Add support to --insecure parameter in fmclient

current fmclient does not support --insecure parameter and this cause that fm command doesn't work when endpoint is configured with private signed certificates. Closes-Bug: 1958262 Test Plan: PASS: configure endpoint with private signed certificates and run rm command with --insecure to get the alarm-list. PASS: set FMCLIENT_INSECURE=true environment variable and run fm alarm-list. Signed-off-by: Giana Francisco <francisco.giana@windriver.com> Change-Id: I2c2a33d24fb544147bd02fda2e0a89eafd48c818
2022-01-17 16:28:14 -03:00 · 2022-01-17 16:28:14 -03:00 · f0b7677999
parent e9ba02ab5c
commit f0b7677999
3 changed files with 29 additions and 6 deletions
--- a/python-fmclient/fmclient/fmclient/client.py
+++ b/python-fmclient/fmclient/fmclient/client.py
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018 Wind River Systems, Inc.
+# Copyright (c) 2018-2022 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -20,7 +20,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None,
               region_name=None, timeout=None,
               user_domain_id=None, user_domain_name=None,
               project_domain_id=None, project_domain_name=None,
-               service_type=SERVICE_TYPE, endpoint_type=None,
+               service_type=SERVICE_TYPE, endpoint_type=None, insecure=None,
               **ignored_kwargs):
    """Get an authenticated client, based on the credentials."""
    kwargs = {}
@ -62,7 +62,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None,
            loader = loading.get_plugin_loader(auth_type)
            auth_plugin = loader.load_from_options(**auth_kwargs)
            session = loading.session.Session().load_from_options(
-                auth=auth_plugin, timeout=timeout)
+                auth=auth_plugin, timeout=timeout, insecure=insecure)

    exception_msg = _('Must provide Keystone credentials or user-defined '
                      'endpoint and token')
@ -86,6 +86,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None,
    kwargs['service_type'] = service_type
    kwargs['interface'] = interface
    kwargs['version'] = version
+    kwargs['insecure'] = insecure

    fm_module = importutils.import_versioned_module('fmclient',
                                                    version, 'client')
--- a/python-fmclient/fmclient/fmclient/common/http.py
+++ b/python-fmclient/fmclient/fmclient/common/http.py
@ -28,7 +28,6 @@ from oslo_utils import netutils
 import requests
 import OpenSSL

-
 from fmclient.common import utils
 from fmclient.common import exceptions as exc

@ -318,6 +317,9 @@ class SessionClient(adapter.Adapter, _BaseHTTPClient):

    def __init__(self, session, **kwargs):
        kwargs.setdefault('user_agent', USER_AGENT)
+        insecure = kwargs.pop('insecure', False)
+        if insecure:
+            session.verify = False
        self.global_request_id = kwargs.pop('global_request_id', None)
        super(SessionClient, self).__init__(session, **kwargs)

--- a/python-fmclient/fmclient/fmclient/shell.py
+++ b/python-fmclient/fmclient/fmclient/shell.py
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018 Wind River Systems, Inc.
+# Copyright (c) 2018-2022 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -12,6 +12,7 @@ from __future__ import print_function
 import argparse
 import httplib2
 import logging
+import os
 import sys
 from oslo_utils import importutils

@ -21,6 +22,18 @@ from fmclient import exc
 from fmclient import client


+def env(*args, **kwargs):
+    """Returns the first environment variable set.
+
+    If all are empty, defaults to '' or keyword arg `default`.
+    """
+    for arg in args:
+        value = os.environ.get(arg)
+        if value:
+            return value
+    return kwargs.get('default', '')
+
+
 class FmShell(object):

    def get_base_parser(self):
@ -165,6 +178,13 @@ class FmShell(object):
                            default=utils.env('OS_PROJECT_DOMAIN_NAME'),
                            help='Defaults to env[OS_PROJECT_DOMAIN_NAME].')

+        parser.add_argument('--insecure',
+                            action='store_true',
+                            dest='insecure',
+                            default=env('FMCLIENT_INSECURE', default=False),
+                            help='Disables SSL/TLS certificate verification '
+                                 '(Env: FMCLIENT_INSECURE)')
+
        return parser

    def get_subcommand_parser(self, version):
@ -259,7 +279,7 @@ class FmShell(object):
            'os_tenant_name', 'os_region_name', 'os_user_domain_id',
            'os_user_domain_name', 'os_project_domain_id',
            'os_project_domain_name', 'os_service_type', 'os_endpoint_type',
-            'timeout'
+            'timeout', 'insecure'
        )
        kwargs = {}
        for key in client_args: