Add '--insecure' commandline argument0.1.2

Allows to ignore validation errors that typically occur with self-signed SSL certificates. Making this explicit is important as one would typically only use this in development or in-house deployments. This should also fix bug 1012591. Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557
author: Sascha Peilicke <saschpe@suse.de> 2012-07-09 17:07:41 +0200
committer: Sascha Peilicke <saschpe@suse.de> 2012-07-20 10:22:03 +0200
commit: dec8f77c9233f195999b8db9adbd4f026834fd42 (patch)
tree: c8781c661b86f4eb67b9f562e8285819abb7ce4c
parent: e77234bd3e9f49de509bd1ff776966e58be79904 (diff)
download: python-keystoneclient-dec8f77c9233f195999b8db9adbd4f026834fd42.tar.gz
2 files changed, 15 insertions, 3 deletions
diff --git a/keystoneclient/client.py b/keystoneclient/client.py
index b53d7cf..4766551 100644
--- a/keystoneclient/client.py
+++ b/keystoneclient/client.py
@@ -39,7 +39,7 @@ class HTTPClient(httplib2.Http):
     def __init__(self, username=None, tenant_id=None, tenant_name=None,
                  password=None, auth_url=None, region_name=None, timeout=None,
                  endpoint=None, token=None, cacert=None, key=None,
-                 cert=None):
+                 cert=None, insecure=False):
         super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
         if cert:
             if key:
@@ -59,6 +59,7 @@ class HTTPClient(httplib2.Http):
 
         # httplib2 overrides
         self.force_exception_to_status_code = True
+        self.disable_ssl_certificate_validation = insecure
 
     def authenticate(self):
         """ Authenticate against the keystone API.
diff --git a/keystoneclient/shell.py b/keystoneclient/shell.py
index ef789f0..8990863 100644
--- a/keystoneclient/shell.py
+++ b/keystoneclient/shell.py
@@ -140,6 +140,15 @@ class OpenStackIdentityShell(object):
                             default=env('OS_KEY'),
                             help='Defaults to env[OS_KEY]')
 
+        parser.add_argument('--insecure',
+                            default=False,
+                            action="store_true",
+                            help="Explicitly allow keystoneclient to perform "
+                                 "\"insecure\" SSL (https) requests. The "
+                                 "server's certificate will not be verified "
+                                 "against any certificate authorities. This "
+                                 "option should be used with caution.")
+
         # FIXME(dtroyer): The args below are here for diablo compatibility,
         #                 remove them in folsum cycle
 
@@ -308,7 +317,8 @@ class OpenStackIdentityShell(object):
             self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url,
                                                  cacert=args.os_cacert,
                                                  key=args.os_key,
-                                                 cert=args.os_cert)
+                                                 cert=args.os_cert,
+                                                 insecure=args.insecure)
         else:
             token = None
             endpoint = None
@@ -327,7 +337,8 @@ class OpenStackIdentityShell(object):
                 region_name=args.os_region_name,
                 cacert=args.os_cacert,
                 key=args.os_key,
-                cert=args.os_cert)
+                cert=args.os_cert,
+                insecure=args.insecure)
 
         try:
             args.func(self.cs, args)
author	Sascha Peilicke <saschpe@suse.de>	2012-07-09 17:07:41 +0200
committer	Sascha Peilicke <saschpe@suse.de>	2012-07-20 10:22:03 +0200
commit	dec8f77c9233f195999b8db9adbd4f026834fd42 (patch)
tree	c8781c661b86f4eb67b9f562e8285819abb7ce4c
parent	e77234bd3e9f49de509bd1ff776966e58be79904 (diff)
download	python-keystoneclient-dec8f77c9233f195999b8db9adbd4f026834fd42.tar.gz