Heat client does not support OS_CACERT option

This option is standard in OpenStack clients to pass in the location of any extra CA certificate bundle needed to negotiate an SSL connection with SSL-secured services. Change-Id: If675b36bf6bbd1df216277129b147c32555de0d0 Closes-Bug: 1308087
2014-04-14 18:51:56 -04:00 · 2014-04-14 18:51:56 -04:00 · d32cdc0edc
parent f0fdb3eb33
commit d32cdc0edc
2 changed files with 12 additions and 1 deletions
--- a/heatclient/shell.py
+++ b/heatclient/shell.py
@ -72,6 +72,13 @@ class HeatShell(object):
                            "certificate authorities. "
                            "This option should be used with caution.")

+        parser.add_argument('--os-cacert',
+                            metavar='<ca-certificate>',
+                            default=utils.env('OS_CACERT', default=None),
+                            help='Specify a CA bundle file to use in '
+                            'verifying a TLS (https) server certificate. '
+                            'Defaults to env[OS_CACERT]')
+
        parser.add_argument('--cert-file',
                            help='Path of certificate file to use in SSL '
                            'connection. This file can optionally be '
@ -245,7 +252,8 @@ class HeatShell(object):
        :param token: token to use instead of username/password
        """
        kc_args = {'auth_url': kwargs.get('auth_url'),
-                   'insecure': kwargs.get('insecure')}
+                   'insecure': kwargs.get('insecure'),
+                   'cacert': kwargs.get('cacert')}

        if kwargs.get('tenant_id'):
            kc_args['tenant_id'] = kwargs.get('tenant_id')
@ -353,6 +361,7 @@ class HeatShell(object):
            'service_type': args.os_service_type,
            'endpoint_type': args.os_endpoint_type,
            'insecure': args.insecure,
+            'cacert': args.os_cacert,
            'include_pass': args.include_password
        }

--- a/heatclient/tests/fakes.py
+++ b/heatclient/tests/fakes.py
@ -21,11 +21,13 @@ def script_keystone_client(token=None):
    if token:
        ksclient.Client(auth_url='http://no.where',
                        insecure=False,
+                        cacert=None,
                        tenant_id='tenant_id',
                        token=token).AndReturn(FakeKeystone(token))
    else:
        ksclient.Client(auth_url='http://no.where',
                        insecure=False,
+                        cacert=None,
                        password='password',
                        tenant_name='tenant_name',
                        username='username').AndReturn(FakeKeystone(