openstack/python-cloudkittyclient
Code Issues Proposed changes

Add `insecure and cacert` options to the client.

Browse Source 
The client does support SSL authentication through keystoneauth right now. In
CLI mode, this is done through the "--os-cert" and "--os-cacert" options, or
through environment variables.

However, when the client is used as a python library,this is done through
requests' "verify" parameter, which is not very explicit.

This adds two parameters to the client

Change-Id: I68969c658724f53c85c47ab6098a3e2165f5925d
Story: 2003689
Task: 26224
This commit is contained in:
Luka Peschke
2018-09-06 20:44:17 +02:00
parent 214083c695
commit fff37a84fa
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cloudkittyclient/v1/client.py
View File

@@ -25,12 +25,26 @@ from cloudkittyclient.v1 import storage
class Client(object): class Client(object):
def __init__(self, session=None, adapter_options={}, **kwargs): def __init__(self,
session=None,
adapter_options={},
cacert=None,
insecure=False,
**kwargs):
adapter_options.setdefault('service_type', 'rating') adapter_options.setdefault('service_type', 'rating')
if insecure:
verify_cert = False
else:
if cacert:
verify_cert = cacert
else:
verify_cert = True
self.session = session self.session = session
if self.session is None: if self.session is None:
self.session = ks_session.Session(**kwargs) self.session = ks_session.Session(
verify=verify_cert, **kwargs)
self.api_client = adapter.Adapter( self.api_client = adapter.Adapter(
session=self.session, **adapter_options) session=self.session, **adapter_options)

10
doc/source/usage.rst
View File

@@ -49,6 +49,16 @@ Else, use it the same way as any other OpenStack client::
u'res_type': u'ALL', u'res_type': u'ALL',
u'tenant_id': u'bea6a24f77e946b0a92dca7c78b7870b'}]} u'tenant_id': u'bea6a24f77e946b0a92dca7c78b7870b'}]}
.. warning::
If you want to use SSL with the client as a python library, you need to
provide a cert to keystone's session object. Else, two additional options
are available if you provide an ``auth`` object to the client: ``insecure``
and ``cacert``::
>>> client = ck_client.Client(
'1', auth=auth, insecure=False, cacert='/path/to/ca')
When using the ``cloudkitty`` CLI client with keystone authentication, the When using the ``cloudkitty`` CLI client with keystone authentication, the
auth plugin to use should automagically be detected. If not, you can specify auth plugin to use should automagically be detected. If not, you can specify
the auth plugin to use with ``--os-auth-type/--os-auth-plugin``:: the auth plugin to use with ``--os-auth-type/--os-auth-plugin``::