python-muranoclient

Bug #1487099
Comment #2

Comment 2 for bug 1487099

Revision history for this message

Andrey Bubyr (abubyr) wrote on 2015-08-21:

Suggested changes (disable ca-file option at all replacing it by os-cacert):

--- common/http.py.orig 2015-08-21 13:38:41.885823197 +0000
+++ common/http.py 2015-08-21 13:56:29.271491786 +0000
@@ -66,7 +66,7 @@
self.timeout = kwargs.get('timeout')

         self.ssl_connection_params = {
- 'ca_file': kwargs.get('ca_file'),
+ 'cacert': kwargs.get('cacert'),
             'cert_file': kwargs.get('cert_file'),
             'key_file': kwargs.get('key_file'),
             'insecure': kwargs.get('insecure'),
@@ -77,7 +77,7 @@
             if kwargs.get('insecure'):
                 self.verify_cert = False
             else:
- self.verify_cert = kwargs.get('ca_file', get_system_ca_file())
+ self.verify_cert = kwargs.get('cacert', get_system_ca_file())

     def log_curl_request(self, method, url, kwargs):
         curl = ['curl -i -X %s' % method]
@@ -90,7 +90,7 @@
         conn_params_fmt = [
             ('key_file', '--key %s'),
             ('cert_file', '--cert %s'),
- ('ca_file', '--cacert %s'),
+ ('cacert', '--cacert %s'),
         ]
         for (key, fmt) in conn_params_fmt:
             value = self.ssl_connection_params.get(key)

- parser.add_argument('--ca-file',
- help='Path of CA SSL certificate(s) used to verify'
- ' the remote server certificate. Without '
- 'this option glance looks for the default '
- 'system CA certificates.')
-
         parser.add_argument('--api-timeout',
                             help='Number of seconds to wait for an '
                                  'API response, '
@@ -324,7 +318,7 @@
             kwargs = {
                 'token': token,
                 'insecure': args.insecure,
- 'ca_file': args.ca_file,
+ 'cacert': args.os_cacert,
                 'cert_file': args.cert_file,
                 'key_file': args.key_file,
                 'username': args.os_username,

--- tests/test_common_http.py.orig 2015-08-21 14:08:19.467246759 +0000
+++ tests/test_common_http.py 2015-08-21 14:17:24.004259346 +0000
@@ -448,7 +448,7 @@
self.assertFalse(client.verify_cert)

def test_passed_cert_to_verify_cert(self, mock_request):
- client = http.HTTPClient('https://foo', ca_file="NOWHERE")
+ client = http.HTTPClient('https://foo', cacert="NOWHERE")
self.assertEqual("NOWHERE", client.verify_cert)

with mock.patch('muranoclient.common.http.get_system_ca_file') as gsf:

Suggested changes (disable ca-file option at all replacing it by os-cacert):

--- common/http.py.orig 2015-08-21 13:38:41.885823197 +0000
+++ common/http.py      2015-08-21 13:56:29.271491786 +0000
@@ -66,7 +66,7 @@
         self.timeout = kwargs.get('timeout')
 
         self.ssl_connection_params = {
-            'ca_file': kwargs.get('ca_file'),
+            'cacert': kwargs.get('cacert'),
             'cert_file': kwargs.get('cert_file'),
             'key_file': kwargs.get('key_file'),
             'insecure': kwargs.get('insecure'),
@@ -77,7 +77,7 @@
             if kwargs.get('insecure'):
                 self.verify_cert = False
             else:
-                self.verify_cert = kwargs.get('ca_file', get_system_ca_file())
+                self.verify_cert = kwargs.get('cacert', get_system_ca_file())
 
     def log_curl_request(self, method, url, kwargs):
         curl = ['curl -i -X %s' % method]
@@ -90,7 +90,7 @@
         conn_params_fmt = [
             ('key_file', '--key %s'),
             ('cert_file', '--cert %s'),
-            ('ca_file', '--cacert %s'),
+            ('cacert', '--cacert %s'),
         ]
         for (key, fmt) in conn_params_fmt:
             value = self.ssl_connection_params.get(key)

And:
--- shell.py.orig       2015-08-21 14:00:55.479898082 +0000
+++ shell.py    2015-08-21 14:06:52.281803726 +0000
@@ -86,12 +86,6 @@
                                  ' This option is not necessary if your '
                                  'key is prepended to your cert file.')
 
-        parser.add_argument('--ca-file',
-                            help='Path of CA SSL certificate(s) used to verify'
-                                 ' the remote server certificate. Without '
-                                 'this option glance looks for the default '
-                                 'system CA certificates.')
-
         parser.add_argument('--api-timeout',
                             help='Number of seconds to wait for an '
                                  'API response, '
@@ -324,7 +318,7 @@
             kwargs = {
                 'token': token,
                 'insecure': args.insecure,
-                'ca_file': args.ca_file,
+                'cacert': args.os_cacert,
                 'cert_file': args.cert_file,
                 'key_file': args.key_file,
                 'username': args.os_username,

--- tests/test_common_http.py.orig      2015-08-21 14:08:19.467246759 +0000
+++ tests/test_common_http.py   2015-08-21 14:17:24.004259346 +0000
@@ -448,7 +448,7 @@
         self.assertFalse(client.verify_cert)
 
     def test_passed_cert_to_verify_cert(self, mock_request):
-        client = http.HTTPClient('https://foo', ca_file="NOWHERE")
+        client = http.HTTPClient('https://foo', cacert="NOWHERE")
         self.assertEqual("NOWHERE", client.verify_cert)
 
         with mock.patch('muranoclient.common.http.get_system_ca_file') as gsf: