From 43943fdf670328e2fe606c07949190e9e45063ae Mon Sep 17 00:00:00 2001
From: Maurice Escher <maurice.escher@sap.com>
Date: Thu, 15 Dec 2022 13:42:40 +0100
Subject: [PATCH] Support --os-key option

keystoneclient Session expects as cert argument, one of the followings:
 * None (no client certificate),
 * a path to client certificate,
 * a tuple with client certificate/key paths.

The change updates manilaclient code to support the last case (ie:
os_cert and os_key are non-empty) with the --os-key option
and OS_KEY environment variable.

Closes-Bug: #1999775
Change-Id: I09313b7c55a5f9d4ec032a37e69a1d79db29d648
---
 manilaclient/shell.py                             | 12 +++++++++++-
 manilaclient/tests/unit/test_shell.py             | 15 +++++++++++----
 .../bug-1999775-add-os-key-0cfc95c7b480df05.yaml  |  5 +++++
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100644 releasenotes/notes/bug-1999775-add-os-key-0cfc95c7b480df05.yaml

diff --git a/manilaclient/shell.py b/manilaclient/shell.py
index f29abdf7d..4bcd972a3 100644
--- a/manilaclient/shell.py
+++ b/manilaclient/shell.py
@@ -351,6 +351,13 @@ class OpenStackManilaShell(object):
         parser.add_argument('--os_cert',
                             help=argparse.SUPPRESS)
 
+        parser.add_argument('--os-key',
+                            metavar='<key>',
+                            default=cliutils.env('OS_KEY'),
+                            help='Defaults to env[OS_KEY].')
+        parser.add_argument('--os_key',
+                            help=argparse.SUPPRESS)
+
         if osprofiler_profiler:
             parser.add_argument('--profile',
                                 metavar='HMAC_KEY',
@@ -542,6 +549,9 @@ class OpenStackManilaShell(object):
             os_service_type = constants.SERVICE_TYPES[major_version_string]
 
         os_endpoint_type = args.endpoint_type or DEFAULT_MANILA_ENDPOINT_TYPE
+        cert = args.os_cert or None
+        if cert and args.os_key:
+            cert = cert, args.os_key
 
         client_args = dict(
             username=args.os_username,
@@ -565,7 +575,7 @@ class OpenStackManilaShell(object):
             user_domain_name=args.os_user_domain_name,
             project_domain_id=args.os_project_domain_id,
             project_domain_name=args.os_project_domain_name,
-            cert=args.os_cert,
+            cert=cert,
             input_auth_token=args.os_token,
             service_catalog_url=args.bypass_url,
         )
diff --git a/manilaclient/tests/unit/test_shell.py b/manilaclient/tests/unit/test_shell.py
index 4dc417980..9ac524c0b 100644
--- a/manilaclient/tests/unit/test_shell.py
+++ b/manilaclient/tests/unit/test_shell.py
@@ -86,7 +86,8 @@ class OpenstackManilaShellTest(utils.TestCase):
             self.assertRaises(exceptions.CommandError, self.shell, 'list')
             self.assertFalse(mock_client.Client.called)
 
-    def test_main_success(self):
+    @ddt.data(None, 'foo_key')
+    def test_main_success(self, os_key):
         env_vars = {
             'OS_AUTH_URL': 'http://foo.bar',
             'OS_USERNAME': 'foo_username',
@@ -102,8 +103,13 @@ class OpenstackManilaShellTest(utils.TestCase):
             'OS_USER_DOMAIN_NAME': 'foo_user_domain_name',
             'OS_USER_DOMAIN_ID': 'foo_user_domain_id',
             'OS_CERT': 'foo_cert',
+            'OS_KEY': os_key,
         }
         self.set_env_vars(env_vars)
+        cert = env_vars['OS_CERT']
+        if os_key:
+            cert = (cert, env_vars['OS_KEY'])
+
         with mock.patch.object(shell, 'client') as mock_client:
 
             self.shell('list')
@@ -131,7 +137,7 @@ class OpenstackManilaShellTest(utils.TestCase):
                 user_domain_name=env_vars['OS_USER_DOMAIN_NAME'],
                 project_domain_id=env_vars['OS_PROJECT_DOMAIN_ID'],
                 project_domain_name=env_vars['OS_PROJECT_DOMAIN_NAME'],
-                cert=env_vars['OS_CERT'],
+                cert=cert,
                 input_auth_token='',
                 service_catalog_url='',
             )
@@ -203,7 +209,7 @@ class OpenstackManilaShellTest(utils.TestCase):
                 user_domain_name="",
                 project_domain_id="",
                 project_domain_name="",
-                cert="",
+                cert=None,
                 input_auth_token=expected["input_auth_token"],
                 service_catalog_url=expected["service_catalog_url"],
             )
@@ -282,7 +288,7 @@ class OpenstackManilaShellTest(utils.TestCase):
                 user_domain_name="",
                 project_domain_id="",
                 project_domain_name="",
-                cert="",
+                cert=None,
                 input_auth_token=expected["input_auth_token"],
                 service_catalog_url=expected["service_catalog_url"],
             )
@@ -311,6 +317,7 @@ class OpenstackManilaShellTest(utils.TestCase):
             '--os-auth-url', '--os-region-name', '--service-type',
             '--service-name', '--share-service-name', '--endpoint-type',
             '--os-share-api-version', '--os-cacert', '--retries', '--os-cert',
+            '--os-key',
         )
 
         help_text = self.shell('help')
diff --git a/releasenotes/notes/bug-1999775-add-os-key-0cfc95c7b480df05.yaml b/releasenotes/notes/bug-1999775-add-os-key-0cfc95c7b480df05.yaml
new file mode 100644
index 000000000..4fd60bdba
--- /dev/null
+++ b/releasenotes/notes/bug-1999775-add-os-key-0cfc95c7b480df05.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Support --os-key option and OS_KEY environment variable which allows to
+    provide client cert and its private key separately.