From 00c3de2a03a18575201f2d4da652b05694c0b471 Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Wed, 10 Jun 2015 17:19:51 +0000 Subject: [PATCH] Enable SSL-related CLI opts Most OpenStack clients support a common set of SSL options, such as os-cacert, os-cert, and os-key. This change uses keystoneclient.session.register_cli_opts to add those to the argument parser and passes the resulting values to the Keystone client so they take effect. Change-Id: I24c2c2fa5be51590cc2d8a9278563dd4f7ba091d --- tuskarclient/client.py | 11 ++++------ tuskarclient/common/auth.py | 6 ++++++ tuskarclient/shell.py | 3 +++ tuskarclient/tests/common/test_auth.py | 28 +++++++++++++++++++++++++- tuskarclient/tests/test_client.py | 8 +++++++- tuskarclient/tests/test_shell.py | 1 + 6 files changed, 48 insertions(+), 9 deletions(-) diff --git a/tuskarclient/client.py b/tuskarclient/client.py index 2adfd1d..abd9362 100644 --- a/tuskarclient/client.py +++ b/tuskarclient/client.py @@ -41,6 +41,9 @@ def get_client(api_version, **kwargs): 'token': kwargs.get('os_auth_token'), 'auth_url': kwargs.get('os_auth_url'), 'endpoint': kwargs.get('tuskar_url'), + 'cacert': kwargs.get('os_cacert'), + 'cert': kwargs.get('os_cert'), + 'key': kwargs.get('os_key'), } client = Client(api_version, **cli_kwargs) # If we have a client, return it @@ -55,12 +58,6 @@ def Client(version, **kwargs): client_class = apiclient.BaseClient.get_class('tuskarclient', version, VERSION_MAP) - keystone_auth = auth.KeystoneAuthPlugin( - username=kwargs.get('username'), - password=kwargs.get('password'), - tenant_name=kwargs.get('tenant_name'), - token=kwargs.get('token'), - auth_url=kwargs.get('auth_url'), - endpoint=kwargs.get('endpoint')) + keystone_auth = auth.KeystoneAuthPlugin(**kwargs) http_client = apiclient.HTTPClient(keystone_auth) return client_class(http_client) diff --git a/tuskarclient/common/auth.py b/tuskarclient/common/auth.py index 2e1cdba..cd47a4c 100644 --- a/tuskarclient/common/auth.py +++ b/tuskarclient/common/auth.py @@ -24,6 +24,9 @@ class KeystoneAuthPlugin(auth.BaseAuthPlugin): "token", "auth_url", "endpoint", + "cacert", + "cert", + "key", ] def _do_authenticate(self, httpclient): @@ -34,6 +37,9 @@ class KeystoneAuthPlugin(auth.BaseAuthPlugin): 'tenant_id': self.opts.get('tenant_id'), 'tenant_name': self.opts.get('tenant_name'), 'auth_url': self.opts.get('auth_url'), + 'cacert': self.opts.get('cacert'), + 'cert': self.opts.get('cert'), + 'key': self.opts.get('key'), } self._ksclient = ksclient.Client(**ks_kwargs) diff --git a/tuskarclient/shell.py b/tuskarclient/shell.py index f99cfe4..23d5181 100755 --- a/tuskarclient/shell.py +++ b/tuskarclient/shell.py @@ -21,6 +21,7 @@ import logging import logging.handlers import sys +from keystoneclient import session as kssession import six import tuskarclient @@ -215,6 +216,8 @@ class TuskarShell(object): parser.add_argument('--tuskar_api_version', help=argparse.SUPPRESS) + kssession.Session.register_cli_options(parser) + return parser @utils.arg( diff --git a/tuskarclient/tests/common/test_auth.py b/tuskarclient/tests/common/test_auth.py index 84503c8..0b40bf4 100644 --- a/tuskarclient/tests/common/test_auth.py +++ b/tuskarclient/tests/common/test_auth.py @@ -38,7 +38,33 @@ class KeystoneAuthPluginTest(test_utils.TestCase): password="fake-password", tenant_id="fake-tenant-id", tenant_name="fake-tenant-name", - auth_url="http://auth") + auth_url="http://auth", + cacert=None, + cert=None, + key=None) + + def test_authenticate_with_ssl(self, mock_ksclient): + plugin = auth.KeystoneAuthPlugin( + username="fake-username", + password="fake-password", + tenant_id="fake-tenant-id", + tenant_name="fake-tenant-name", + auth_url="http://auth", + endpoint="http://tuskar", + cacert="/fake/cacert.pem", + cert="/fake/cert.pem", + key="/fake/key.pem") + self.cs = client.HTTPClient(auth_plugin=plugin) + self.cs.authenticate() + mock_ksclient.assert_called_with( + username="fake-username", + password="fake-password", + tenant_id="fake-tenant-id", + tenant_name="fake-tenant-name", + auth_url="http://auth", + cacert="/fake/cacert.pem", + cert="/fake/cert.pem", + key="/fake/key.pem") def test_token_and_endpoint(self, mock_ksclient): self.cs.authenticate() diff --git a/tuskarclient/tests/test_client.py b/tuskarclient/tests/test_client.py index 7cd39a3..403bd27 100644 --- a/tuskarclient/tests/test_client.py +++ b/tuskarclient/tests/test_client.py @@ -28,6 +28,9 @@ class ClientGetClientTest(tutils.TestCase): 'os_auth_token': 'os_auth_token', 'os_auth_url': 'os_auth_url', 'tuskar_url': 'tuskar_url', + 'os_cacert': 'os_cacert', + 'os_cert': 'os_cert', + 'os_key': 'os_key', } self.client_kwargs = { 'username': 'os_username', @@ -35,7 +38,10 @@ class ClientGetClientTest(tutils.TestCase): 'tenant_name': 'os_tenant_name', 'token': 'os_auth_token', 'auth_url': 'os_auth_url', - 'endpoint': 'tuskar_url' + 'endpoint': 'tuskar_url', + 'cacert': 'os_cacert', + 'cert': 'os_cert', + 'key': 'os_key', } self.api_version = 2 diff --git a/tuskarclient/tests/test_shell.py b/tuskarclient/tests/test_shell.py index 549fbf7..c48c6cc 100644 --- a/tuskarclient/tests/test_shell.py +++ b/tuskarclient/tests/test_shell.py @@ -20,6 +20,7 @@ class ShellTest(tutils.TestCase): args_attributes = [ 'os_username', 'os_password', 'os_tenant_name', 'os_tenant_id', 'os_auth_url', 'os_auth_token', 'tuskar_url', 'tuskar_api_version', + 'os_cacert', 'os_cert', 'os_key', ] def setUp(self):