diff --git a/python-fmclient/fmclient/fmclient/client.py b/python-fmclient/fmclient/fmclient/client.py index 66aa959a..4ab246bf 100644 --- a/python-fmclient/fmclient/fmclient/client.py +++ b/python-fmclient/fmclient/fmclient/client.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2018 Wind River Systems, Inc. +# Copyright (c) 2018-2022 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -20,7 +20,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None, region_name=None, timeout=None, user_domain_id=None, user_domain_name=None, project_domain_id=None, project_domain_name=None, - service_type=SERVICE_TYPE, endpoint_type=None, + service_type=SERVICE_TYPE, endpoint_type=None, insecure=None, **ignored_kwargs): """Get an authenticated client, based on the credentials.""" kwargs = {} @@ -62,7 +62,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None, loader = loading.get_plugin_loader(auth_type) auth_plugin = loader.load_from_options(**auth_kwargs) session = loading.session.Session().load_from_options( - auth=auth_plugin, timeout=timeout) + auth=auth_plugin, timeout=timeout, insecure=insecure) exception_msg = _('Must provide Keystone credentials or user-defined ' 'endpoint and token') @@ -86,6 +86,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None, kwargs['service_type'] = service_type kwargs['interface'] = interface kwargs['version'] = version + kwargs['insecure'] = insecure fm_module = importutils.import_versioned_module('fmclient', version, 'client') diff --git a/python-fmclient/fmclient/fmclient/common/http.py b/python-fmclient/fmclient/fmclient/common/http.py index e7f451d1..555987f5 100644 --- a/python-fmclient/fmclient/fmclient/common/http.py +++ b/python-fmclient/fmclient/fmclient/common/http.py @@ -28,7 +28,6 @@ from oslo_utils import netutils import requests import OpenSSL - from fmclient.common import utils from fmclient.common import exceptions as exc @@ -318,6 +317,9 @@ class SessionClient(adapter.Adapter, _BaseHTTPClient): def __init__(self, session, **kwargs): kwargs.setdefault('user_agent', USER_AGENT) + insecure = kwargs.pop('insecure', False) + if insecure: + session.verify = False self.global_request_id = kwargs.pop('global_request_id', None) super(SessionClient, self).__init__(session, **kwargs) diff --git a/python-fmclient/fmclient/fmclient/shell.py b/python-fmclient/fmclient/fmclient/shell.py index 52e2071b..b20df4a3 100644 --- a/python-fmclient/fmclient/fmclient/shell.py +++ b/python-fmclient/fmclient/fmclient/shell.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2018 Wind River Systems, Inc. +# Copyright (c) 2018-2022 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -12,6 +12,7 @@ from __future__ import print_function import argparse import httplib2 import logging +import os import sys from oslo_utils import importutils @@ -21,6 +22,18 @@ from fmclient import exc from fmclient import client +def env(*args, **kwargs): + """Returns the first environment variable set. + + If all are empty, defaults to '' or keyword arg `default`. + """ + for arg in args: + value = os.environ.get(arg) + if value: + return value + return kwargs.get('default', '') + + class FmShell(object): def get_base_parser(self): @@ -165,6 +178,13 @@ class FmShell(object): default=utils.env('OS_PROJECT_DOMAIN_NAME'), help='Defaults to env[OS_PROJECT_DOMAIN_NAME].') + parser.add_argument('--insecure', + action='store_true', + dest='insecure', + default=env('FMCLIENT_INSECURE', default=False), + help='Disables SSL/TLS certificate verification ' + '(Env: FMCLIENT_INSECURE)') + return parser def get_subcommand_parser(self, version): @@ -259,7 +279,7 @@ class FmShell(object): 'os_tenant_name', 'os_region_name', 'os_user_domain_id', 'os_user_domain_name', 'os_project_domain_id', 'os_project_domain_name', 'os_service_type', 'os_endpoint_type', - 'timeout' + 'timeout', 'insecure' ) kwargs = {} for key in client_args: