diff options
author | Sascha Peilicke <saschpe@suse.de> | 2012-07-09 17:07:41 +0200 |
---|---|---|
committer | Sascha Peilicke <saschpe@suse.de> | 2012-07-20 10:22:03 +0200 |
commit | dec8f77c9233f195999b8db9adbd4f026834fd42 (patch) | |
tree | c8781c661b86f4eb67b9f562e8285819abb7ce4c | |
parent | e77234bd3e9f49de509bd1ff776966e58be79904 (diff) | |
download | python-keystoneclient-dec8f77c9233f195999b8db9adbd4f026834fd42.tar.gz |
Add '--insecure' commandline argument0.1.2
Allows to ignore validation errors that typically occur with self-signed
SSL certificates. Making this explicit is important as one would
typically only use this in development or in-house deployments.
This should also fix bug 1012591.
Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557
-rw-r--r-- | keystoneclient/client.py | 3 | ||||
-rw-r--r-- | keystoneclient/shell.py | 15 |
2 files changed, 15 insertions, 3 deletions
diff --git a/keystoneclient/client.py b/keystoneclient/client.py index b53d7cf..4766551 100644 --- a/keystoneclient/client.py +++ b/keystoneclient/client.py @@ -39,7 +39,7 @@ class HTTPClient(httplib2.Http): def __init__(self, username=None, tenant_id=None, tenant_name=None, password=None, auth_url=None, region_name=None, timeout=None, endpoint=None, token=None, cacert=None, key=None, - cert=None): + cert=None, insecure=False): super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert) if cert: if key: @@ -59,6 +59,7 @@ class HTTPClient(httplib2.Http): # httplib2 overrides self.force_exception_to_status_code = True + self.disable_ssl_certificate_validation = insecure def authenticate(self): """ Authenticate against the keystone API. diff --git a/keystoneclient/shell.py b/keystoneclient/shell.py index ef789f0..8990863 100644 --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -140,6 +140,15 @@ class OpenStackIdentityShell(object): default=env('OS_KEY'), help='Defaults to env[OS_KEY]') + parser.add_argument('--insecure', + default=False, + action="store_true", + help="Explicitly allow keystoneclient to perform " + "\"insecure\" SSL (https) requests. The " + "server's certificate will not be verified " + "against any certificate authorities. This " + "option should be used with caution.") + # FIXME(dtroyer): The args below are here for diablo compatibility, # remove them in folsum cycle @@ -308,7 +317,8 @@ class OpenStackIdentityShell(object): self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url, cacert=args.os_cacert, key=args.os_key, - cert=args.os_cert) + cert=args.os_cert, + insecure=args.insecure) else: token = None endpoint = None @@ -327,7 +337,8 @@ class OpenStackIdentityShell(object): region_name=args.os_region_name, cacert=args.os_cacert, key=args.os_key, - cert=args.os_cert) + cert=args.os_cert, + insecure=args.insecure) try: args.func(self.cs, args) |