Currently, httplib implementation does not support SSL certificate
verification. This patch fixes this. Note that ssl compression parameter
and 100-continue thing is still missing from requests, though those are
lower priority.
Requests now takes care of:
* proxy configuration (get_environ_proxies),
* chunked encoding (with data generator),
* bulk uploading (with files dictionary),
* SSL certificate verification (with 'insecure' and 'cacert' parameter).
This patch have been tested with requests 1.1.0 (CentOS 6) and requests
2.2.1 (current version).
Change-Id: Ib5de962f4102d57c71ad85fd81a615362ef175dc
Closes-Bug: #1199783
DocImpact
SecurityImpact
When --os-storage-url is specified on the command-line to bin/swift, it
will override the used storage URL regardless of authentication for both
authentication version 1 and version 2. This can be used to bypass a
load-balancer to hit a specific proxy server for testing/debugging
purposes.
Within the client library, this feature is accessed by passing the
desired storage URL into swiftclient.client.Conection.__init__() via the
os_options keyword argument. For example:
conn = Connection(auth_url, user, key, os_options={
'object_storage_url': 'http://overridden.storage.url/AUTH_foo'})
This patch also adds a dependency on mock>=0.8.0, which is the same as
openstack/swift.
Change-Id: Id2a36ed6abffd65e7762b6beea5bbfc6c036e848
The bug is simple: whenever swift uploads to a Swift with SSL,
it uses 100% CPU. It happens because we use HTTPSConnection from
eventlet that loops like that, while holding the interpreter lock.
Now, it could be fixed in eventlet, but let's try something more
natural: drop the eventlet's HTTP client. We do not use green
threads in the client anymore, so it's not like we need it for that.
Note that in most cases clients do not use the BufferedHTTPConnection
either, because it's only installed on Swift server nodes, not on
workstations. Get rid of that too.
bug: 959221
Change-Id: I1eb932779d4171598b3efaa043f817b9c6c995c4
Files test_swiftclient.py and utils.py had all pep8 errors
fixed.
Also added tests directory to tox.ini file, so that
pep8 would monitor tests directory by default.
Change-Id: Id60a2cd88bd814d1dcbeca951764c9d236500837
Fixes: bug #1158819
Add support to specify a ca certificate bundle to verify
keystone TLS (https) certificates. This only verifies
certificates on the keystone connection, swift https
connections are unchanged.
Change-Id: I14351b405af4fd3d1970ba6656c1282a5d0a1082
If enable this option , swift CLI is allowed to access a keystone
server with self signed certificate.
Change-Id: I5e219fe875b246b68ac51a077e7ff15e95463adf
Add --os-region-name (and OS_REGION_NAME env) to bin/swift
Add region_name to the os_options in Connection class.
bug 1019832
Change-Id: Id8515d97e5351638dce10581c7368f61518e1fa7
- This allows us to delegate all 2.0 authentication directly to the
library without reimplementing ourselves.
- Support reusing a token / storage-url without re-authenticating every
time via the switch os_storage_url os_auth_token.
- Allow auth via tenant_id instead of just tenant_name via the switch
os_tenant_id.
- Refactor a bit to make it easier in the future to add new OS features
(i.e: region).
- Implements blueprint use-keystoneclient-for-swiftclient.
- Fixes bug 1016641.
Change-Id: I532f38a68af884de25326aaac05a2050f5ffa1c7
