murano --os-cacert (OS_CACERT) option does not work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-muranoclient |
Fix Released
|
Medium
|
Timur Nurlygayanov |
Bug Description
Option --os-cacert (OS_CACERT) for murano CLI client does not work properly, but option --ca-file does:
# murano --os-cacert /etc/haproxy/ca.pem environment-list
Error communicating with https:/
# echo $OS_CACERT
/etc/haproxy/ca.pem
# murano --ca-file /etc/haproxy/ca.pem environment-list
+----+-
| ID | Name | Created | Updated |
+----+-
+----+-
Option ca-file does not have environment variable analog. Also it would be better to make os-cacert option usable, because this is default CA path option/variable for other Openstack projects and we have the ability to specify it in openrc files (guarding clients from specifying --ca-file each time via CLI)
python-muranoclient - 0.5.5-fuel6.
affects: | murano → python-muranoclient |
Changed in python-muranoclient: | |
milestone: | liberty-3 → none |
milestone: | none → 0.6.4 |
Changed in python-muranoclient: | |
status: | Fix Committed → Fix Released |
Suggested changes (disable ca-file option at all replacing it by os-cacert):
--- common/http.py.orig 2015-08-21 13:38:41.885823197 +0000
self. timeout = kwargs. get('timeout' )
+++ common/http.py 2015-08-21 13:56:29.271491786 +0000
@@ -66,7 +66,7 @@
- 'ca_file': kwargs.
+ 'cacert': kwargs.
@@ -77,7 +77,7 @@
if kwargs.
else:
- self.verify_cert = kwargs.
+ self.verify_cert = kwargs.
def log_curl_ request( self, method, url, kwargs):
conn_ params_ fmt = [
( 'key_file' , '--key %s'),
( 'cert_file' , '--cert %s'), connection_ params. get(key)
curl = ['curl -i -X %s' % method]
@@ -90,7 +90,7 @@
- ('ca_file', '--cacert %s'),
+ ('cacert', '--cacert %s'),
]
for (key, fmt) in conn_params_fmt:
value = self.ssl_
And:
' This option is not necessary if your '
' key is prepended to your cert file.')
--- shell.py.orig 2015-08-21 14:00:55.479898082 +0000
+++ shell.py 2015-08-21 14:06:52.281803726 +0000
@@ -86,12 +86,6 @@
- parser. add_argument( '--ca-file' ,
parser. add_argument( '--api- timeout' ,
help=' Number of seconds to wait for an '
' API response, '
'token' : token,
'insecure' : args.insecure,
'cert_ file': args.cert_file,
'key_ file': args.key_file,
'username' : args.os_username,
- help='Path of CA SSL certificate(s) used to verify'
- ' the remote server certificate. Without '
- 'this option glance looks for the default '
- 'system CA certificates.')
-
@@ -324,7 +318,7 @@
kwargs = {
- 'ca_file': args.ca_file,
+ 'cacert': args.os_cacert,
--- tests/test_ common_ http.py. orig 2015-08-21 14:08:19.467246759 +0000 common_ http.py 2015-08-21 14:17:24.004259346 +0000
self. assertFalse( client. verify_ cert)
+++ tests/test_
@@ -448,7 +448,7 @@
def test_passed_ cert_to_ verify_ cert(self, mock_request): /foo', ca_file="NOWHERE") /foo', cacert="NOWHERE")
self. assertEqual( "NOWHERE" , client.verify_cert)
- client = http.HTTPClient('https:/
+ client = http.HTTPClient('https:/
with mock.patch( 'muranoclient. common. http.get_ system_ ca_file' ) as gsf: