometerclient/shell.py @@ -240,7 +240,7 @@ class CeilometerShell(object): client_kwargs = vars(args) client_kwargs.update(self.auth_plugin.opts) client_kwargs['auth_plugin'] = self.auth_plugin - client = ceiloclient.Client(api_version, **client_kwargs) + client = ceiloclient.get_client(api_version, **client_kwargs) # call whatever callback was selected try: args.func(client, args) diff --git a/ceilometerclient/tests/test_client.py b/ceilometerclient/tests/test_client.py index a998d93..bfcf43a 100644 --- a/ceilometerclient/tests/test_client.py +++ b/ceilometerclient/tests/test_client.py @@ -40,7 +40,7 @@ class ClientTest(utils.BaseTestCase): env = dict((k, v) for k, v in env.items() if k not in exclude) - return client.Client(api_version, endpoint, **env) + return client.get_client(api_version, **env) def setUp(self): super(ClientTest, self).setUp() @@ -79,7 +79,7 @@ class ClientTest(utils.BaseTestCase): del env['auth_plugin'] expected = { 'username': 'username', - 'endpoint': None, + 'endpoint': 'http://no.where', 'tenant_name': 'tenant_name', 'service_type': None, 'token': '1234', @@ -135,3 +135,17 @@ class ClientTest(utils.BaseTestCase): def test_v2_client_timeout_valid_value(self): self._test_v2_client_timeout_integer(30, 30) + + def test_v2_client_cacert_in_verify(self): + env = FAKE_ENV.copy() + env['cacert'] = '/path/to/cacert' + client = self.create_client(env) + self.assertEqual('/path/to/cacert', client.client.verify) + + def test_v2_client_certfile_and_keyfile(self): + env = FAKE_ENV.copy() + env['cert_file'] = '/path/to/cert' + env['key_file'] = '/path/to/keycert' + client = self.create_client(env) + self.assertEqual(('/path/to/cert', '/path/to/keycert'), + client.client.cert) diff --git a/ceilometerclient/v1/client.py b/ceilometerclient/v1/client.py index e8827e2..4f531bf 100644 --- a/ceilometerclient/v1/client.py +++ b/ceilometerclient/v1/client.py @@ -39,7 +39,7 @@ class Client(object): endpoint_type=kwargs.get('endpoint_type'), original_ip=kwargs.get('original_ip'), verify=kwargs.get('verify'), - cert=kwargs.get('cacert'), + cert=kwargs.get('cert'), timeout=kwargs.get('timeout'), timings=kwargs.get('timings'), keyring_saver=kwargs.get('keyring_saver'), diff --git a/ceilometerclient/v2/client.py b/ceilometerclient/v2/client.py index d0cf7ff..19f847d 100644 --- a/ceilometerclient/v2/client.py +++ b/ceilometerclient/v2/client.py @@ -15,8 +15,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo.utils import strutils - from ceilometerclient import client as ceiloclient from ceilometerclient.openstack.common.apiclient import client from ceilometerclient.v2 import alarms @@ -48,24 +46,14 @@ class Client(object): """Initialize a new client for the Ceilometer v2 API.""" self.auth_plugin = kwargs.get('auth_plugin') \ or ceiloclient.get_auth_plugin(*args, **kwargs) - - timeout = kwargs.get('timeout') - if timeout is not None: - timeout = int(timeout) - if timeout <= 0: - timeout = None - - insecure = strutils.bool_from_string(kwargs.get('insecure')) - verify = kwargs.get('verify', not insecure) - self.client = client.HTTPClient( auth_plugin=self.auth_plugin, region_name=kwargs.get('region_name'), endpoint_type=kwargs.get('endpoint_type'), original_ip=kwargs.get('original_ip'), - verify=verify, - cert=kwargs.get('cacert'), - timeout=timeout, + verify=kwargs.get('verify'), + cert=kwargs.get('cert'), + timeout=kwargs.get('timeout'), timings=kwargs.get('timings'), keyring_saver=kwargs.get('keyring_saver'), debug=kwargs.get('debug'), |