Support two-way auth for barbicanclient

This patch supports two-way auth for barbicanclient. Change-Id: I19fb971de864e94b31bf436bc27d5180aebbce4f blueprint:support-two-way-auth
2019-08-16 01:43:22 +08:00 · 2019-08-16 01:43:22 +08:00 · 16760f3b44
commit 16760f3b44
parent 79f387fbd5
2 changed files with 51 additions and 2 deletions
--- a/barbicanclient/barbican.py
+++ b/barbicanclient/barbican.py
@ -151,8 +151,17 @@ class Barbican(app.App):
        method = identity.Token if auth_type == 'token' else identity.Password

        auth = method(**kwargs)
-
-        return session.Session(auth=auth, verify=not args.insecure)
+        cacert = args.os_cacert
+        cert = args.os_cert
+        key = args.os_key
+        insecure = args.insecure
+        if insecure:
+            verify = False
+        else:
+            verify = cacert or True
+        if cert and key:
+            cert = (cert, key)
+        return session.Session(auth=auth, verify=verify, cert=cert)

    def create_client(self, args):
        created_client = None
--- a/barbicanclient/tests/test_barbican.py
+++ b/barbicanclient/tests/test_barbican.py
@ -219,6 +219,46 @@ class WhenTestingBarbicanCLI(test_client.BaseEntityResource):
        self.assertEqual(1, self.responses._adapter.call_count)
        self.assertEqual([], secret_list)

+    def test_insecure_true_kwargs_set_correctly(self):
+        auth_args = ('--no-auth --endpoint https://barbican_endpoint:9311/v1 '
+                     '--os-project-id project1')
+        endpoint_filter_args = ('--interface public '
+                                '--service-type custom-type '
+                                '--service-name Burrbican '
+                                '--region-name RegionTwo '
+                                '--barbican-api-version v1')
+        args = auth_args + ' ' + endpoint_filter_args
+        argv, remainder = self.parser.parse_known_args(args.split())
+        argv.insecure = True
+        argv.os_identity_api_version = '2.0'
+        argv.os_tenant_name = 'my_tenant_name'
+        barbican_client = self.barbican.create_client(argv)
+        httpclient = barbican_client.secrets._api
+        self.assertFalse(httpclient.session.verify)
+
+    def test_cafile_certfile_keyfile_kwargs_set_correctly(self):
+        auth_args = ('no_auth '
+                     '--os-auth-url https://keystone_endpoint:5000/v2 '
+                     '--os-auth-token f554ccb5-e157-4824-b67b-d139c87bc555 '
+                     '--os-project-id project1')
+        endpoint_filter_args = ('--interface public '
+                                '--service-type custom-type '
+                                '--service-name Burrbican '
+                                '--region-name RegionTwo '
+                                '--barbican-api-version v1')
+        args = auth_args + ' ' + endpoint_filter_args
+        argv, remainder = self.parser.parse_known_args(args.split())
+        argv.os_cacert = 'ca.pem'
+        argv.os_cert = 'cert.pem'
+        argv.os_key = 'key.pem'
+        argv.os_identity_api_version = '2.0'
+        argv.os_tenant_name = 'my_tenant_name'
+        barbican_client = self.barbican.create_client(argv)
+        httpclient = barbican_client.secrets._api
+        self.assertEqual('ca.pem', httpclient.session.verify)
+        self.assertEqual('cert.pem', httpclient.session.cert[0])
+        self.assertEqual('key.pem', httpclient.session.cert[1])
+

 class TestBarbicanWithKeystonePasswordAuth(
        keystone_client_fixtures.KeystoneClientFixture):