From 877875a62fee39d8d287fae144c907e4a4fd146d Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Mon, 21 Oct 2019 01:08:42 +0000 Subject: [PATCH] fix session cert arguments All calls to the deprecated ironic commands are failing because unsupported cert arguments are being used to create the session (cafile, certfile, keyfile) This change switches to using the correct arguments. It is proposed first on stable/stein because the deprecated ironic commands were removed in Train. Change-Id: If0730c0d9c1c3a700cbc6ae16b1c3752d0b681c4 Story: 2006748 Task: 37230 (cherry picked from commit 50f76012a843aa4bdd77a5fc0359f4d0cc10f1f8) --- ironicclient/client.py | 6 +++--- ironicclient/shell.py | 4 ++-- ironicclient/tests/unit/test_client.py | 2 +- ironicclient/tests/unit/test_shell.py | 6 +++--- releasenotes/notes/cert-args-ea550200cd5ecd88.yaml | 4 ++++ 5 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 releasenotes/notes/cert-args-ea550200cd5ecd88.yaml diff --git a/ironicclient/client.py b/ironicclient/client.py index 83b0e148a..468c94243 100644 --- a/ironicclient/client.py +++ b/ironicclient/client.py @@ -40,9 +40,9 @@ def convert_keystoneauth_opts(kwargs): ('os_service_type',): 'service_type', ('os_endpoint_type',): 'interface', ('ironic_url',): 'endpoint', - ('os_cacert', 'ca_file'): 'cafile', - ('os_cert', 'cert_file'): 'certfile', - ('os_key', 'key_file'): 'keyfile' + ('os_cacert', 'ca_file'): 'cacert', + ('os_cert', 'cert_file'): 'cert', + ('os_key', 'key_file'): 'key' } for olds, new in old_to_new_names.items(): for old in olds: diff --git a/ironicclient/shell.py b/ironicclient/shell.py index 03f813ac6..cf0997d5d 100644 --- a/ironicclient/shell.py +++ b/ironicclient/shell.py @@ -442,8 +442,8 @@ class IronicShell(object): # named differently in keystoneauth, depending on whether they are # provided through CLI or loaded from conf options, here we unify them. for cli_ssl_opt, conf_ssl_opt in [ - ('os_cacert', 'cafile'), ('os_cert', 'certfile'), - ('os_key', 'keyfile')]: + ('os_cacert', 'cacert'), ('os_cert', 'cert'), + ('os_key', 'key')]: value = getattr(args, cli_ssl_opt) if value not in (None, ''): kwargs[conf_ssl_opt] = value diff --git a/ironicclient/tests/unit/test_client.py b/ironicclient/tests/unit/test_client.py index 1d12d709d..2543fc338 100644 --- a/ironicclient/tests/unit/test_client.py +++ b/ironicclient/tests/unit/test_client.py @@ -42,7 +42,7 @@ class ClientTest(utils.BaseTestCase): self.dest = name session_loader_options = [ - Opt('insecure'), Opt('cafile'), Opt('certfile'), Opt('keyfile'), + Opt('insecure'), Opt('cacert'), Opt('cert'), Opt('key'), Opt('timeout')] mock_ks_session.return_value.get_conf_options.return_value = ( session_loader_options) diff --git a/ironicclient/tests/unit/test_shell.py b/ironicclient/tests/unit/test_shell.py index 74d0084ac..2210f634e 100644 --- a/ironicclient/tests/unit/test_shell.py +++ b/ironicclient/tests/unit/test_shell.py @@ -196,9 +196,9 @@ class ShellTest(utils.BaseTestCase): 'username': FAKE_ENV_WITH_SSL['OS_USERNAME'], 'password': FAKE_ENV_WITH_SSL['OS_PASSWORD'], 'project_name': FAKE_ENV_WITH_SSL['OS_PROJECT_NAME'], - 'cafile': FAKE_ENV_WITH_SSL['OS_CACERT'], - 'certfile': FAKE_ENV_WITH_SSL['OS_CERT'], - 'keyfile': FAKE_ENV_WITH_SSL['OS_KEY'], + 'cacert': FAKE_ENV_WITH_SSL['OS_CACERT'], + 'cert': FAKE_ENV_WITH_SSL['OS_CERT'], + 'key': FAKE_ENV_WITH_SSL['OS_KEY'], 'max_retries': http.DEFAULT_MAX_RETRIES, 'retry_interval': http.DEFAULT_RETRY_INTERVAL, 'timeout': 600, diff --git a/releasenotes/notes/cert-args-ea550200cd5ecd88.yaml b/releasenotes/notes/cert-args-ea550200cd5ecd88.yaml new file mode 100644 index 000000000..f84ba8c5f --- /dev/null +++ b/releasenotes/notes/cert-args-ea550200cd5ecd88.yaml @@ -0,0 +1,4 @@ +fixes: + - | + Restore functionality when using the current release of keystoneauth by + using the correct key file arguments (cacert, cert, key).