summaryrefslogtreecommitdiff
path: root/glanceclient/common/https.py
Commit message (Collapse)AuthorAgeFilesLines
* Import only modules and update tox.iniCindy Pallares2015-06-171-5/+4
| | | | | | | | | As stated in the OpenStack Hacking Guidelines, it is prefered that only modules should be imported. Also updated tox.ini to ignore opestack/common among others. Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829
* Fix https stack trace on python 3.4 clientStuart McLaren2015-04-111-1/+3
| | | | | | | | | | | When using the client with python 3.4 and no ssl compression the following stack trace ocurrs: TypeError: startswith first arg must be bytes or a tuple of bytes, not str Closes-bug: 1442883 Related-bug: 1357430 Change-Id: I8e28f0bb1f3e866f11851247ce31470ca8c2af4f
* Fix client when using no ssl compressionStuart McLaren2015-04-111-0/+7
| | | | | | | | | | | Since the release of the 0.16.1 client, using the 'no ssl compression' option, whether on the command line, or via the library -- Nova does this by default -- a stack trace was generated. Closes-bug: 1442664 Related-bug: 1357430 Change-Id: I2b8ddcb0a7ae3cfccdfc20d3ba476f3b4f4ec32d
* Merge "Unify using six.moves.range rename everywhere"Jenkins2015-03-041-0/+2
|\
| * Unify using six.moves.range rename everywhereErno Kuvaja2015-02-251-0/+2
| | | | | | | | | | | | | | | | | | Mainly to improve consistency, use range() from six.moves renames across glance. Behaves consistently like py2 xrange() and py3 range(). Change-Id: I7c573a3a9775f454b98d25f2a14f8e9f5f4ac432
* | Merge "https: Prevent leaking sockets for some operations"Jenkins2015-03-041-56/+77
|\ \
| * | https: Prevent leaking sockets for some operationsStuart McLaren2015-02-181-56/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Other OpenStack services which instantiate a 'https' glanceclient using ssl_compression=False and insecure=False (eg Nova, Cinder) are leaking sockets due to glanceclient not closing the connection to the Glance server. This could happen for a sub-set of calls, eg 'show', 'delete', 'update'. netstat -nopd would show the sockets would hang around forever: ... 127.0.0.1:9292 ESTABLISHED 9552/python off (0.00/0/0) urllib's ConnectionPool relies on the garbage collector to tear down sockets which are no longer in use. The 'verify_callback' function used to validate SSL certs was holding a reference to the VerifiedHTTPSConnection instance which prevented the sockets being torn down. Change-Id: Idb3e68151c48ed623ab89d05d88ea48465429838 Closes-bug: 1423165
* | | Merge "Register our own ConnectionPool without globals"Jenkins2015-02-261-9/+26
|\ \ \ | |_|/ |/| |
| * | Register our own ConnectionPool without globalsIan Cordasco2015-02-061-10/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, on systems like Fedora and Debian, it is possible to import urllib3 as well as requests.packages.urllib3. They functionally point to the same code but sys.modules considers them to be separate items. When downstream packagers unvendor urllib3 from requests, they also change all the imports inside of the package. So if the code imports urllib3 from requests.packages.urllib3 and modifies globals in a submodule, that will not be visible to requests since it has been rewritten to use urllib3 (not requests.packages.urllib3). By handling this logic ourselves, we can issue a release until upstream packages and requests can fix this and cut a new release. Change-Id: Ic77ce8a06d9d148a899b4b8695990fca8fdaefc5 Closes-bug: 1396550
* | | Merge "Reduce the set of supported client SSL ciphers"Jenkins2015-02-231-0/+6
|\ \ \
| * | | Reduce the set of supported client SSL ciphersStuart McLaren2014-09-191-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | python-glanceclient (like, for example, curl) can advertise the default set of supported OpenSSL ciphers in its ClientHello packet. This patches reduces that to a stronger subset. Change-Id: I7c30465e79d8a32f43458cd6253a98fcf067dc38 Closes-bug: #1370283
