Need to pass the ca-file arg to keystone, too

This allows the authentication of the keystone server certificate. However, keystone calls the argument cacert Change the argument ca-file to be os-cacert to be more consistent with keystone and other CLIs Change-Id: I77bbc8efb2d8237dd104acc8a13319d28748075b
2014-11-06 20:54:28 -07:00 · 2014-11-06 20:54:28 -07:00 · 952b890959
commit 952b890959
parent 6a83c8d8a2
2 changed files with 14 additions and 9 deletions
--- a/monascaclient/common/http.py
+++ b/monascaclient/common/http.py
@ -69,7 +69,7 @@ class HTTPClient(object):
        self.key_file = kwargs.get('key_file')

        self.ssl_connection_params = {
-            'ca_file': kwargs.get('ca_file'),
+            'os_cacert': kwargs.get('os_cacert'),
            'cert_file': kwargs.get('cert_file'),
            'key_file': kwargs.get('key_file'),
            'insecure': kwargs.get('insecure'),
@ -80,7 +80,7 @@ class HTTPClient(object):
            if kwargs.get('insecure'):
                self.verify_cert = False
            else:
-                self.verify_cert = kwargs.get('ca_file', get_system_ca_file())
+                self.verify_cert = kwargs.get('os_cacert', get_system_ca_file())

    def replace_token(self, token):
        self.auth_token = token
@ -96,7 +96,7 @@ class HTTPClient(object):
        conn_params_fmt = [
            ('key_file', '--key %s'),
            ('cert_file', '--cert %s'),
-            ('ca_file', '--cacert %s'),
+            ('os_cacert', '--cacert %s'),
        ]
        for (key, fmt) in conn_params_fmt:
            value = self.ssl_connection_params.get(key)
--- a/monascaclient/shell.py
+++ b/monascaclient/shell.py
@ -91,11 +91,13 @@ class MonascaShell(object):
                            'This option is not necessary if your key is'
                            ' prepended to your cert file.')

-        parser.add_argument('--ca-file',
-                            help='Path of CA SSL certificate(s) used to verify'
-                            ' the remote server\'s certificate. Without this'
-                            ' option the client looks'
-                            ' for the default system CA certificates.')
+        parser.add_argument('--os-cacert',
+                            default=utils.env('OS_CACERT'),
+                            help='Specify a CA bundle file to use in verifying'
+                            ' a TLS (https) server certificate. Defaults to'
+                            ' env[OS_CACERT]. Without either of these, the'
+                            ' client looks for the default system CA'
+                            ' certificates.')

        parser.add_argument('--timeout',
                            default=600,
@ -260,6 +262,8 @@ class MonascaShell(object):
        kc_args = {'auth_url': kwargs.get('auth_url'),
                   'insecure': kwargs.get('insecure')}

+        if kwargs.get('os_cacert'):
+            kc_args['cacert'] = kwargs.get('os_cacert')
        if kwargs.get('project_id'):
            kc_args['project_id'] = kwargs.get('project_id')
        elif kwargs.get('project_name'):
@ -377,6 +381,7 @@ class MonascaShell(object):
            'auth_url': args.os_auth_url,
            'service_type': args.os_service_type,
            'endpoint_type': args.os_endpoint_type,
+            'os_cacert': args.os_cacert,
            'project_id': args.os_project_id,
            'project_name': args.os_project_name,
            'domain_id': args.os_domain_id,
@ -397,7 +402,7 @@ class MonascaShell(object):
                'token': token,
                'insecure': args.insecure,
                'timeout': args.timeout,
-                'ca_file': args.ca_file,
+                'os_cacert': args.os_cacert,
                'cert_file': args.cert_file,
                'key_file': args.key_file,
                'username': args.os_username,