openstack/python-swiftclient
Code Issues Proposed changes

Merge "Add --insecure option to fix bug #1077869"

Browse Source
This commit is contained in:
Jenkins
2012-12-09 09:19:33 +00:00
committed by Gerrit Code Review
parent 1662cbd0a3 6a4dc039ff
commit 7df9cadbf0
4 changed files with 59 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bin/swift
View File

@@ -41,7 +41,8 @@ def get_conn(options):
options.key, options.key,
auth_version=options.auth_version, auth_version=options.auth_version,
os_options=options.os_options, os_options=options.os_options,
snet=options.snet) snet=options.snet,
insecure=options.insecure)
def mkdirs(path): def mkdirs(path):
@@ -1143,6 +1144,11 @@ Example:
default=environ.get('OS_ENDPOINT_TYPE'), default=environ.get('OS_ENDPOINT_TYPE'),
help='Openstack Endpoint type. ' \ help='Openstack Endpoint type. ' \
'Defaults to env[OS_ENDPOINT_TYPE]') 'Defaults to env[OS_ENDPOINT_TYPE]')
parser.add_option('--insecure',
action="store_true", dest="insecure", default=False,
help='Allow swiftclient to access insecure keystone '
'server. The keystone\'s certificate will not '
'be verified.')
parser.disable_interspersed_args() parser.disable_interspersed_args()
(options, args) = parse_args(parser, argv[1:], enforce_requires=False) (options, args) = parse_args(parser, argv[1:], enforce_requires=False)
parser.enable_interspersed_args() parser.enable_interspersed_args()

19
swiftclient/client.py
View File

@@ -232,12 +232,15 @@ def get_auth_1_0(url, user, key, snet):
resp.getheader('x-auth-token')) resp.getheader('x-auth-token'))
def get_keystoneclient_2_0(auth_url, user, key, os_options): def get_keystoneclient_2_0(auth_url, user, key, os_options, **kwargs):
""" """
Authenticate against a auth 2.0 server. Authenticate against a auth 2.0 server.
We are using the keystoneclient library for our 2.0 authentication. We are using the keystoneclient library for our 2.0 authentication.
""" """
insecure = kwargs.get('insecure', False)
from keystoneclient.v2_0 import client as ksclient from keystoneclient.v2_0 import client as ksclient
from keystoneclient import exceptions from keystoneclient import exceptions
try: try:
@@ -245,7 +248,7 @@ def get_keystoneclient_2_0(auth_url, user, key, os_options):
password=key, password=key,
tenant_name=os_options.get('tenant_name'), tenant_name=os_options.get('tenant_name'),
tenant_id=os_options.get('tenant_id'), tenant_id=os_options.get('tenant_id'),
auth_url=auth_url) auth_url=auth_url, insecure=insecure)
except exceptions.Unauthorized: except exceptions.Unauthorized:
raise ClientException('Unauthorised. Check username, password' raise ClientException('Unauthorised. Check username, password'
' and tenant name/id') ' and tenant name/id')
@@ -308,8 +311,10 @@ def get_auth(auth_url, user, key, **kwargs):
if (not 'tenant_name' in os_options): if (not 'tenant_name' in os_options):
raise ClientException('No tenant specified') raise ClientException('No tenant specified')
insecure = kwargs.get('insecure', False)
(auth_url, token) = get_keystoneclient_2_0(auth_url, user, (auth_url, token) = get_keystoneclient_2_0(auth_url, user,
key, os_options) key, os_options,
insecure=insecure)
return (auth_url, token) return (auth_url, token)
raise ClientException('Unknown auth_version %s specified.' raise ClientException('Unknown auth_version %s specified.'
@@ -927,7 +932,7 @@ class Connection(object):
def __init__(self, authurl=None, user=None, key=None, retries=5, def __init__(self, authurl=None, user=None, key=None, retries=5,
preauthurl=None, preauthtoken=None, snet=False, preauthurl=None, preauthtoken=None, snet=False,
starting_backoff=1, tenant_name=None, os_options=None, starting_backoff=1, tenant_name=None, os_options=None,
auth_version="1"): auth_version="1", insecure=False):
""" """
:param authurl: authentication URL :param authurl: authentication URL
:param user: user name to authenticate as :param user: user name to authenticate as
@@ -944,6 +949,8 @@ class Connection(object):
:param os_options: The OpenStack options which can have tenant_id, :param os_options: The OpenStack options which can have tenant_id,
auth_token, service_type, endpoint_type, auth_token, service_type, endpoint_type,
tenant_name, object_storage_url, region_name tenant_name, object_storage_url, region_name
:param insecure: Allow to access insecure keystone server.
The keystone's certificate will not be verified.
""" """
self.authurl = authurl self.authurl = authurl
self.user = user self.user = user
@@ -959,6 +966,7 @@ class Connection(object):
self.os_options = os_options or {} self.os_options = os_options or {}
if tenant_name: if tenant_name:
self.os_options['tenant_name'] = tenant_name self.os_options['tenant_name'] = tenant_name
self.insecure = insecure
def get_auth(self): def get_auth(self):
return get_auth(self.authurl, return get_auth(self.authurl,
@@ -966,7 +974,8 @@ class Connection(object):
self.key, self.key,
snet=self.snet, snet=self.snet,
auth_version=self.auth_version, auth_version=self.auth_version,
os_options=self.os_options) os_options=self.os_options,
insecure=self.insecure)
def http_connection(self): def http_connection(self):
return http_connection(self.url) return http_connection(self.url)

