Merge "Add custom CA support for get_server_version"

2019-09-05 14:14:23 +00:00 · 2019-09-05 14:14:23 +00:00 · 72c35cb13c
commit 72c35cb13c
parent 4bd9000edd 4a3a2c3c9a
2 changed files with 50 additions and 4 deletions
--- a/cinderclient/client.py
+++ b/cinderclient/client.py
@ -72,10 +72,14 @@ for svc in ('volume', 'volumev2', 'volumev3'):
    discover.add_catalog_discover_hack(svc, re.compile(r'/v[12]/\w+/?$'), '/')


-def get_server_version(url):
+def get_server_version(url, insecure=False, cacert=None):
    """Queries the server via the naked endpoint and gets version info.

    :param url: url of the cinder endpoint
+    :param insecure: Explicitly allow client to perform "insecure" TLS
+                     (https) requests
+    :param cacert: Specify a CA bundle file to use in verifying a TLS
+                            (https) server certificate
    :returns: APIVersion object for min and max version supported by
              the server
    """
@ -106,7 +110,14 @@ def get_server_version(url):
            # leave as is without cropping.
            version_url = url

-        response = requests.get(version_url)
+        if insecure:
+            verify_cert = False
+        else:
+            if cacert:
+                verify_cert = cacert
+            else:
+                verify_cert = True
+        response = requests.get(version_url, verify=verify_cert)
        data = json.loads(response.text)
        versions = data['versions']
        for version in versions:
@ -121,9 +132,9 @@ def get_server_version(url):
            api_versions.APIVersion(current_version))


-def get_highest_client_server_version(url):
+def get_highest_client_server_version(url, insecure=False, cacert=None):
    """Returns highest supported version by client and server as a string."""
-    min_server, max_server = get_server_version(url)
+    min_server, max_server = get_server_version(url, insecure, cacert)
    max_client = api_versions.APIVersion(api_versions.MAX_VERSION)
    return min(max_server, max_client).get_string()

--- a/cinderclient/tests/unit/test_client.py
+++ b/cinderclient/tests/unit/test_client.py
@ -360,6 +360,41 @@ class GetAPIVersionTestCase(utils.TestCase):
        self.assertEqual(min_version, api_versions.APIVersion('3.0'))
        self.assertEqual(max_version, api_versions.APIVersion('3.16'))

+    @mock.patch('cinderclient.client.requests.get')
+    def test_get_server_version_insecure(self, mock_request):
+        mock_response = utils.TestResponse({
+            "status_code": 200,
+            "text": json.dumps(fakes.fake_request_get_no_v3())
+        })
+
+        mock_request.return_value = mock_response
+
+        url = (
+            "https://192.168.122.127:8776/v3/e5526285ebd741b1819393f772f11fc3")
+        expected_url = "https://192.168.122.127:8776/"
+
+        cinderclient.client.get_server_version(url, True)
+
+        mock_request.assert_called_once_with(expected_url, verify=False)
+
+    @mock.patch('cinderclient.client.requests.get')
+    def test_get_server_version_cacert(self, mock_request):
+        mock_response = utils.TestResponse({
+            "status_code": 200,
+            "text": json.dumps(fakes.fake_request_get_no_v3())
+        })
+
+        mock_request.return_value = mock_response
+
+        url = (
+            "https://192.168.122.127:8776/v3/e5526285ebd741b1819393f772f11fc3")
+        expected_url = "https://192.168.122.127:8776/"
+
+        cacert = '/path/to/cert'
+        cinderclient.client.get_server_version(url, cacert=cacert)
+
+        mock_request.assert_called_once_with(expected_url, verify=cacert)
+
    @mock.patch('cinderclient.client.requests.get')
    @ddt.data('3.12', '3.40')
    def test_get_highest_client_server_version(self, version, mock_request):