From afcf4a163ea841c71c66e2fe2d8a2e97e8a10912 Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Sun, 26 Jul 2015 08:00:33 -0500
Subject: [PATCH] Deprecate use of cert and key

There was a comment to deprecate creating a Session with cert and
key rather than a tuple to cert.

Also, fixed places where the deprecated usage was being used.

bp deprecations

Change-Id: I3596635bbc5611dd002a8beb063540a8c284c192
---
 keystoneclient/session.py               | 15 +++++++++------
 keystoneclient/tests/unit/test_https.py |  6 +++---
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/keystoneclient/session.py b/keystoneclient/session.py
index 5ec8a677a..e542edfec 100644
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -574,8 +574,11 @@ class Session(object):
                 verify = cacert or True
 
         if cert and key:
-            # passing cert and key together is deprecated in favour of the
-            # requests lib form of having the cert and key as a tuple
+            warnings.warn(
+                'Passing cert and key together is deprecated as of the 1.7.0 '
+                'release in favor of the requests library form of having the '
+                'cert and key as a tuple and may be removed in the 2.0.0 '
+                'release.', DeprecationWarning)
             cert = (cert, key)
 
         return cls(verify=verify, cert=cert, **kwargs)
@@ -846,8 +849,8 @@ class Session(object):
 
         kwargs['insecure'] = c.insecure
         kwargs['cacert'] = c.cafile
-        kwargs['cert'] = c.certfile
-        kwargs['key'] = c.keyfile
+        if c.certfile and c.keyfile:
+            kwargs['cert'] = (c.certfile, c.keyfile)
         kwargs['timeout'] = c.timeout
 
         return cls._make(**kwargs)
@@ -904,8 +907,8 @@ class Session(object):
         """
         kwargs['insecure'] = args.insecure
         kwargs['cacert'] = args.os_cacert
-        kwargs['cert'] = args.os_cert
-        kwargs['key'] = args.os_key
+        if args.os_cert and args.os_key:
+            kwargs['cert'] = (args.os_cert, args.os_key)
         kwargs['timeout'] = args.timeout
 
         return cls._make(**kwargs)
diff --git a/keystoneclient/tests/unit/test_https.py b/keystoneclient/tests/unit/test_https.py
index bf9322633..e04357a7b 100644
--- a/keystoneclient/tests/unit/test_https.py
+++ b/keystoneclient/tests/unit/test_https.py
@@ -29,7 +29,7 @@ RESPONSE_BODY = '{"hi": "there"}'
 def get_client():
     cl = httpclient.HTTPClient(username="username", password="password",
                                project_id="tenant", auth_url="auth_test",
-                               cacert="ca.pem", key="key.pem", cert="cert.pem")
+                               cacert="ca.pem", cert=('cert.pem', "key.pem"))
     return cl
 
 
@@ -85,8 +85,8 @@ class ClientTest(utils.TestCase):
         MOCK_REQUEST.return_value = FAKE_RESPONSE
         cl = httpclient.HTTPClient(
             username="username", password="password", project_id="tenant",
-            auth_url="auth_test", cacert="ca.pem", key="key.pem",
-            cert="cert.pem")
+            auth_url="auth_test", cacert="ca.pem", cert=('cert.pem', 'key.pem')
+        )
         cl.management_url = "https://127.0.0.1:5000"
         cl.auth_token = "token"
         with self.deprecations.expect_deprecations_here():