openstack/python-swiftclient
Code Issues Proposed changes

Fix --insecure option on auth

Browse Source 
Change-Id: Ibe76d98d6075b84cbdb370b48f3498ab848142ad
This commit is contained in:
John Dickinson
2014-02-13 23:33:01 -08:00
parent 19d7e1812a
commit 79f189a593
3 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
swiftclient/client.py
View File

@@ -156,7 +156,7 @@ class HTTPConnection:
if self.parsed_url.scheme not in ('http', 'https'): if self.parsed_url.scheme not in ('http', 'https'):
raise ClientException("Unsupported scheme") raise ClientException("Unsupported scheme")
self.requests_args['verify'] = not insecure self.requests_args['verify'] = not insecure
if cacert: if cacert and not insecure:
# verify requests parameter is used to pass the CA_BUNDLE file # verify requests parameter is used to pass the CA_BUNDLE file
# see: http://docs.python-requests.org/en/latest/user/advanced/ # see: http://docs.python-requests.org/en/latest/user/advanced/
self.requests_args['verify'] = cacert self.requests_args['verify'] = cacert
@@ -219,8 +219,9 @@ def http_connection(*arg, **kwarg):
return conn.parsed_url, conn return conn.parsed_url, conn
def get_auth_1_0(url, user, key, snet): def get_auth_1_0(url, user, key, snet, **kwargs):
parsed, conn = http_connection(url) insecure = kwargs.get('insecure', False)
parsed, conn = http_connection(url, insecure=insecure)
method = 'GET' method = 'GET'
conn.request(method, parsed.path, '', conn.request(method, parsed.path, '',
{'X-Auth-User': user, 'X-Auth-Key': key}) {'X-Auth-User': user, 'X-Auth-Key': key})
@@ -307,11 +308,13 @@ def get_auth(auth_url, user, key, **kwargs):
os_options = kwargs.get('os_options', {}) os_options = kwargs.get('os_options', {})
storage_url, token = None, None storage_url, token = None, None
insecure = kwargs.get('insecure', False)
if auth_version in ['1.0', '1', 1]: if auth_version in ['1.0', '1', 1]:
storage_url, token = get_auth_1_0(auth_url, storage_url, token = get_auth_1_0(auth_url,
user, user,
key, key,
kwargs.get('snet')) kwargs.get('snet'),
insecure=insecure)
elif auth_version in ['2.0', '2', 2]: elif auth_version in ['2.0', '2', 2]:
# We are allowing to specify a token/storage-url to re-use # We are allowing to specify a token/storage-url to re-use
# without having to re-authenticate. # without having to re-authenticate.
@@ -335,7 +338,6 @@ def get_auth(auth_url, user, key, **kwargs):
if (not 'tenant_name' in os_options): if (not 'tenant_name' in os_options):
raise ClientException('No tenant specified') raise ClientException('No tenant specified')
insecure = kwargs.get('insecure', False)
cacert = kwargs.get('cacert', None) cacert = kwargs.get('cacert', None)
storage_url, token = get_keystoneclient_2_0(auth_url, user, storage_url, token = get_keystoneclient_2_0(auth_url, user,
key, os_options, key, os_options,
@@ -1101,8 +1103,8 @@ class Connection(object):
:param os_options: The OpenStack options which can have tenant_id, :param os_options: The OpenStack options which can have tenant_id,
auth_token, service_type, endpoint_type, auth_token, service_type, endpoint_type,
tenant_name, object_storage_url, region_name tenant_name, object_storage_url, region_name
:param insecure: Allow to access insecure keystone server. :param insecure: Allow to access servers without checking SSL certs.
The keystone's certificate will not be verified. The server's certificate will not be verified.
:param ssl_compression: Whether to enable compression at the SSL layer. :param ssl_compression: Whether to enable compression at the SSL layer.
If set to 'False' and the pyOpenSSL library is If set to 'False' and the pyOpenSSL library is
present an attempt to disable SSL compression present an attempt to disable SSL compression

23
tests/test_swiftclient.py
View File

@@ -117,6 +117,9 @@ class MockHttpTest(testtools.TestCase):
def request(method, url, *args, **kwargs): def request(method, url, *args, **kwargs):
if query_string: if query_string:
self.assertTrue(url.endswith('?' + query_string)) self.assertTrue(url.endswith('?' + query_string))
if url.endswith('invalid_cert') and not insecure:
from swiftclient import client as c
raise c.ClientException("invalid_certificate")
return return
conn.request = request conn.request = request
@@ -223,11 +226,25 @@ class TestGetAuth(MockHttpTest):
auth_version="foo") auth_version="foo")
def test_auth_v1(self): def test_auth_v1(self):
c.http_connection = self.fake_http_connection(200) c.http_connection = self.fake_http_connection(200, auth_v1=True)
url, token = c.get_auth('http://www.test.com', 'asdf', 'asdf', url, token = c.get_auth('http://www.test.com', 'asdf', 'asdf',
auth_version="1.0") auth_version="1.0")
self.assertEqual(url, None) self.assertEqual(url, 'storageURL')
self.assertEqual(token, None) self.assertEqual(token, 'someauthtoken')
def test_auth_v1_insecure(self):
c.http_connection = self.fake_http_connection(200, auth_v1=True)
url, token = c.get_auth('http://www.test.com/invalid_cert',
'asdf', 'asdf',
auth_version='1.0',
insecure=True)
self.assertEqual(url, 'storageURL')
self.assertEqual(token, 'someauthtoken')
self.assertRaises(c.ClientException, c.get_auth,
'http://www.test.com/invalid_cert',
'asdf', 'asdf',
auth_version='1.0')
def test_auth_v2(self): def test_auth_v2(self):
os_options = {'tenant_name': 'asdf'} os_options = {'tenant_name': 'asdf'}

4
tests/utils.py
View File

@@ -100,6 +100,10 @@ def fake_http_connect(*code_iter, **kwargs):
headers['content-length'] = '4' headers['content-length'] = '4'
if 'headers' in kwargs: if 'headers' in kwargs:
headers.update(kwargs['headers']) headers.update(kwargs['headers'])
if 'auth_v1' in kwargs:
headers.update(
{'x-storage-url': 'storageURL',
'x-auth-token': 'someauthtoken'})
return headers.items() return headers.items()
def read(self, amt=None): def read(self, amt=None):