Fix --insecure option on auth
Change-Id: Ibe76d98d6075b84cbdb370b48f3498ab848142ad
This commit is contained in:
parent
19d7e1812a
commit
79f189a593
@ -156,7 +156,7 @@ class HTTPConnection:
|
||||
if self.parsed_url.scheme not in ('http', 'https'):
|
||||
raise ClientException("Unsupported scheme")
|
||||
self.requests_args['verify'] = not insecure
|
||||
if cacert:
|
||||
if cacert and not insecure:
|
||||
# verify requests parameter is used to pass the CA_BUNDLE file
|
||||
# see: http://docs.python-requests.org/en/latest/user/advanced/
|
||||
self.requests_args['verify'] = cacert
|
||||
@ -219,8 +219,9 @@ def http_connection(*arg, **kwarg):
|
||||
return conn.parsed_url, conn
|
||||
|
||||
|
||||
def get_auth_1_0(url, user, key, snet):
|
||||
parsed, conn = http_connection(url)
|
||||
def get_auth_1_0(url, user, key, snet, **kwargs):
|
||||
insecure = kwargs.get('insecure', False)
|
||||
parsed, conn = http_connection(url, insecure=insecure)
|
||||
method = 'GET'
|
||||
conn.request(method, parsed.path, '',
|
||||
{'X-Auth-User': user, 'X-Auth-Key': key})
|
||||
@ -307,11 +308,13 @@ def get_auth(auth_url, user, key, **kwargs):
|
||||
os_options = kwargs.get('os_options', {})
|
||||
|
||||
storage_url, token = None, None
|
||||
insecure = kwargs.get('insecure', False)
|
||||
if auth_version in ['1.0', '1', 1]:
|
||||
storage_url, token = get_auth_1_0(auth_url,
|
||||
user,
|
||||
key,
|
||||
kwargs.get('snet'))
|
||||
kwargs.get('snet'),
|
||||
insecure=insecure)
|
||||
elif auth_version in ['2.0', '2', 2]:
|
||||
# We are allowing to specify a token/storage-url to re-use
|
||||
# without having to re-authenticate.
|
||||
@ -335,7 +338,6 @@ def get_auth(auth_url, user, key, **kwargs):
|
||||
if (not 'tenant_name' in os_options):
|
||||
raise ClientException('No tenant specified')
|
||||
|
||||
insecure = kwargs.get('insecure', False)
|
||||
cacert = kwargs.get('cacert', None)
|
||||
storage_url, token = get_keystoneclient_2_0(auth_url, user,
|
||||
key, os_options,
|
||||
@ -1101,8 +1103,8 @@ class Connection(object):
|
||||
:param os_options: The OpenStack options which can have tenant_id,
|
||||
auth_token, service_type, endpoint_type,
|
||||
tenant_name, object_storage_url, region_name
|
||||
:param insecure: Allow to access insecure keystone server.
|
||||
The keystone's certificate will not be verified.
|
||||
:param insecure: Allow to access servers without checking SSL certs.
|
||||
The server's certificate will not be verified.
|
||||
:param ssl_compression: Whether to enable compression at the SSL layer.
|
||||
If set to 'False' and the pyOpenSSL library is
|
||||
present an attempt to disable SSL compression
|
||||
|
@ -117,6 +117,9 @@ class MockHttpTest(testtools.TestCase):
|
||||
def request(method, url, *args, **kwargs):
|
||||
if query_string:
|
||||
self.assertTrue(url.endswith('?' + query_string))
|
||||
if url.endswith('invalid_cert') and not insecure:
|
||||
from swiftclient import client as c
|
||||
raise c.ClientException("invalid_certificate")
|
||||
return
|
||||
conn.request = request
|
||||
|
||||
@ -223,11 +226,25 @@ class TestGetAuth(MockHttpTest):
|
||||
auth_version="foo")
|
||||
|
||||
def test_auth_v1(self):
|
||||
c.http_connection = self.fake_http_connection(200)
|
||||
c.http_connection = self.fake_http_connection(200, auth_v1=True)
|
||||
url, token = c.get_auth('http://www.test.com', 'asdf', 'asdf',
|
||||
auth_version="1.0")
|
||||
self.assertEqual(url, None)
|
||||
self.assertEqual(token, None)
|
||||
self.assertEqual(url, 'storageURL')
|
||||
self.assertEqual(token, 'someauthtoken')
|
||||
|
||||
def test_auth_v1_insecure(self):
|
||||
c.http_connection = self.fake_http_connection(200, auth_v1=True)
|
||||
url, token = c.get_auth('http://www.test.com/invalid_cert',
|
||||
'asdf', 'asdf',
|
||||
auth_version='1.0',
|
||||
insecure=True)
|
||||
self.assertEqual(url, 'storageURL')
|
||||
self.assertEqual(token, 'someauthtoken')
|
||||
|
||||
self.assertRaises(c.ClientException, c.get_auth,
|
||||
'http://www.test.com/invalid_cert',
|
||||
'asdf', 'asdf',
|
||||
auth_version='1.0')
|
||||
|
||||
def test_auth_v2(self):
|
||||
os_options = {'tenant_name': 'asdf'}
|
||||
|
@ -100,6 +100,10 @@ def fake_http_connect(*code_iter, **kwargs):
|
||||
headers['content-length'] = '4'
|
||||
if 'headers' in kwargs:
|
||||
headers.update(kwargs['headers'])
|
||||
if 'auth_v1' in kwargs:
|
||||
headers.update(
|
||||
{'x-storage-url': 'storageURL',
|
||||
'x-auth-token': 'someauthtoken'})
|
||||
return headers.items()
|
||||
|
||||
def read(self, amt=None):
|
||||
|
Loading…
x
Reference in New Issue
Block a user