diff options
author | Jenkins <jenkins@review.openstack.org> | 2012-12-09 09:19:33 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2012-12-09 09:19:33 +0000 |
commit | 7df9cadbf006624192c48b81d1c9f1b4ed679a37 (patch) | |
tree | af66ec66d06968c8ad27d5ae4dbabe2b81b8d240 | |
parent | 1662cbd0a34ac9b42627c2007a2a874250d3de2c (diff) | |
parent | 6a4dc039ffece61ee8148f5263b22f65d1a6e729 (diff) | |
download | python-swiftclient-7df9cadbf006624192c48b81d1c9f1b4ed679a37.tar.gz |
Merge "Add --insecure option to fix bug #1077869"
-rwxr-xr-x | bin/swift | 8 | ||||
-rw-r--r-- | swiftclient/client.py | 19 | ||||
-rw-r--r-- | tests/test_swiftclient.py | 29 | ||||
-rw-r--r-- | tests/utils.py | 11 |
4 files changed, 59 insertions, 8 deletions
@@ -41,7 +41,8 @@ def get_conn(options): options.key, auth_version=options.auth_version, os_options=options.os_options, - snet=options.snet) + snet=options.snet, + insecure=options.insecure) def mkdirs(path): @@ -1143,6 +1144,11 @@ Example: default=environ.get('OS_ENDPOINT_TYPE'), help='Openstack Endpoint type. ' \ 'Defaults to env[OS_ENDPOINT_TYPE]') + parser.add_option('--insecure', + action="store_true", dest="insecure", default=False, + help='Allow swiftclient to access insecure keystone ' + 'server. The keystone\'s certificate will not ' + 'be verified.') parser.disable_interspersed_args() (options, args) = parse_args(parser, argv[1:], enforce_requires=False) parser.enable_interspersed_args() diff --git a/swiftclient/client.py b/swiftclient/client.py index 2003e94..b2a6510 100644 --- a/swiftclient/client.py +++ b/swiftclient/client.py @@ -232,12 +232,15 @@ def get_auth_1_0(url, user, key, snet): resp.getheader('x-auth-token')) -def get_keystoneclient_2_0(auth_url, user, key, os_options): +def get_keystoneclient_2_0(auth_url, user, key, os_options, **kwargs): """ Authenticate against a auth 2.0 server. We are using the keystoneclient library for our 2.0 authentication. """ + + insecure = kwargs.get('insecure', False) + from keystoneclient.v2_0 import client as ksclient from keystoneclient import exceptions try: @@ -245,7 +248,7 @@ def get_keystoneclient_2_0(auth_url, user, key, os_options): password=key, tenant_name=os_options.get('tenant_name'), tenant_id=os_options.get('tenant_id'), - auth_url=auth_url) + auth_url=auth_url, insecure=insecure) except exceptions.Unauthorized: raise ClientException('Unauthorised. Check username, password' ' and tenant name/id') @@ -308,8 +311,10 @@ def get_auth(auth_url, user, key, **kwargs): if (not 'tenant_name' in os_options): raise ClientException('No tenant specified') + insecure = kwargs.get('insecure', False) (auth_url, token) = get_keystoneclient_2_0(auth_url, user, - key, os_options) + key, os_options, + insecure=insecure) return (auth_url, token) raise ClientException('Unknown auth_version %s specified.' @@ -927,7 +932,7 @@ class Connection(object): def __init__(self, authurl=None, user=None, key=None, retries=5, preauthurl=None, preauthtoken=None, snet=False, starting_backoff=1, tenant_name=None, os_options=None, - auth_version="1"): + auth_version="1", insecure=False): """ :param authurl: authentication URL :param user: user name to authenticate as @@ -944,6 +949,8 @@ class Connection(object): :param os_options: The OpenStack options which can have tenant_id, auth_token, service_type, endpoint_type, tenant_name, object_storage_url, region_name + :param insecure: Allow to access insecure keystone server. + The keystone's certificate will not be verified. """ self.authurl = authurl self.user = user @@ -959,6 +966,7 @@ class Connection(object): self.os_options = os_options or {} if tenant_name: self.os_options['tenant_name'] = tenant_name + self.insecure = insecure def get_auth(self): return get_auth(self.authurl, @@ -966,7 +974,8 @@ class Connection(object): self.key, snet=self.snet, auth_version=self.auth_version, - os_options=self.os_options) + os_options=self.os_options, + insecure=self.insecure) def http_connection(self): return http_connection(self.url) diff --git a/tests/test_swiftclient.py b/tests/test_swiftclient.py index 8e42fc9..d5a3caa 100644 --- a/tests/test_swiftclient.py +++ b/tests/test_swiftclient.py @@ -265,6 +265,35 @@ class TestGetAuth(MockHttpTest): os_options={}, auth_version='2.0') + def test_auth_v2_insecure(self): + os_options = {'tenant_name': 'foo'} + c.get_keystoneclient_2_0 = fake_get_keystoneclient_2_0( + os_options, + None) + + auth_url_secure = 'https://www.tests.com' + auth_url_insecure = 'https://www.tests.com/invalid-certificate' + + url, token = c.get_auth(auth_url_secure, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0') + self.assertTrue(url.startswith("http")) + self.assertTrue(token) + + url, token = c.get_auth(auth_url_insecure, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0', + insecure=True) + self.assertTrue(url.startswith("http")) + self.assertTrue(token) + + self.assertRaises(c.ClientException, c.get_auth, + auth_url_insecure, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0') + self.assertRaises(c.ClientException, c.get_auth, + auth_url_insecure, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0', + insecure=False) + + class TestGetAccount(MockHttpTest): def test_no_content(self): diff --git a/tests/utils.py b/tests/utils.py index 570c2ea..88bca88 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -16,15 +16,22 @@ from httplib import HTTPException from eventlet import Timeout, sleep -def fake_get_keystoneclient_2_0(os_options, exc=None): +def fake_get_keystoneclient_2_0(os_options, exc=None, **kwargs): def fake_get_keystoneclient_2_0(auth_url, user, key, - actual_os_options): + actual_os_options, **actual_kwargs): if exc: raise exc('test') if actual_os_options != os_options: return "", None + + if auth_url.startswith("https") and \ + auth_url.endswith("invalid-certificate") and \ + not actual_kwargs['insecure']: + from swiftclient import client as c + raise c.ClientException("invalid-certificate") + return ("http://url/", "token") return fake_get_keystoneclient_2_0 |