Specify the cacert file in the verify option when in secure mode
When running in secure mode we want to set the "verify" option to the path to the cacert file Tests: 1° I generate a certificate using the documentation and installed on the controller (activate https), I got the ca cert and I set up a remote cli pointing to a DC and I exported the certificate in a variable OS_CACERT to the client get it, I ran some commands from DC. 2° I passed a flag insecure to execute the dcmanager client in a insecure mode 3° Built an ISO to check if something broke and installed on DC using VDM to check if the dcmanager keeps the current behavior Note: I think is a good ideia to plan a standardization of the clients mainly the keystone (authentication) part This change is based on the documentation of the requests documentation https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification Closes-bug: 1927723 Signed-off-by: Rafael Jordão Jardim <RafaelJordao.Jardim@windriver.com> Change-Id: I4221657b97592b319b3fbf54b5b8c6d325ec9aa3
This commit is contained in:
parent
0ed351f715
commit
d52a908008
@ -61,8 +61,10 @@ class HTTPClient(object):
|
|||||||
LOG.warning('Client is set to not verify even though '
|
LOG.warning('Client is set to not verify even though '
|
||||||
'cacert is provided.')
|
'cacert is provided.')
|
||||||
|
|
||||||
self.ssl_options['verify'] = not insecure
|
if insecure:
|
||||||
self.ssl_options['cert'] = cacert
|
self.ssl_options['verify'] = False
|
||||||
|
else:
|
||||||
|
self.ssl_options['verify'] = True if not cacert else cacert
|
||||||
|
|
||||||
@log_request
|
@log_request
|
||||||
def get(self, url, headers=None):
|
def get(self, url, headers=None):
|
||||||
|
Loading…
Reference in New Issue
Block a user