Allow insecure keystone connection

Sometimes a keystone endpoint might have ssl issues, and you might get an error like "certificate verify failed". This patch extends the '-k/--insecure' arg to allow skipping ssl checks when connecting to keystone. Change-Id: Icd09aa9906cabc1f4f5ab635fb30fbcebbd37ced
2015-09-03 14:32:06 -07:00 · 2015-09-03 14:32:06 -07:00 · 1cb14d52c5
commit 1cb14d52c5
parent 4d141d885e
2 changed files with 24 additions and 7 deletions
--- a/refstack_client/refstack_client.py
+++ b/refstack_client/refstack_client.py
@ -128,7 +128,8 @@ class RefstackClient:
        try:
            args = {'auth_url': conf_file.get('identity', 'uri'),
                    'username': conf_file.get('identity', 'admin_username'),
-                    'password': conf_file.get('identity', 'admin_password')}
+                    'password': conf_file.get('identity', 'admin_password'),
+                    'insecure': self.args.insecure}

            if self.conf.has_option('identity', 'admin_tenant_id'):
                args['tenant_id'] = conf_file.get('identity',
@ -206,7 +207,7 @@ class RefstackClient:
            response = requests.post(endpoint,
                                     data=data,
                                     headers=headers,
-                                     verify=self.args.insecure)
+                                     verify=not self.args.insecure)
            self.logger.info(endpoint + " Response: " + str(response.text))
        except Exception as e:
            self.logger.info('Failed to post %s - %s ' % (endpoint, e))
@ -415,11 +416,11 @@ def parse_cli_args(args=None):
                                   '(--url http://localhost:8000).')

    network_args.add_argument('-k', '--insecure',
-                              action='store_false',
+                              action='store_true',
                              dest='insecure',
                              required=False,
                              help='Skip SSL checks while interacting '
-                                   'with RefStack API')
+                                   'with RefStack API and Keystone endpoint')

    network_args.add_argument('-i', '--sign',
                              type=str,
--- a/refstack_client/tests/unit/test_client.py
+++ b/refstack_client/tests/unit/test_client.py
@ -148,7 +148,7 @@ class TestRefstackClient(unittest.TestCase):
        cpid = client._get_cpid_from_keystone(client.conf)
        self.ks_client_builder.assert_called_with(
            username='admin', tenant_id='admin_tenant_id',
-            password='test', auth_url='0.0.0.0:35357'
+            password='test', auth_url='0.0.0.0:35357', insecure=False
        )
        self.assertEqual('test-id', cpid)

@ -166,11 +166,27 @@ class TestRefstackClient(unittest.TestCase):
        cpid = client._get_cpid_from_keystone(client.conf)
        self.ks_client_builder.assert_called_with(
            username='admin', tenant_name='admin_tenant_name',
-            password='test', auth_url='0.0.0.0:35357'
+            password='test', auth_url='0.0.0.0:35357', insecure=False
        )
-
        self.assertEqual('test-id', cpid)

+    def test_get_cpid_from_keystone_insecure(self):
+        """
+        Test getting the CPID from Keystone with the insecure arg passed in.
+        """
+        argv = self.mock_argv()
+        argv.append('--insecure')
+        args = rc.parse_cli_args(argv)
+        client = rc.RefstackClient(args)
+        client.tempest_dir = self.test_path
+        client._prep_test()
+        self.mock_keystone()
+        client._get_cpid_from_keystone(client.conf)
+        self.ks_client_builder.assert_called_with(
+            username='admin', tenant_id='admin_tenant_id',
+            password='test', auth_url='0.0.0.0:35357', insecure=True
+        )
+
    def test_get_cpid_from_keystone_no_admin_tenant(self):
        """
        Test exit under absence of information about admin tenant info.