From 46236ae559941964d573ee457c5aab3e25ce612e Mon Sep 17 00:00:00 2001 From: Cedric Brandily Date: Tue, 12 Apr 2016 20:29:27 +0200 Subject: [PATCH] Support client certificate/key This change enables to specify a client certificate/key with: * os-client-config config * Connection cert argument: * client certificate path via a string * client certificate/key paths via a tuple Closes-Bug: #1569508 Related-Bug: #1569513 Change-Id: I657b19708fd45acaa705af6d877c50ef89df79fe --- openstack/connection.py | 15 +++++++++++++-- openstack/tests/unit/test_connection.py | 4 ++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/openstack/connection.py b/openstack/connection.py index 3f6515480..d70a46cc2 100644 --- a/openstack/connection.py +++ b/openstack/connection.py @@ -142,13 +142,19 @@ def from_config(cloud_name=None, cloud_config=None, options=None): if 'insecure' in cloud_config.config: auth['verify'] = not bool(cloud_config.config['insecure']) + cert = cloud_config.config.get('cert') + if cert: + key = cloud_config.config.get('key') + auth['cert'] = (cert, key) if key else cert + return Connection(profile=prof, **auth) class Connection(object): def __init__(self, session=None, authenticator=None, profile=None, - verify=True, user_agent=None, auth_plugin="password", + verify=True, cert=None, user_agent=None, + auth_plugin="password", **auth_args): """Create a context for a connection to a cloud provider. @@ -179,6 +185,11 @@ class Connection(object): this parameter will be used to create a transport. If ``verify`` is set to true, which is the default, the SSL cert will be verified. It can also be set to a CA_BUNDLE path. + :param cert: If a transport is not provided to the connection then this + parameter will be used to create a transport. `cert` allows to + provide a client certificate file path or a tuple with client + certificate and key paths. + :type cert: str or tuple :param str user_agent: If a transport is not provided to the connection, this parameter will be used when creating a transport. The value given here will be prepended to the default, which is @@ -196,7 +207,7 @@ class Connection(object): **auth_args) self.profile = profile if profile else _profile.Profile() self.session = session if session else _session.Session( - self.profile, auth=self.authenticator, verify=verify, + self.profile, auth=self.authenticator, verify=verify, cert=cert, user_agent=user_agent) self._open() diff --git a/openstack/tests/unit/test_connection.py b/openstack/tests/unit/test_connection.py index 013794329..ecda73a3e 100644 --- a/openstack/tests/unit/test_connection.py +++ b/openstack/tests/unit/test_connection.py @@ -46,8 +46,8 @@ class TestConnection(base.TestCase): mock_profile = mock.Mock() mock_profile.get_services = mock.Mock(return_value=[]) conn = connection.Connection(profile=mock_profile, authenticator='2', - verify=True, user_agent='1') - args = {'auth': '2', 'user_agent': '1', 'verify': True} + verify=True, cert='cert', user_agent='1') + args = {'auth': '2', 'user_agent': '1', 'verify': True, 'cert': 'cert'} mock_session_init.assert_called_with(mock_profile, **args) self.assertEqual(mock_session_init, conn.session)