Add '--insecure' commandline argument

Allows to ignore validation errors that typically occur with self-signed SSL certificates. Making this explicit is important as one would typically only use this in development or in-house deployments. This should also fix bug 1012591. Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557
2012-07-09 17:07:41 +02:00
parent e77234bd3e
commit dec8f77c92
2 changed files with 15 additions and 3 deletions
--- a/keystoneclient/client.py
+++ b/keystoneclient/client.py
@@ -39,7 +39,7 @@ class HTTPClient(httplib2.Http):
    def __init__(self, username=None, tenant_id=None, tenant_name=None,
                 password=None, auth_url=None, region_name=None, timeout=None,
                 endpoint=None, token=None, cacert=None, key=None,
-                 cert=None):
+                 cert=None, insecure=False):
        super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
        if cert:
            if key:
@@ -59,6 +59,7 @@ class HTTPClient(httplib2.Http):

        # httplib2 overrides
        self.force_exception_to_status_code = True
+        self.disable_ssl_certificate_validation = insecure

    def authenticate(self):
        """ Authenticate against the keystone API.
--- a/keystoneclient/shell.py
+++ b/keystoneclient/shell.py
@@ -140,6 +140,15 @@ class OpenStackIdentityShell(object):
                            default=env('OS_KEY'),
                            help='Defaults to env[OS_KEY]')

+        parser.add_argument('--insecure',
+                            default=False,
+                            action="store_true",
+                            help="Explicitly allow keystoneclient to perform "
+                                 "\"insecure\" SSL (https) requests. The "
+                                 "server's certificate will not be verified "
+                                 "against any certificate authorities. This "
+                                 "option should be used with caution.")
+
        # FIXME(dtroyer): The args below are here for diablo compatibility,
        #                 remove them in folsum cycle

@@ -308,7 +317,8 @@ class OpenStackIdentityShell(object):
            self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url,
                                                 cacert=args.os_cacert,
                                                 key=args.os_key,
-                                                 cert=args.os_cert)
+                                                 cert=args.os_cert,
+                                                 insecure=args.insecure)
        else:
            token = None
            endpoint = None
@@ -327,7 +337,8 @@ class OpenStackIdentityShell(object):
                region_name=args.os_region_name,
                cacert=args.os_cacert,
                key=args.os_key,
-                cert=args.os_cert)
+                cert=args.os_cert,
+                insecure=args.insecure)

        try:
            args.func(self.cs, args)