python-ironicclient

OS_CACERT env var not respected

Bug #1463581 reported by Ben Nemec on 2015-06-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-ironicclient	Fix Released	Low	Ben Nemec	python-ironicclient 0.8.0 "0.8.0"

Bug Description

Ran across an issue recently trying to use Ironic behind SSL with a self-signed cert where it doesn't seem to respect the OS_CACERT env var:

[centos@instack-undercloud ~]$ env | grep OS_CACERT
OS_CACERT=/home/centos/test.pem
[centos@instack-undercloud ~]$ ironic node-list
SSL exception connecting to https://192.0.2.2:13000/v2.0/tokens: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[centos@instack-undercloud ~]$ ironic --os-cacert ./test.pem node-list
+------+------+---------------+-------------+-----------------+-------------+
| UUID | Name | Instance UUID | Power State | Provision State | Maintenance |
+------+------+---------------+-------------+-----------------+-------------+
+------+------+---------------+-------------+-----------------+-------------+

I think I've tracked this down to an issue with how argparse handles dest overrides for the deprecated name of --os-cacert. In ironicclient, the deprecated form of the opt is registered with a dest of os_cacert, then later the current name is registered using a keystoneclient function. Unfortunately this seems to cause the deprecated opt's default to override the current opt's default. A minimal example can be seen here:

parser = argparse.ArgumentParser()
# Hypothetical deprecated param being redirected to new name
parser.add_argument('--foo', dest='bar')
# New name that should take precedence over the deprecated one
parser.add_argument('--bar', default='baz')
args = parser.parse_args()
print args

Results in the output:
[bnemec@RedHat scripts]$ ./test.py
Namespace(bar=None)

Inverting the registration order makes it work as expected:
[bnemec@RedHat scripts]$ ./test.py
Namespace(bar='baz')

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-09: Fix proposed to python-ironicclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/189952

Changed in python-ironicclient:
assignee:	nobody → Ben Nemec (bnemec)
status:	New → In Progress

Dmitry Tantsur (divius) on 2015-06-15

Changed in python-ironicclient:
importance:	Undecided → Low

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-16: Fix merged to python-ironicclient (master)

Reviewed: https://review.openstack.org/189952
Committed: https://git.openstack.org/cgit/openstack/python-ironicclient/commit/?id=e6ae41c537fe8bec300937df5c4392816f60e426
Submitter: Jenkins
Branch: master

commit e6ae41c537fe8bec300937df5c4392816f60e426
Author: Ben Nemec <email address hidden>
Date: Tue Jun 9 22:45:30 2015 +0000

    As described in the referenced bug, registering the Keystone args
    last causes their default values to be ignored. Registering them
    first seems to prevent the problem.

Change-Id: I8eb7882a0153fedbd6591dde2157df13fa2e5ba3
Closes-Bug: 1463581

Changed in python-ironicclient:
status:	In Progress → Fix Committed

Doug Hellmann (doug-hellmann) on 2015-09-02

Changed in python-ironicclient:
milestone:	none → 0.8.0
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.