Support two-way auth for barbicanclient
This patch supports two-way auth for barbicanclient. Change-Id: I19fb971de864e94b31bf436bc27d5180aebbce4f blueprint:support-two-way-auth
This commit is contained in:
parent
79f387fbd5
commit
16760f3b44
@ -151,8 +151,17 @@ class Barbican(app.App):
|
||||
method = identity.Token if auth_type == 'token' else identity.Password
|
||||
|
||||
auth = method(**kwargs)
|
||||
|
||||
return session.Session(auth=auth, verify=not args.insecure)
|
||||
cacert = args.os_cacert
|
||||
cert = args.os_cert
|
||||
key = args.os_key
|
||||
insecure = args.insecure
|
||||
if insecure:
|
||||
verify = False
|
||||
else:
|
||||
verify = cacert or True
|
||||
if cert and key:
|
||||
cert = (cert, key)
|
||||
return session.Session(auth=auth, verify=verify, cert=cert)
|
||||
|
||||
def create_client(self, args):
|
||||
created_client = None
|
||||
|
@ -219,6 +219,46 @@ class WhenTestingBarbicanCLI(test_client.BaseEntityResource):
|
||||
self.assertEqual(1, self.responses._adapter.call_count)
|
||||
self.assertEqual([], secret_list)
|
||||
|
||||
def test_insecure_true_kwargs_set_correctly(self):
|
||||
auth_args = ('--no-auth --endpoint https://barbican_endpoint:9311/v1 '
|
||||
'--os-project-id project1')
|
||||
endpoint_filter_args = ('--interface public '
|
||||
'--service-type custom-type '
|
||||
'--service-name Burrbican '
|
||||
'--region-name RegionTwo '
|
||||
'--barbican-api-version v1')
|
||||
args = auth_args + ' ' + endpoint_filter_args
|
||||
argv, remainder = self.parser.parse_known_args(args.split())
|
||||
argv.insecure = True
|
||||
argv.os_identity_api_version = '2.0'
|
||||
argv.os_tenant_name = 'my_tenant_name'
|
||||
barbican_client = self.barbican.create_client(argv)
|
||||
httpclient = barbican_client.secrets._api
|
||||
self.assertFalse(httpclient.session.verify)
|
||||
|
||||
def test_cafile_certfile_keyfile_kwargs_set_correctly(self):
|
||||
auth_args = ('no_auth '
|
||||
'--os-auth-url https://keystone_endpoint:5000/v2 '
|
||||
'--os-auth-token f554ccb5-e157-4824-b67b-d139c87bc555 '
|
||||
'--os-project-id project1')
|
||||
endpoint_filter_args = ('--interface public '
|
||||
'--service-type custom-type '
|
||||
'--service-name Burrbican '
|
||||
'--region-name RegionTwo '
|
||||
'--barbican-api-version v1')
|
||||
args = auth_args + ' ' + endpoint_filter_args
|
||||
argv, remainder = self.parser.parse_known_args(args.split())
|
||||
argv.os_cacert = 'ca.pem'
|
||||
argv.os_cert = 'cert.pem'
|
||||
argv.os_key = 'key.pem'
|
||||
argv.os_identity_api_version = '2.0'
|
||||
argv.os_tenant_name = 'my_tenant_name'
|
||||
barbican_client = self.barbican.create_client(argv)
|
||||
httpclient = barbican_client.secrets._api
|
||||
self.assertEqual('ca.pem', httpclient.session.verify)
|
||||
self.assertEqual('cert.pem', httpclient.session.cert[0])
|
||||
self.assertEqual('key.pem', httpclient.session.cert[1])
|
||||
|
||||
|
||||
class TestBarbicanWithKeystonePasswordAuth(
|
||||
keystone_client_fixtures.KeystoneClientFixture):
|
||||
|
Loading…
Reference in New Issue
Block a user