Need to pass the ca-file arg to keystone, too
This allows the authentication of the keystone server certificate. However, keystone calls the argument cacert Change the argument ca-file to be os-cacert to be more consistent with keystone and other CLIs Change-Id: I77bbc8efb2d8237dd104acc8a13319d28748075b
This commit is contained in:
parent
6a83c8d8a2
commit
952b890959
@ -69,7 +69,7 @@ class HTTPClient(object):
|
||||
self.key_file = kwargs.get('key_file')
|
||||
|
||||
self.ssl_connection_params = {
|
||||
'ca_file': kwargs.get('ca_file'),
|
||||
'os_cacert': kwargs.get('os_cacert'),
|
||||
'cert_file': kwargs.get('cert_file'),
|
||||
'key_file': kwargs.get('key_file'),
|
||||
'insecure': kwargs.get('insecure'),
|
||||
@ -80,7 +80,7 @@ class HTTPClient(object):
|
||||
if kwargs.get('insecure'):
|
||||
self.verify_cert = False
|
||||
else:
|
||||
self.verify_cert = kwargs.get('ca_file', get_system_ca_file())
|
||||
self.verify_cert = kwargs.get('os_cacert', get_system_ca_file())
|
||||
|
||||
def replace_token(self, token):
|
||||
self.auth_token = token
|
||||
@ -96,7 +96,7 @@ class HTTPClient(object):
|
||||
conn_params_fmt = [
|
||||
('key_file', '--key %s'),
|
||||
('cert_file', '--cert %s'),
|
||||
('ca_file', '--cacert %s'),
|
||||
('os_cacert', '--cacert %s'),
|
||||
]
|
||||
for (key, fmt) in conn_params_fmt:
|
||||
value = self.ssl_connection_params.get(key)
|
||||
|
@ -91,11 +91,13 @@ class MonascaShell(object):
|
||||
'This option is not necessary if your key is'
|
||||
' prepended to your cert file.')
|
||||
|
||||
parser.add_argument('--ca-file',
|
||||
help='Path of CA SSL certificate(s) used to verify'
|
||||
' the remote server\'s certificate. Without this'
|
||||
' option the client looks'
|
||||
' for the default system CA certificates.')
|
||||
parser.add_argument('--os-cacert',
|
||||
default=utils.env('OS_CACERT'),
|
||||
help='Specify a CA bundle file to use in verifying'
|
||||
' a TLS (https) server certificate. Defaults to'
|
||||
' env[OS_CACERT]. Without either of these, the'
|
||||
' client looks for the default system CA'
|
||||
' certificates.')
|
||||
|
||||
parser.add_argument('--timeout',
|
||||
default=600,
|
||||
@ -260,6 +262,8 @@ class MonascaShell(object):
|
||||
kc_args = {'auth_url': kwargs.get('auth_url'),
|
||||
'insecure': kwargs.get('insecure')}
|
||||
|
||||
if kwargs.get('os_cacert'):
|
||||
kc_args['cacert'] = kwargs.get('os_cacert')
|
||||
if kwargs.get('project_id'):
|
||||
kc_args['project_id'] = kwargs.get('project_id')
|
||||
elif kwargs.get('project_name'):
|
||||
@ -377,6 +381,7 @@ class MonascaShell(object):
|
||||
'auth_url': args.os_auth_url,
|
||||
'service_type': args.os_service_type,
|
||||
'endpoint_type': args.os_endpoint_type,
|
||||
'os_cacert': args.os_cacert,
|
||||
'project_id': args.os_project_id,
|
||||
'project_name': args.os_project_name,
|
||||
'domain_id': args.os_domain_id,
|
||||
@ -397,7 +402,7 @@ class MonascaShell(object):
|
||||
'token': token,
|
||||
'insecure': args.insecure,
|
||||
'timeout': args.timeout,
|
||||
'ca_file': args.ca_file,
|
||||
'os_cacert': args.os_cacert,
|
||||
'cert_file': args.cert_file,
|
||||
'key_file': args.key_file,
|
||||
'username': args.os_username,
|
||||
|
Loading…
Reference in New Issue
Block a user