Enable SSL-related CLI opts

Most OpenStack clients support a common set of SSL options, such as os-cacert, os-cert, and os-key. This change uses keystoneclient.session.register_cli_opts to add those to the argument parser and passes the resulting values to the Keystone client so they take effect. Change-Id: I24c2c2fa5be51590cc2d8a9278563dd4f7ba091d
2015-06-10 17:19:51 +00:00 · 2015-06-10 17:19:51 +00:00 · 00c3de2a03
commit 00c3de2a03
parent 47fdee09d0
6 changed files with 48 additions and 9 deletions
--- a/tuskarclient/client.py
+++ b/tuskarclient/client.py
@ -41,6 +41,9 @@ def get_client(api_version, **kwargs):
        'token': kwargs.get('os_auth_token'),
        'auth_url': kwargs.get('os_auth_url'),
        'endpoint': kwargs.get('tuskar_url'),
+        'cacert': kwargs.get('os_cacert'),
+        'cert': kwargs.get('os_cert'),
+        'key': kwargs.get('os_key'),
    }
    client = Client(api_version, **cli_kwargs)
    # If we have a client, return it
@ -55,12 +58,6 @@ def Client(version, **kwargs):
    client_class = apiclient.BaseClient.get_class('tuskarclient',
                                                  version,
                                                  VERSION_MAP)
-    keystone_auth = auth.KeystoneAuthPlugin(
-        username=kwargs.get('username'),
-        password=kwargs.get('password'),
-        tenant_name=kwargs.get('tenant_name'),
-        token=kwargs.get('token'),
-        auth_url=kwargs.get('auth_url'),
-        endpoint=kwargs.get('endpoint'))
+    keystone_auth = auth.KeystoneAuthPlugin(**kwargs)
    http_client = apiclient.HTTPClient(keystone_auth)
    return client_class(http_client)
--- a/tuskarclient/common/auth.py
+++ b/tuskarclient/common/auth.py
@ -24,6 +24,9 @@ class KeystoneAuthPlugin(auth.BaseAuthPlugin):
        "token",
        "auth_url",
        "endpoint",
+        "cacert",
+        "cert",
+        "key",
    ]

    def _do_authenticate(self, httpclient):
@ -34,6 +37,9 @@ class KeystoneAuthPlugin(auth.BaseAuthPlugin):
                'tenant_id': self.opts.get('tenant_id'),
                'tenant_name': self.opts.get('tenant_name'),
                'auth_url': self.opts.get('auth_url'),
+                'cacert': self.opts.get('cacert'),
+                'cert': self.opts.get('cert'),
+                'key': self.opts.get('key'),
            }

            self._ksclient = ksclient.Client(**ks_kwargs)
--- a/tuskarclient/shell.py
+++ b/tuskarclient/shell.py
@ -21,6 +21,7 @@ import logging
 import logging.handlers
 import sys

+from keystoneclient import session as kssession
 import six

 import tuskarclient
@ -215,6 +216,8 @@ class TuskarShell(object):
        parser.add_argument('--tuskar_api_version',
                            help=argparse.SUPPRESS)

+        kssession.Session.register_cli_options(parser)
+
        return parser

    @utils.arg(
--- a/tuskarclient/tests/common/test_auth.py
+++ b/tuskarclient/tests/common/test_auth.py
@ -38,7 +38,33 @@ class KeystoneAuthPluginTest(test_utils.TestCase):
            password="fake-password",
            tenant_id="fake-tenant-id",
            tenant_name="fake-tenant-name",
-            auth_url="http://auth")
+            auth_url="http://auth",
+            cacert=None,
+            cert=None,
+            key=None)
+
+    def test_authenticate_with_ssl(self, mock_ksclient):
+        plugin = auth.KeystoneAuthPlugin(
+            username="fake-username",
+            password="fake-password",
+            tenant_id="fake-tenant-id",
+            tenant_name="fake-tenant-name",
+            auth_url="http://auth",
+            endpoint="http://tuskar",
+            cacert="/fake/cacert.pem",
+            cert="/fake/cert.pem",
+            key="/fake/key.pem")
+        self.cs = client.HTTPClient(auth_plugin=plugin)
+        self.cs.authenticate()
+        mock_ksclient.assert_called_with(
+            username="fake-username",
+            password="fake-password",
+            tenant_id="fake-tenant-id",
+            tenant_name="fake-tenant-name",
+            auth_url="http://auth",
+            cacert="/fake/cacert.pem",
+            cert="/fake/cert.pem",
+            key="/fake/key.pem")

    def test_token_and_endpoint(self, mock_ksclient):
        self.cs.authenticate()
--- a/tuskarclient/tests/test_client.py
+++ b/tuskarclient/tests/test_client.py
@ -28,6 +28,9 @@ class ClientGetClientTest(tutils.TestCase):
            'os_auth_token': 'os_auth_token',
            'os_auth_url': 'os_auth_url',
            'tuskar_url': 'tuskar_url',
+            'os_cacert': 'os_cacert',
+            'os_cert': 'os_cert',
+            'os_key': 'os_key',
        }
        self.client_kwargs = {
            'username': 'os_username',
@ -35,7 +38,10 @@ class ClientGetClientTest(tutils.TestCase):
            'tenant_name': 'os_tenant_name',
            'token': 'os_auth_token',
            'auth_url': 'os_auth_url',
-            'endpoint': 'tuskar_url'
+            'endpoint': 'tuskar_url',
+            'cacert': 'os_cacert',
+            'cert': 'os_cert',
+            'key': 'os_key',
        }
        self.api_version = 2

--- a/tuskarclient/tests/test_shell.py
+++ b/tuskarclient/tests/test_shell.py
@ -20,6 +20,7 @@ class ShellTest(tutils.TestCase):
    args_attributes = [
        'os_username', 'os_password', 'os_tenant_name', 'os_tenant_id',
        'os_auth_url', 'os_auth_token', 'tuskar_url', 'tuskar_api_version',
+        'os_cacert', 'os_cert', 'os_key',
    ]

    def setUp(self):