Merge "Align cert, key, cacert and verify with requests"

2015-03-06 00:45:18 +00:00 · 2015-03-06 00:45:18 +00:00 · 0249fa1259
parent 91bc986981 4ad95b3385
commit 0249fa1259
1 changed files with 46 additions and 8 deletions
--- a/shade/init.py
+++ b/shade/init.py
@ -15,6 +15,7 @@
 import hashlib
 import logging
 import operator
+import os
 import time

 from cinderclient.v1 import client as cinder_client
@ -106,10 +107,40 @@ def _iterate_timeout(timeout, message):


 class OpenStackCloud(object):
+    """Represent a connection to an OpenStack Cloud.
+
+    OpenStackCloud is the entry point for all cloud operations, regardless
+    of which OpenStack service those operations may ultimately come from.
+    The operations on an OpenStackCloud are resource oriented rather than
+    REST API operation oriented. For instance, one will request a Floating IP
+    and that Floating IP will be actualized either via neutron or via nova
+    depending on how this particular cloud has decided to arrange itself.
+
+    :param cloud: A Cloud Configuration object, obtained from os-client-config
+    :type cloud: :py:class:`os_client_config.config.OpenStackConfig`
+    :param string region: The region of the cloud that all operations should
+                          be performed against.
+    :param string auth_plugin: The name of the keystone auth_plugin to be used
+    :param bool verify: The verification arguments to pass to requests. True
+                        tells requests to verify SSL requests, False to not
+                        verify. (optional, defaults to True)
+    :param string cacert: A path to a CA Cert bundle that can be used as part
+                          of verifying SSL requests. If this is set, verify
+                          is set to True. (optional)
+    :param string cert: A path to a client certificate to pass to requests.
+                        (optional)
+    :param string key: A path to a client key to pass to requests. (optional)
+    :param bool debug: Enable or disable debug logging (optional, defaults to
+                       False)
+    :param int cache_interval: How long to cache items fetched from the cloud.
+                               Value will be passed to dogpile.cache. None
+                               means to just use the default in dogpile.cache.
+                               (optional, defaults to None)
+    """

    def __init__(self, cloud, region='',
                 auth_plugin='password',
-                 insecure=False, verify=None, cacert=None, cert=None, key=None,
+                 verify=True, cacert=None, cert=None, key=None,
                 debug=False, cache_interval=None, **kwargs):

        self.name = cloud
@ -129,15 +160,22 @@ class OpenStackCloud(object):
        self.endpoint_type = kwargs.get('endpoint_type', 'publicURL')
        self.private = kwargs.get('private', False)

-        if verify is None:
-            if insecure:
-                verify = False
-            else:
-                verify = cacert or True
+        if cacert:
+            if not os.path.exists(cacert):
+                raise OpenStackCloudException(
+                    "CA Cert {0} does not exist".format(cacert))
+            verify = cacert
        self.verify = verify

-        if cert and key:
-            cert = (cert, key)
+        if cert:
+            if not os.path.exists(cert):
+                raise OpenStackCloudException(
+                    "Client Cert {0} does not exist".format(cert))
+            if key:
+                if not os.path.exists(key):
+                    raise OpenStackCloudException(
+                        "Client key {0} does not exist".format(key))
+                cert = (cert, key)
        self.cert = cert

        self._cache = cache.make_region().configure(