Fix --insecure option on auth

Change-Id: Ibe76d98d6075b84cbdb370b48f3498ab848142ad
2014-02-13 23:33:01 -08:00 · 2014-02-13 23:33:01 -08:00 · 79f189a593
commit 79f189a593
parent 19d7e1812a
3 changed files with 33 additions and 10 deletions
--- a/swiftclient/client.py
+++ b/swiftclient/client.py
@ -156,7 +156,7 @@ class HTTPConnection:
        if self.parsed_url.scheme not in ('http', 'https'):
            raise ClientException("Unsupported scheme")
        self.requests_args['verify'] = not insecure
-        if cacert:
+        if cacert and not insecure:
            # verify requests parameter is used to pass the CA_BUNDLE file
            # see: http://docs.python-requests.org/en/latest/user/advanced/
            self.requests_args['verify'] = cacert
@ -219,8 +219,9 @@ def http_connection(*arg, **kwarg):
    return conn.parsed_url, conn


-def get_auth_1_0(url, user, key, snet):
-    parsed, conn = http_connection(url)
+def get_auth_1_0(url, user, key, snet, **kwargs):
+    insecure = kwargs.get('insecure', False)
+    parsed, conn = http_connection(url, insecure=insecure)
    method = 'GET'
    conn.request(method, parsed.path, '',
                 {'X-Auth-User': user, 'X-Auth-Key': key})
@ -307,11 +308,13 @@ def get_auth(auth_url, user, key, **kwargs):
    os_options = kwargs.get('os_options', {})

    storage_url, token = None, None
+    insecure = kwargs.get('insecure', False)
    if auth_version in ['1.0', '1', 1]:
        storage_url, token = get_auth_1_0(auth_url,
                                          user,
                                          key,
-                                          kwargs.get('snet'))
+                                          kwargs.get('snet'),
+                                          insecure=insecure)
    elif auth_version in ['2.0', '2', 2]:
        # We are allowing to specify a token/storage-url to re-use
        # without having to re-authenticate.
@ -335,7 +338,6 @@ def get_auth(auth_url, user, key, **kwargs):
        if (not 'tenant_name' in os_options):
            raise ClientException('No tenant specified')

-        insecure = kwargs.get('insecure', False)
        cacert = kwargs.get('cacert', None)
        storage_url, token = get_keystoneclient_2_0(auth_url, user,
                                                    key, os_options,
@ -1101,8 +1103,8 @@ class Connection(object):
        :param os_options: The OpenStack options which can have tenant_id,
                           auth_token, service_type, endpoint_type,
                           tenant_name, object_storage_url, region_name
-        :param insecure: Allow to access insecure keystone server.
-                         The keystone's certificate will not be verified.
+        :param insecure: Allow to access servers without checking SSL certs.
+                         The server's certificate will not be verified.
        :param ssl_compression: Whether to enable compression at the SSL layer.
                                If set to 'False' and the pyOpenSSL library is
                                present an attempt to disable SSL compression
--- a/tests/test_swiftclient.py
+++ b/tests/test_swiftclient.py
@ -117,6 +117,9 @@ class MockHttpTest(testtools.TestCase):
                def request(method, url, *args, **kwargs):
                    if query_string:
                        self.assertTrue(url.endswith('?' + query_string))
+                    if url.endswith('invalid_cert') and not insecure:
+                        from swiftclient import client as c
+                        raise c.ClientException("invalid_certificate")
                    return
                conn.request = request

@ -223,11 +226,25 @@ class TestGetAuth(MockHttpTest):
                          auth_version="foo")

    def test_auth_v1(self):
-        c.http_connection = self.fake_http_connection(200)
+        c.http_connection = self.fake_http_connection(200, auth_v1=True)
        url, token = c.get_auth('http://www.test.com', 'asdf', 'asdf',
                                auth_version="1.0")
-        self.assertEqual(url, None)
-        self.assertEqual(token, None)
+        self.assertEqual(url, 'storageURL')
+        self.assertEqual(token, 'someauthtoken')
+
+    def test_auth_v1_insecure(self):
+        c.http_connection = self.fake_http_connection(200, auth_v1=True)
+        url, token = c.get_auth('http://www.test.com/invalid_cert',
+                                'asdf', 'asdf',
+                                auth_version='1.0',
+                                insecure=True)
+        self.assertEqual(url, 'storageURL')
+        self.assertEqual(token, 'someauthtoken')
+
+        self.assertRaises(c.ClientException, c.get_auth,
+                          'http://www.test.com/invalid_cert',
+                          'asdf', 'asdf',
+                          auth_version='1.0')

    def test_auth_v2(self):
        os_options = {'tenant_name': 'asdf'}
--- a/tests/utils.py
+++ b/tests/utils.py
@ -100,6 +100,10 @@ def fake_http_connect(*code_iter, **kwargs):
                headers['content-length'] = '4'
            if 'headers' in kwargs:
                headers.update(kwargs['headers'])
+            if 'auth_v1' in kwargs:
+                headers.update(
+                    {'x-storage-url': 'storageURL',
+                     'x-auth-token': 'someauthtoken'})
            return headers.items()

        def read(self, amt=None):