Support client certificate/key

This change enables to specify a client certificate/key with: * usual CLI options (--os-cert/--os-key) * usual environment variables ($OS_CERT/$OS_KEY) Closes-Bug: #1565112 Change-Id: I12e151adcb6084d801c6dfed21d82232a3259aea
author: Cedric Brandily <zzelle@gmail.com> 2016-04-10 23:18:17 +0200
committer: Cedric Brandily <zzelle@gmail.com> 2016-04-10 23:20:49 +0200
commit: 450f505c35f8762cca29d56b6e928490288ec166 (patch)
tree: 367b0d9a84f991053395d77ce965e9367e0136d5 /tests
parent: 015903e383a27318918ee7827574ecb120110ae2 (diff)
download: python-swiftclient-450f505c35f8762cca29d56b6e928490288ec166.tar.gz
3 files changed, 46 insertions, 3 deletions
diff --git a/tests/unit/test_shell.py b/tests/unit/test_shell.py
index 236f1ef..82a5590 100644
--- a/tests/unit/test_shell.py
+++ b/tests/unit/test_shell.py
@@ -1781,7 +1781,9 @@ class TestKeystoneOptions(MockHttpTest):
                    'project-id': 'projectid',
                    'project-domain-id': 'projectdomainid',
                    'project-domain-name': 'projectdomain',
-                   'cacert': 'foo'}
+                   'cacert': 'foo',
+                   'cert': 'minnie',
+                   'key': 'mickey'}
     catalog_opts = {'service-type': 'my-object-store',
                     'endpoint-type': 'public',
                     'region-name': 'my-region'}
diff --git a/tests/unit/test_swiftclient.py b/tests/unit/test_swiftclient.py
index f3bee3b..5df54b1 100644
--- a/tests/unit/test_swiftclient.py
+++ b/tests/unit/test_swiftclient.py
@@ -512,6 +512,32 @@ class TestGetAuth(MockHttpTest):
                           os_options=os_options, auth_version='2.0',
                           insecure=False)
 
+    def test_auth_v2_cert(self):
+        os_options = {'tenant_name': 'foo'}
+        c.get_auth_keystone = fake_get_auth_keystone(os_options, None)
+
+        auth_url_no_sslauth = 'https://www.tests.com'
+        auth_url_sslauth = 'https://www.tests.com/client-certificate'
+
+        url, token = c.get_auth(auth_url_no_sslauth, 'asdf', 'asdf',
+                                os_options=os_options, auth_version='2.0')
+        self.assertTrue(url.startswith("http"))
+        self.assertTrue(token)
+
+        url, token = c.get_auth(auth_url_sslauth, 'asdf', 'asdf',
+                                os_options=os_options, auth_version='2.0',
+                                cert='minnie', cert_key='mickey')
+        self.assertTrue(url.startswith("http"))
+        self.assertTrue(token)
+
+        self.assertRaises(c.ClientException, c.get_auth,
+                          auth_url_sslauth, 'asdf', 'asdf',
+                          os_options=os_options, auth_version='2.0')
+        self.assertRaises(c.ClientException, c.get_auth,
+                          auth_url_sslauth, 'asdf', 'asdf',
+                          os_options=os_options, auth_version='2.0',
+                          cert='minnie')
+
     def test_auth_v3_with_tenant_name(self):
         # check the correct auth version is passed to get_auth_keystone
         os_options = {'tenant_name': 'asdf'}
@@ -1511,6 +1537,15 @@ class TestHTTPConnection(MockHttpTest):
         conn = c.http_connection(u'http://www.test.com/', insecure=True)
         self.assertEqual(conn[1].requests_args['verify'], False)
 
+    def test_cert(self):
+        conn = c.http_connection(u'http://www.test.com/', cert='minnie')
+        self.assertEqual(conn[1].requests_args['cert'], 'minnie')
+
+    def test_cert_key(self):
+        conn = c.http_connection(
+            u'http://www.test.com/', cert='minnie', cert_key='mickey')
+        self.assertEqual(conn[1].requests_args['cert'], ('minnie', 'mickey'))
+
     def test_response_connection_released(self):
         _parsed_url, conn = c.http_connection(u'http://www.test.com/')
         conn.resp = MockHttpResponse()
@@ -2018,8 +2053,8 @@ class TestConnection(MockHttpTest):
                 return ''
 
         def local_http_connection(url, proxy=None, cacert=None,
-                                  insecure=False, ssl_compression=True,
-                                  timeout=None):
+                                  insecure=False, cert=None, cert_key=None,
+                                  ssl_compression=True, timeout=None):
             parsed = urlparse(url)
             return parsed, LocalConnection()
 
diff --git a/tests/unit/utils.py b/tests/unit/utils.py
index 3b043bc..d04583f 100644
--- a/tests/unit/utils.py
+++ b/tests/unit/utils.py
@@ -57,6 +57,11 @@ def fake_get_auth_keystone(expected_os_options=None, exc=None,
            actual_kwargs['cacert'] is None:
             from swiftclient import client as c
             raise c.ClientException("unverified-certificate")
+        if auth_url.startswith("https") and \
+           auth_url.endswith("client-certificate") and \
+           not (actual_kwargs['cert'] and actual_kwargs['cert_key']):
+            from swiftclient import client as c
+            raise c.ClientException("noclient-certificate")
 
         return storage_url, token
     return fake_get_auth_keystone
@@ -215,6 +220,7 @@ class MockHttpTest(unittest.TestCase):
             on_request = kwargs.get('on_request')
 
             def wrapper(url, proxy=None, cacert=None, insecure=False,
+                        cert=None, cert_key=None,
                         ssl_compression=True, timeout=None):
                 if storage_url:
                     self.assertEqual(storage_url, url)
author	Cedric Brandily <zzelle@gmail.com>	2016-04-10 23:18:17 +0200
committer	Cedric Brandily <zzelle@gmail.com>	2016-04-10 23:20:49 +0200
commit	450f505c35f8762cca29d56b6e928490288ec166 (patch)
tree	367b0d9a84f991053395d77ce965e9367e0136d5 /tests
parent	015903e383a27318918ee7827574ecb120110ae2 (diff)
download	python-swiftclient-450f505c35f8762cca29d56b6e928490288ec166.tar.gz