29
tests/test_swiftclient.py
View File

@@ -265,6 +265,35 @@ class TestGetAuth(MockHttpTest):
os_options={}, os_options={},
auth_version='2.0') auth_version='2.0')
def test_auth_v2_insecure(self):
os_options = {'tenant_name': 'foo'}
c.get_keystoneclient_2_0 = fake_get_keystoneclient_2_0(
os_options,
None)
auth_url_secure = 'https://www.tests.com'
auth_url_insecure = 'https://www.tests.com/invalid-certificate'
url, token = c.get_auth(auth_url_secure, 'asdf', 'asdf',
os_options=os_options, auth_version='2.0')
self.assertTrue(url.startswith("http"))
self.assertTrue(token)
url, token = c.get_auth(auth_url_insecure, 'asdf', 'asdf',
os_options=os_options, auth_version='2.0',
insecure=True)
self.assertTrue(url.startswith("http"))
self.assertTrue(token)
self.assertRaises(c.ClientException, c.get_auth,
auth_url_insecure, 'asdf', 'asdf',
os_options=os_options, auth_version='2.0')
self.assertRaises(c.ClientException, c.get_auth,
auth_url_insecure, 'asdf', 'asdf',
os_options=os_options, auth_version='2.0',
insecure=False)
class TestGetAccount(MockHttpTest): class TestGetAccount(MockHttpTest):
def test_no_content(self): def test_no_content(self):

11
tests/utils.py
View File

@@ -16,15 +16,22 @@ from httplib import HTTPException
from eventlet import Timeout, sleep from eventlet import Timeout, sleep
def fake_get_keystoneclient_2_0(os_options, exc=None): def fake_get_keystoneclient_2_0(os_options, exc=None, **kwargs):
def fake_get_keystoneclient_2_0(auth_url, def fake_get_keystoneclient_2_0(auth_url,
user, user,
key, key,
actual_os_options): actual_os_options, **actual_kwargs):
if exc: if exc:
raise exc('test') raise exc('test')
if actual_os_options != os_options: if actual_os_options != os_options:
return "", None return "", None
if auth_url.startswith("https") and \
auth_url.endswith("invalid-certificate") and \
not actual_kwargs['insecure']:
from swiftclient import client as c
raise c.ClientException("invalid-certificate")
return ("http://url/", "token") return ("http://url/", "token")
return fake_get_keystoneclient_2_0 return fake_get_keystoneclient_2_0