From 3379be986a52009830182152fd1b4182e45cecf0 Mon Sep 17 00:00:00 2001 From: Andy Ning <andy.ning@windriver.com> Date: Thu, 30 Jun 2022 16:48:33 -0400 Subject: [PATCH] cgtsclient handle certificate related options properly Currently cgtsclient ignores "-k/--insecure", "--ca-file", "--cert-file" and ""--key-file" options. In order for command such as "system host-list" to work over HTTPS, OS_CACERT env variable has to be set. This change updated cgtsclient to accept and properly handle the ignored options. Test Plan: PASS: remote cli docker image build PASS: from remote cli environment, successfully run the "system host-list" commands with the 4 options over HTTPS. Closes-Bug: 1980417 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: Iae03ac60188157cb726e6e12ba2209eff6b7e1e1 --- .../cgts-client/cgts-client/cgtsclient/client.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/client.py b/sysinv/cgts-client/cgts-client/cgtsclient/client.py index d16cb23983..72dd40588e 100644 --- a/sysinv/cgts-client/cgts-client/cgtsclient/client.py +++ b/sysinv/cgts-client/cgts-client/cgtsclient/client.py @@ -34,6 +34,9 @@ def _make_session(**kwargs): * os_project_domain_name: name of a domain the project belongs to * os_project_domain_id: ID of a domain the project belongs to * timeout: request timeout (in seconds) + * ca_file: trusted CA file + * cert_file: client certificate file + * key_file: client key file """ session = None if (kwargs.get('os_username') and @@ -67,10 +70,19 @@ def _make_session(**kwargs): # construct the appropriate session timeout = kwargs.get('timeout') + insecure = kwargs.get('insecure') + cacert = kwargs.get('ca_file') + cert = kwargs.get('cert_file') + key = kwargs.get('key_file') + loader = loading.get_plugin_loader(auth_type) auth_plugin = loader.load_from_options(**auth_kwargs) session = loading.session.Session().load_from_options(auth=auth_plugin, - timeout=timeout) + timeout=timeout, + insecure=insecure, + cacert=cacert, + cert=cert, + key=key) # session could still be None return session