Merge "Add support for auth against keystone on https"

README.md

@@ -32,6 +32,10 @@ If Mistral authentication is enabled, provide the information about OpenStack au
     export OS_PASSWORD=secret
     export OS_MISTRAL_URL=http://<Mistral host>:8989/v2  (optional, by default URL=http://localhost:8989/v2)
 
+and in the case that you are authenticating against keystone over https:
+
+    export OS_CACERT=<path_to_ca_cert>
+
 >***Note:** In client, we can use both Keystone auth versions - v2.0 and v3. But server supports only v3.*
 
 To make sure Mistral client works, type:

mistralclient/api/client.py

@@ -21,7 +21,7 @@ from mistralclient.api.v2 import client as client_v2
 def client(mistral_url=None, username=None, api_key=None,
            project_name=None, auth_url=None, project_id=None,
            endpoint_type='publicURL', service_type='workflow',
-           auth_token=None, user_id=None):
+           auth_token=None, user_id=None, cacert=None):
 
         if mistral_url and not isinstance(mistral_url, six.string_types):
             raise RuntimeError('Mistral url should be string')
@@ -41,7 +41,7 @@ def client(mistral_url=None, username=None, api_key=None,
                           auth_url=auth_url, project_id=project_id,
                           endpoint_type=endpoint_type,
                           service_type=service_type, auth_token=auth_token,
-                          user_id=user_id)
+                          user_id=user_id, cacert=cacert)
 
 
 def determine_client_version(mistral_url):

mistralclient/api/v1/client.py

@@ -25,7 +25,7 @@ class Client(object):
     def __init__(self, mistral_url=None, username=None, api_key=None,
                  project_name=None, auth_url=None, project_id=None,
                  endpoint_type='publicURL', service_type='workflow',
-                 auth_token=None, user_id=None):
+                 auth_token=None, user_id=None, cacert=None):
 
         if mistral_url and not isinstance(mistral_url, six.string_types):
             raise RuntimeError('Mistral url should be string')
@@ -35,7 +35,7 @@ class Client(object):
                 self.authenticate(mistral_url, username, api_key,
                                   project_name, auth_url, project_id,
                                   endpoint_type, service_type, auth_token,
-                                  user_id))
+                                  user_id, cacert))
 
         if not mistral_url:
             mistral_url = "http://localhost:8989/v1"
@@ -53,7 +53,7 @@ class Client(object):
     def authenticate(self, mistral_url=None, username=None, api_key=None,
                      project_name=None, auth_url=None, project_id=None,
                      endpoint_type='publicURL', service_type='workflow',
-                     auth_token=None, user_id=None):
+                     auth_token=None, user_id=None, cacert=None):
 
         if (not (project_name or project_id) or
             not (isinstance(project_name, six.string_types) or
@@ -83,7 +83,8 @@ class Client(object):
             tenant_id=project_id,
             tenant_name=project_name,
             auth_url=auth_url,
-            endpoint=auth_url)
+            endpoint=auth_url,
+            cacert=cacert)
 
         keystone.authenticate()
         token = keystone.auth_token

mistralclient/api/v2/client.py

@@ -29,7 +29,7 @@ class Client(object):
     def __init__(self, mistral_url=None, username=None, api_key=None,
                  project_name=None, auth_url=None, project_id=None,
                  endpoint_type='publicURL', service_type='workflow',
-                 auth_token=None, user_id=None):
+                 auth_token=None, user_id=None, cacert=None):
 
         if mistral_url and not isinstance(mistral_url, six.string_types):
             raise RuntimeError('Mistral url should be string')
@@ -39,7 +39,7 @@ class Client(object):
                 self.authenticate(mistral_url, username, api_key,
                                   project_name, auth_url, project_id,
                                   endpoint_type, service_type, auth_token,
-                                  user_id))
+                                  user_id, cacert))
 
         if not mistral_url:
             mistral_url = "http://localhost:8989/v2"
@@ -60,7 +60,7 @@ class Client(object):
     def authenticate(self, mistral_url=None, username=None, api_key=None,
                      project_name=None, auth_url=None, project_id=None,
                      endpoint_type='publicURL', service_type='workflow',
-                     auth_token=None, user_id=None):
+                     auth_token=None, user_id=None, cacert=None):
 
         if (not (project_name or project_id) or
             not (isinstance(project_name, six.string_types) or
@@ -90,7 +90,8 @@ class Client(object):
             tenant_id=project_id,
             tenant_name=project_name,
             auth_url=auth_url,
-            endpoint=auth_url)
+            endpoint=auth_url,
+            cacert=cacert)
 
         keystone.authenticate()
         token = keystone.auth_token

mistralclient/shell.py

@@ -171,6 +171,13 @@ class MistralShell(app.App):
             default=c.env('OS_AUTH_URL'),
             help='Authentication URL (Env: OS_AUTH_URL)'
         )
+        parser.add_argument(
+            '--os-cacert',
+            action='store',
+            dest='cacert',
+            default=c.env('OS_CACERT'),
+            help='Authentication CA Certificate (Env: OS_CACERT)'
+        )
         return parser
 
     def initialize_app(self, argv):
@@ -186,7 +193,8 @@ class MistralShell(app.App):
                                     project_id=self.options.tenant_id,
                                     endpoint_type='publicURL',
                                     service_type='workflow',
-                                    auth_token=self.options.token)
+                                    auth_token=self.options.token,
+                                    cacert=self.options.cacert)
 
     def _set_shell_commands(self, cmds_dict):
         for k, v in cmds_dict.items():