openstack
/
python-manilaclient
Code Issues Proposed changes

Support --os-key option 

keystoneclient Session expects as cert argument, one of the followings:
 * None (no client certificate),
 * a path to client certificate,
 * a tuple with client certificate/key paths.

The change updates manilaclient code to support the last case (ie:
os_cert and os_key are non-empty) with the --os-key option
and OS_KEY environment variable.

Closes-Bug: #1999775
Change-Id: I09313b7c55a5f9d4ec032a37e69a1d79db29d648
This commit is contained in:
Maurice Escher 2022-12-15 13:42:40 +01:00
parent cb14e965ef
commit 43943fdf67
3 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manilaclient/shell.py
View File

@ -351,6 +351,13 @@ class OpenStackManilaShell(object):
parser.add_argument('--os_cert',
help=argparse.SUPPRESS)
parser.add_argument('--os-key',
metavar='<key>',
default=cliutils.env('OS_KEY'),
help='Defaults to env[OS_KEY].')
parser.add_argument('--os_key',
help=argparse.SUPPRESS)
if osprofiler_profiler:
parser.add_argument('--profile',
metavar='HMAC_KEY',
@ -542,6 +549,9 @@ class OpenStackManilaShell(object):
os_service_type = constants.SERVICE_TYPES[major_version_string]
os_endpoint_type = args.endpoint_type or DEFAULT_MANILA_ENDPOINT_TYPE
cert = args.os_cert or None
if cert and args.os_key:
cert = cert, args.os_key
client_args = dict(
username=args.os_username,
@ -565,7 +575,7 @@ class OpenStackManilaShell(object):
user_domain_name=args.os_user_domain_name,
project_domain_id=args.os_project_domain_id,
project_domain_name=args.os_project_domain_name,
cert=args.os_cert,
cert=cert,
input_auth_token=args.os_token,
service_catalog_url=args.bypass_url,
)

15
manilaclient/tests/unit/test_shell.py
View File

@ -86,7 +86,8 @@ class OpenstackManilaShellTest(utils.TestCase):
self.assertRaises(exceptions.CommandError, self.shell, 'list')
self.assertFalse(mock_client.Client.called)
def test_main_success(self):
@ddt.data(None, 'foo_key')
def test_main_success(self, os_key):
env_vars = {
'OS_AUTH_URL': 'http://foo.bar',
'OS_USERNAME': 'foo_username',
@ -102,8 +103,13 @@ class OpenstackManilaShellTest(utils.TestCase):
'OS_USER_DOMAIN_NAME': 'foo_user_domain_name',
'OS_USER_DOMAIN_ID': 'foo_user_domain_id',
'OS_CERT': 'foo_cert',
'OS_KEY': os_key,
}
self.set_env_vars(env_vars)
cert = env_vars['OS_CERT']
if os_key:
cert = (cert, env_vars['OS_KEY'])
with mock.patch.object(shell, 'client') as mock_client:
self.shell('list')
@ -131,7 +137,7 @@ class OpenstackManilaShellTest(utils.TestCase):
user_domain_name=env_vars['OS_USER_DOMAIN_NAME'],
project_domain_id=env_vars['OS_PROJECT_DOMAIN_ID'],
project_domain_name=env_vars['OS_PROJECT_DOMAIN_NAME'],
cert=env_vars['OS_CERT'],
cert=cert,
input_auth_token='',
service_catalog_url='',
)
@ -203,7 +209,7 @@ class OpenstackManilaShellTest(utils.TestCase):
user_domain_name="",
project_domain_id="",
project_domain_name="",
cert="",
cert=None,
input_auth_token=expected["input_auth_token"],
service_catalog_url=expected["service_catalog_url"],
)
@ -282,7 +288,7 @@ class OpenstackManilaShellTest(utils.TestCase):
user_domain_name="",
project_domain_id="",
project_domain_name="",
cert="",
cert=None,
input_auth_token=expected["input_auth_token"],
service_catalog_url=expected["service_catalog_url"],
)
@ -311,6 +317,7 @@ class OpenstackManilaShellTest(utils.TestCase):
'--os-auth-url', '--os-region-name', '--service-type',
'--service-name', '--share-service-name', '--endpoint-type',
'--os-share-api-version', '--os-cacert', '--retries', '--os-cert',
'--os-key',
)
help_text = self.shell('help')

5
releasenotes/notes/bug-1999775-add-os-key-0cfc95c7b480df05.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Support --os-key option and OS_KEY environment variable which allows to
provide client cert and its private key separately.