From aa94d5d271ced24ba16d59004a62054e6b057052 Mon Sep 17 00:00:00 2001 From: David C Kennedy Date: Tue, 10 Feb 2015 15:21:43 +0000 Subject: [PATCH] Add support for auth against keystone on https Add parameter to mistral client for ca cert so that it can authenticate against keystone running on https. Add help for parameter. Update README to document parameter. Closes-Bug: #1420343 Change-Id: Ib1c0e78a35056df4447c7158d1f8908fb62893d7 --- README.md | 4 ++++ mistralclient/api/client.py | 4 ++-- mistralclient/api/v1/client.py | 9 +++++---- mistralclient/api/v2/client.py | 9 +++++---- mistralclient/shell.py | 10 +++++++++- 5 files changed, 25 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 944849e2..67bce56b 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,10 @@ If Mistral authentication is enabled, provide the information about OpenStack au export OS_PASSWORD=secret export OS_MISTRAL_URL=http://:8989/v2 (optional, by default URL=http://localhost:8989/v2) +and in the case that you are authenticating against keystone over https: + + export OS_CACERT= + >***Note:** In client, we can use both Keystone auth versions - v2.0 and v3. But server supports only v3.* To make sure Mistral client works, type: diff --git a/mistralclient/api/client.py b/mistralclient/api/client.py index 5de62fdb..22475301 100644 --- a/mistralclient/api/client.py +++ b/mistralclient/api/client.py @@ -21,7 +21,7 @@ from mistralclient.api.v2 import client as client_v2 def client(mistral_url=None, username=None, api_key=None, project_name=None, auth_url=None, project_id=None, endpoint_type='publicURL', service_type='workflow', - auth_token=None, user_id=None): + auth_token=None, user_id=None, cacert=None): if mistral_url and not isinstance(mistral_url, six.string_types): raise RuntimeError('Mistral url should be string') @@ -41,7 +41,7 @@ def client(mistral_url=None, username=None, api_key=None, auth_url=auth_url, project_id=project_id, endpoint_type=endpoint_type, service_type=service_type, auth_token=auth_token, - user_id=user_id) + user_id=user_id, cacert=cacert) def determine_client_version(mistral_url): diff --git a/mistralclient/api/v1/client.py b/mistralclient/api/v1/client.py index 81aafc0c..3b15000d 100644 --- a/mistralclient/api/v1/client.py +++ b/mistralclient/api/v1/client.py @@ -25,7 +25,7 @@ class Client(object): def __init__(self, mistral_url=None, username=None, api_key=None, project_name=None, auth_url=None, project_id=None, endpoint_type='publicURL', service_type='workflow', - auth_token=None, user_id=None): + auth_token=None, user_id=None, cacert=None): if mistral_url and not isinstance(mistral_url, six.string_types): raise RuntimeError('Mistral url should be string') @@ -35,7 +35,7 @@ class Client(object): self.authenticate(mistral_url, username, api_key, project_name, auth_url, project_id, endpoint_type, service_type, auth_token, - user_id)) + user_id, cacert)) if not mistral_url: mistral_url = "http://localhost:8989/v1" @@ -53,7 +53,7 @@ class Client(object): def authenticate(self, mistral_url=None, username=None, api_key=None, project_name=None, auth_url=None, project_id=None, endpoint_type='publicURL', service_type='workflow', - auth_token=None, user_id=None): + auth_token=None, user_id=None, cacert=None): if (not (project_name or project_id) or not (isinstance(project_name, six.string_types) or @@ -83,7 +83,8 @@ class Client(object): tenant_id=project_id, tenant_name=project_name, auth_url=auth_url, - endpoint=auth_url) + endpoint=auth_url, + cacert=cacert) keystone.authenticate() token = keystone.auth_token diff --git a/mistralclient/api/v2/client.py b/mistralclient/api/v2/client.py index 004a24a1..2c2d1e28 100644 --- a/mistralclient/api/v2/client.py +++ b/mistralclient/api/v2/client.py @@ -29,7 +29,7 @@ class Client(object): def __init__(self, mistral_url=None, username=None, api_key=None, project_name=None, auth_url=None, project_id=None, endpoint_type='publicURL', service_type='workflow', - auth_token=None, user_id=None): + auth_token=None, user_id=None, cacert=None): if mistral_url and not isinstance(mistral_url, six.string_types): raise RuntimeError('Mistral url should be string') @@ -39,7 +39,7 @@ class Client(object): self.authenticate(mistral_url, username, api_key, project_name, auth_url, project_id, endpoint_type, service_type, auth_token, - user_id)) + user_id, cacert)) if not mistral_url: mistral_url = "http://localhost:8989/v2" @@ -60,7 +60,7 @@ class Client(object): def authenticate(self, mistral_url=None, username=None, api_key=None, project_name=None, auth_url=None, project_id=None, endpoint_type='publicURL', service_type='workflow', - auth_token=None, user_id=None): + auth_token=None, user_id=None, cacert=None): if (not (project_name or project_id) or not (isinstance(project_name, six.string_types) or @@ -90,7 +90,8 @@ class Client(object): tenant_id=project_id, tenant_name=project_name, auth_url=auth_url, - endpoint=auth_url) + endpoint=auth_url, + cacert=cacert) keystone.authenticate() token = keystone.auth_token diff --git a/mistralclient/shell.py b/mistralclient/shell.py index 85de2c6a..faf89ca0 100644 --- a/mistralclient/shell.py +++ b/mistralclient/shell.py @@ -171,6 +171,13 @@ class MistralShell(app.App): default=c.env('OS_AUTH_URL'), help='Authentication URL (Env: OS_AUTH_URL)' ) + parser.add_argument( + '--os-cacert', + action='store', + dest='cacert', + default=c.env('OS_CACERT'), + help='Authentication CA Certificate (Env: OS_CACERT)' + ) return parser def initialize_app(self, argv): @@ -186,7 +193,8 @@ class MistralShell(app.App): project_id=self.options.tenant_id, endpoint_type='publicURL', service_type='workflow', - auth_token=self.options.token) + auth_token=self.options.token, + cacert=self.options.cacert) def _set_shell_commands(self, cmds_dict): for k, v in cmds_dict.items():