Add --os-cacert

Add support to specify a ca certificate bundle to verify keystone TLS (https) certificates. This only verifies certificates on the keystone connection, swift https connections are unchanged. Change-Id: I14351b405af4fd3d1970ba6656c1282a5d0a1082
author: Dean Troyer <dtroyer@gmail.com> 2012-12-19 09:52:54 -0600
committer: Dean Troyer <dtroyer@gmail.com> 2012-12-20 14:03:19 -0600
commit: f65f96bc59599a855f9f2b2cdfa503a8cdb1f758 (patch)
tree: 3d5ee3587c8f11bf77fe6f7ae04b7ad881029b6f /tests/test_swiftclient.py
parent: 7df9cadbf006624192c48b81d1c9f1b4ed679a37 (diff)
download: python-swiftclient-f65f96bc59599a855f9f2b2cdfa503a8cdb1f758.tar.gz
1 files changed, 29 insertions, 0 deletions
diff --git a/tests/test_swiftclient.py b/tests/test_swiftclient.py
index d5a3caa..5100a7a 100644
--- a/tests/test_swiftclient.py
+++ b/tests/test_swiftclient.py
@@ -265,6 +265,35 @@ class TestGetAuth(MockHttpTest):
                           os_options={},
                           auth_version='2.0')
 
+    def test_auth_v2_cacert(self):
+        os_options = {'tenant_name': 'foo'}
+        c.get_keystoneclient_2_0 = fake_get_keystoneclient_2_0(
+                                       os_options,
+                                       None)
+
+        auth_url_secure   = 'https://www.tests.com'
+        auth_url_insecure = 'https://www.tests.com/self-signed-certificate'
+
+        url, token = c.get_auth(auth_url_secure, 'asdf', 'asdf',
+                                os_options=os_options, auth_version='2.0',
+                                insecure=False)
+        self.assertTrue(url.startswith("http"))
+        self.assertTrue(token)
+
+        url, token = c.get_auth(auth_url_insecure, 'asdf', 'asdf',
+                                os_options=os_options, auth_version='2.0',
+                                cacert='ca.pem', insecure=False)
+        self.assertTrue(url.startswith("http"))
+        self.assertTrue(token)
+
+        self.assertRaises(c.ClientException, c.get_auth,
+                          auth_url_insecure, 'asdf', 'asdf',
+                          os_options=os_options, auth_version='2.0')
+        self.assertRaises(c.ClientException, c.get_auth,
+                          auth_url_insecure, 'asdf', 'asdf',
+                          os_options=os_options, auth_version='2.0',
+                          insecure=False)
+
     def test_auth_v2_insecure(self):
         os_options = {'tenant_name': 'foo'}
         c.get_keystoneclient_2_0 = fake_get_keystoneclient_2_0(
author	Dean Troyer <dtroyer@gmail.com>	2012-12-19 09:52:54 -0600
committer	Dean Troyer <dtroyer@gmail.com>	2012-12-20 14:03:19 -0600
commit	f65f96bc59599a855f9f2b2cdfa503a8cdb1f758 (patch)
tree	3d5ee3587c8f11bf77fe6f7ae04b7ad881029b6f /tests/test_swiftclient.py
parent	7df9cadbf006624192c48b81d1c9f1b4ed679a37 (diff)
download	python-swiftclient-f65f96bc59599a855f9f2b2cdfa503a8cdb1f758.tar.gz