Support --os-key option

Currently we can specify a client certificate key using --os-key option inherited from keystoneclient cli options but it has no effect because keystoneclient Session expects as cert argument, one of the followings: * None (no client certificate), * a path to client certificate, * a tuple with client certificate/key paths. The change updates cinderclient code to support the last case (ie: os_cert and os_key are non-empty) in order to take into --os-key option and OS_KEY environment variable. Closes-Bug: #1564646 Change-Id: I258fd554ad2d6a5413ffe778acefa3a0b83e591f
2016-04-01 00:48:06 +02:00 · 2016-04-01 00:48:06 +02:00 · 80d3edc71e
commit 80d3edc71e
parent d2daa7ba94
3 changed files with 31 additions and 0 deletions
--- a/cinderclient/shell.py
+++ b/cinderclient/shell.py
@ -806,6 +806,9 @@ class OpenStackCinderShell(object):
        # first create a Keystone session
        cacert = self.options.os_cacert or None
        cert = self.options.os_cert or None
+        if cert and self.options.os_key:
+            cert = cert, self.options.os_key
+
        insecure = self.options.insecure or False

        if insecure:
--- a/cinderclient/tests/unit/test_shell.py
+++ b/cinderclient/tests/unit/test_shell.py
@ -214,6 +214,29 @@ class ShellTest(utils.TestCase):

        self.assertEqual(False, _shell.cs.client.verify_cert)

+    @mock.patch('keystoneclient.session.Session.__init__',
+                side_effect=RuntimeError())
+    def test_http_client_with_cert(self, mock_session):
+        _shell = shell.OpenStackCinderShell()
+
+        # We crash the command after Session instantiation because this test
+        # focuses only on arguments provided to Session.__init__
+        args = '--os-cert', 'minnie', 'list'
+        self.assertRaises(RuntimeError, _shell.main, args)
+        mock_session.assert_called_once_with(cert='minnie', verify=mock.ANY)
+
+    @mock.patch('keystoneclient.session.Session.__init__',
+                side_effect=RuntimeError())
+    def test_http_client_with_cert_and_key(self, mock_session):
+        _shell = shell.OpenStackCinderShell()
+
+        # We crash the command after Session instantiation because this test
+        # focuses only on arguments provided to Session.__init__
+        args = '--os-cert', 'minnie', '--os-key', 'mickey', 'list'
+        self.assertRaises(RuntimeError, _shell.main, args)
+        mock_session.assert_called_once_with(cert=('minnie', 'mickey'),
+                                             verify=mock.ANY)
+

 class CinderClientArgumentParserTest(utils.TestCase):

--- a/releasenotes/notes/support---os-key-option-72ba2fd4880736ac.yaml
+++ b/releasenotes/notes/support---os-key-option-72ba2fd4880736ac.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+      Support --os-key option and OS_KEY environment variable which allows to
+      provide client cert and its private key separately.