* | | | Merge "Update HTTPS certificate handling for pep-0476"Jenkins2015-02-191-1/+5
|\ \ \ \ | |_|_|/ |/| | |
| * | | Update HTTPS certificate handling for pep-0476James Page2014-12-191-1/+5
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This pep (included in python 2.7.9) changes the behaviour of SSL certificate chain handling to be more py3 like. Include required new exception behaviour in the list of exceptions to translate under py2. https://github.com/python/peps/blob/master/pep-0476.txt Closes-Bug: 1404227 Change-Id: I7da1a13d1ec861a07fd96684d0431508a214a2c8
* | | Change oslo.utils to oslo_utilsLouis Taylor2015-02-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The oslo.utils libraries are moving away from namespace packages. This requires oslo.utils>=1.2.0 bp drop-namespace-packages Change-Id: I803df61e91eabb96329d859aef6bea03530fb84f
* | | Remove openstack.common.strutilsLouis Taylor2015-01-271-3/+3
|/ / | | | | | | | | | | | | This module now lives in oslo.utils, so import it from there instead. Co-Authored-By: Ian Cordasco <ian.cordasco@rackspace.com> Change-Id: Ib35dc840992433542490670781badd9529ec8947
* | Don't replace the https handler in the poolmanagerFlavio Percoco2014-10-301-2/+14
|/ | | | | | | | | | | | | | | | | In order to keep the support for `--ssl-nocompression` it was decided to overwrite the https HTTPAdapter in `requests` poolmanager. Although this seemed to work correctly, it was causing some issues when using glanceclient from other services that rely on requests and that were also configured to use TLS. THis patch changes implements a different strategy by using `glance+https` as the scheme to use when `no-compression` is requested. Closes-bug: #1350251 Closes-bug: #1347150 Closes-bug: #1362766 Change-Id: Ib25237ba821ee20a561a163b79402d1375ebed0b
* Ensure server's SSL cert is validatedStuart McLaren2014-08-191-1/+2
| | | | | | | | | | | A bug was introduced which meant that the server SSL certificate was not being verified. Here we make sure that it is checked (unless the --insecure flag is used). Helps guard against man-in-the-middle attack. Change-Id: I08f30bf3906b6580c871729311343fa8eefda91b Closes-bug: #1357430
* Fix glance-client to work with IPv6 controllersSudipta Biswas2014-08-061-1/+12
| | | | | | | | | | | | | | | | | | | Currently the glance client can't operate on IPv6 address based openstack controller IPs. The reason for this is the absence of creation of a IPv6 socket in the glance client code (in https.py). The glance client is trying to create sockets from the AF_INET socket family but this will lead to errors when glance client makes a call on the IPv6 IP addresses. In order to fix this limitation, we ensure that if the hostname resolves to IPv6 or an explicit IPv6 address is used to configure the openstack controller - glance client shall be able to detect that and then create a AF_INET6 socket family. In all other cases a AF_INET socket is created. We default to IPv4 sockets in all other cases. Change-Id: I7d5a09675cd5dab2e39f0faeaa7c169291eedac6 Closes-bug: #1348030
* Replace old httpclient with requestsAmalaBasha2014-07-101-0/+274
This review implements blueprint python-request and replaces the old http client implementation in favor of a new one based on python-requests. Major changes: * raw_request and json_request removed since everything is now being handled by the same method "_request" * New methods that match HTTP's methods were added: - get - put - post - head - patch - delete * Content-Type is now being "inferred" based on the data being sent: - if it is file-like object it chunks the request - if it is a python type not instance of basestring then it'll try to serialize it to json - Every other case will keep the incoming content-type and will send the data as is. * Glanceclient's HTTPSConnection implementation will be used if no-compression flag is set to True. Co-Author: Flavio Percoco<flaper87@gmail.com> Change-Id: I09f70eee3e2777f52ce040296015d41649c2586a
View Lorry Controller Status