Browse Source

fix session cert arguments

All calls to the deprecated ironic commands are failing because
unsupported cert arguments are being used to create the session
(cafile, certfile, keyfile)

This change switches to using the correct arguments. It is proposed
first on stable/stein because the deprecated ironic commands were
removed in Train.

Change-Id: If0730c0d9c1c3a700cbc6ae16b1c3752d0b681c4
Story: 2006748
Task: 37230
(cherry picked from commit 50f76012a843aa4bdd77a5fc0359f4d0cc10f1f8)
tags/2.5.4^0
Steve Baker 4 months ago
parent
commit
877875a62f
5 changed files with 13 additions and 9 deletions
  1. +3
    -3
      ironicclient/client.py
  2. +2
    -2
      ironicclient/shell.py
  3. +1
    -1
      ironicclient/tests/unit/test_client.py
  4. +3
    -3
      ironicclient/tests/unit/test_shell.py
  5. +4
    -0
      releasenotes/notes/cert-args-ea550200cd5ecd88.yaml

+ 3
- 3
ironicclient/client.py View File

@@ -40,9 +40,9 @@ def convert_keystoneauth_opts(kwargs):
('os_service_type',): 'service_type',
('os_endpoint_type',): 'interface',
('ironic_url',): 'endpoint',
('os_cacert', 'ca_file'): 'cafile',
('os_cert', 'cert_file'): 'certfile',
('os_key', 'key_file'): 'keyfile'
('os_cacert', 'ca_file'): 'cacert',
('os_cert', 'cert_file'): 'cert',
('os_key', 'key_file'): 'key'
}
for olds, new in old_to_new_names.items():
for old in olds:

+ 2
- 2
ironicclient/shell.py View File

@@ -442,8 +442,8 @@ class IronicShell(object):
# named differently in keystoneauth, depending on whether they are
# provided through CLI or loaded from conf options, here we unify them.
for cli_ssl_opt, conf_ssl_opt in [
('os_cacert', 'cafile'), ('os_cert', 'certfile'),
('os_key', 'keyfile')]:
('os_cacert', 'cacert'), ('os_cert', 'cert'),
('os_key', 'key')]:
value = getattr(args, cli_ssl_opt)
if value not in (None, ''):
kwargs[conf_ssl_opt] = value

+ 1
- 1
ironicclient/tests/unit/test_client.py View File

@@ -42,7 +42,7 @@ class ClientTest(utils.BaseTestCase):
self.dest = name

session_loader_options = [
Opt('insecure'), Opt('cafile'), Opt('certfile'), Opt('keyfile'),
Opt('insecure'), Opt('cacert'), Opt('cert'), Opt('key'),
Opt('timeout')]
mock_ks_session.return_value.get_conf_options.return_value = (
session_loader_options)

+ 3
- 3
ironicclient/tests/unit/test_shell.py View File

@@ -196,9 +196,9 @@ class ShellTest(utils.BaseTestCase):
'username': FAKE_ENV_WITH_SSL['OS_USERNAME'],
'password': FAKE_ENV_WITH_SSL['OS_PASSWORD'],
'project_name': FAKE_ENV_WITH_SSL['OS_PROJECT_NAME'],
'cafile': FAKE_ENV_WITH_SSL['OS_CACERT'],
'certfile': FAKE_ENV_WITH_SSL['OS_CERT'],
'keyfile': FAKE_ENV_WITH_SSL['OS_KEY'],
'cacert': FAKE_ENV_WITH_SSL['OS_CACERT'],
'cert': FAKE_ENV_WITH_SSL['OS_CERT'],
'key': FAKE_ENV_WITH_SSL['OS_KEY'],
'max_retries': http.DEFAULT_MAX_RETRIES,
'retry_interval': http.DEFAULT_RETRY_INTERVAL,
'timeout': 600,

+ 4
- 0
releasenotes/notes/cert-args-ea550200cd5ecd88.yaml View File

@@ -0,0 +1,4 @@
fixes:
- |
Restore functionality when using the current release of keystoneauth by
using the correct key file arguments (cacert, cert, key).

Loading…
Cancel
Save