Add '--insecure' commandline argument
Allows to ignore validation errors that typically occur with self-signed SSL certificates. Making this explicit is important as one would typically only use this in development or in-house deployments. This should also fix bug 1012591. Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557
This commit is contained in:
Sascha Peilicke
@@ -39,7 +39,7 @@ class HTTPClient(httplib2.Http):
|
|||||||
def __init__(self, username=None, tenant_id=None, tenant_name=None,
|
def __init__(self, username=None, tenant_id=None, tenant_name=None,
|
||||||
password=None, auth_url=None, region_name=None, timeout=None,
|
password=None, auth_url=None, region_name=None, timeout=None,
|
||||||
endpoint=None, token=None, cacert=None, key=None,
|
endpoint=None, token=None, cacert=None, key=None,
|
||||||
cert=None):
|
cert=None, insecure=False):
|
||||||
super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
|
super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
|
||||||
if cert:
|
if cert:
|
||||||
if key:
|
if key:
|
||||||
@@ -59,6 +59,7 @@ class HTTPClient(httplib2.Http):
|
|||||||
|
|
||||||
# httplib2 overrides
|
# httplib2 overrides
|
||||||
self.force_exception_to_status_code = True
|
self.force_exception_to_status_code = True
|
||||||
|
self.disable_ssl_certificate_validation = insecure
|
||||||
|
|
||||||
def authenticate(self):
|
def authenticate(self):
|
||||||
""" Authenticate against the keystone API.
|
""" Authenticate against the keystone API.
|
||||||
|
|||||||
@@ -140,6 +140,15 @@ class OpenStackIdentityShell(object):
|
|||||||
default=env('OS_KEY'),
|
default=env('OS_KEY'),
|
||||||
help='Defaults to env[OS_KEY]')
|
help='Defaults to env[OS_KEY]')
|
||||||
|
|
||||||
|
parser.add_argument('--insecure',
|
||||||
|
default=False,
|
||||||
|
action="store_true",
|
||||||
|
help="Explicitly allow keystoneclient to perform "
|
||||||
|
"\"insecure\" SSL (https) requests. The "
|
||||||
|
"server's certificate will not be verified "
|
||||||
|
"against any certificate authorities. This "
|
||||||
|
"option should be used with caution.")
|
||||||
|
|
||||||
# FIXME(dtroyer): The args below are here for diablo compatibility,
|
# FIXME(dtroyer): The args below are here for diablo compatibility,
|
||||||
# remove them in folsum cycle
|
# remove them in folsum cycle
|
||||||
|
|
||||||
@@ -308,7 +317,8 @@ class OpenStackIdentityShell(object):
|
|||||||
self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url,
|
self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url,
|
||||||
cacert=args.os_cacert,
|
cacert=args.os_cacert,
|
||||||
key=args.os_key,
|
key=args.os_key,
|
||||||
cert=args.os_cert)
|
cert=args.os_cert,
|
||||||
|
insecure=args.insecure)
|
||||||
else:
|
else:
|
||||||
token = None
|
token = None
|
||||||
endpoint = None
|
endpoint = None
|
||||||
@@ -327,7 +337,8 @@ class OpenStackIdentityShell(object):
|
|||||||
region_name=args.os_region_name,
|
region_name=args.os_region_name,
|
||||||
cacert=args.os_cacert,
|
cacert=args.os_cacert,
|
||||||
key=args.os_key,
|
key=args.os_key,
|
||||||
cert=args.os_cert)
|
cert=args.os_cert,
|
||||||
|
insecure=args.insecure)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
args.func(self.cs, args)
|
args.func(self.cs, args)
|
||||||
|
|||||||
Reference in New Issue
Block a user