Don't hide cacert when insecure == False

Currently 'insecure' wins over 'cacert' when both are provided in an os_cloud_config config during verify argument computation which means cacert is wrongly hidden when 'insecure' is provided and equals to False. This change sets verify to: * False when insecure is True * cacert when cacert is provided and insecure is False or not provided Change-Id: Iecec08fd4a80121b2e20ac65e5ba4c7ef5201935
2016-04-12 21:59:39 +02:00
parent 13244eb46f
commit 88f0889283
2 changed files with 31 additions and 3 deletions
--- a/openstack/connection.py
+++ b/openstack/connection.py
@@ -140,8 +140,9 @@ def from_config(cloud_name=None, cloud_config=None, options=None):
        auth['verify'] = auth.pop('cacert')
    if 'cacert' in cloud_config.config:
        auth['verify'] = cloud_config.config['cacert']
-    if 'insecure' in cloud_config.config:
-        auth['verify'] = not bool(cloud_config.config['insecure'])
+    insecure = cloud_config.config.get('insecure', False)
+    if insecure:
+        auth['verify'] = False

    cert = cloud_config.config.get('cert')
    if cert:
--- a/openstack/tests/unit/test_connection.py
+++ b/openstack/tests/unit/test_connection.py
@@ -25,6 +25,7 @@ CONFIG_AUTH_URL = "http://127.0.0.1:5000/v2.0"
 CONFIG_USERNAME = "BozoTheClown"
 CONFIG_PASSWORD = "TopSecret"
 CONFIG_PROJECT = "TheGrandPrizeGame"
+CONFIG_CACERT = "TrustMe"

 CLOUD_CONFIG = """
 clouds:
@@ -35,8 +36,25 @@ clouds:
      username: {username}
      password: {password}
      project_name: {project}
+  insecure:
+    auth:
+      auth_url: {auth_url}
+      username: {username}
+      password: {password}
+      project_name: {project}
+    cacert: {cacert}
+    insecure: True
+  cacert:
+    auth:
+      auth_url: {auth_url}
+      username: {username}
+      password: {password}
+      project_name: {project}
+    cacert: {cacert}
+    insecure: False
 """.format(auth_url=CONFIG_AUTH_URL, username=CONFIG_USERNAME,
-           password=CONFIG_PASSWORD, project=CONFIG_PROJECT)
+           password=CONFIG_PASSWORD, project=CONFIG_PROJECT,
+           cacert=CONFIG_CACERT)


 class TestConnection(base.TestCase):
@@ -172,6 +190,15 @@ class TestConnection(base.TestCase):
        # up URLs with it.
        self.assertEqual("v" + version, pref.version)

+    def test_from_config_verify(self):
+        self._prepare_test_config()
+
+        sot = connection.from_config(cloud_name="insecure")
+        self.assertFalse(sot.session.verify)
+
+        sot = connection.from_config(cloud_name="cacert")
+        self.assertEqual(CONFIG_CACERT, sot.session.verify)
+
    def test_authorize_works(self):
        fake_session = mock.Mock()
        fake_headers = {'X-Auth-Token': 'FAKE_TOKEN'}