diff options
| author | Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> | 2021-09-30 17:14:19 +0300 |
|---|---|---|
| committer | Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> | 2021-09-30 19:42:26 +0300 |
| commit | 28a376bfb0a330470b028b6d5244ee4c8e1fe864 (patch) | |
| tree | d500b2274324158550be48f14547106ebb30999a /openstackclient/compute | |
| parent | ff372ffdfbfe036993f84be20cd18262599b37de (diff) | |
| download | python-openstackclient-28a376bfb0a330470b028b6d5244ee4c8e1fe864.tar.gz | |
Add --trusted-image-cert option for server create
this already exists for server rebuild, but was missing for server
create.
This option is supported from Compute API version >= 2.63, and is only
available for servers booted directly from images (not from volumes,
not from snapshots, and not from images first converted to volumes).
Additionally, this patch removes mentions of
OS_TRUSTED_IMAGE_CERTIFICATE_IDS env var from similar option help string
in server rebuild command as it is not actually implemented yet.
Change-Id: I4e9faea05c499bd91034d1d284c44fdcc8e18db5
Diffstat (limited to 'openstackclient/compute')
| -rw-r--r-- | openstackclient/compute/v2/server.py | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/openstackclient/compute/v2/server.py b/openstackclient/compute/v2/server.py index 47505838..29139776 100644 --- a/openstackclient/compute/v2/server.py +++ b/openstackclient/compute/v2/server.py @@ -1171,6 +1171,19 @@ class CreateServer(command.ShowOne): action='store_true', help=_('Wait for build to complete'), ) + parser.add_argument( + '--trusted-image-cert', + metavar='<trusted-cert-id>', + action='append', + dest='trusted_image_certs', + help=_( + 'Trusted image certificate IDs used to validate certificates ' + 'during the image signature verification process. ' + 'May be specified multiple times to pass multiple trusted ' + 'image certificate IDs. ' + '(supported by --os-compute-api-version 2.63 or above)' + ), + ) return parser def take_action(self, parsed_args): @@ -1640,6 +1653,24 @@ class CreateServer(command.ShowOne): boot_kwargs['hostname'] = parsed_args.hostname + # TODO(stephenfin): Handle OS_TRUSTED_IMAGE_CERTIFICATE_IDS + if parsed_args.trusted_image_certs: + if not (image and not parsed_args.boot_from_volume): + msg = _( + '--trusted-image-cert option is only supported for ' + 'servers booted directly from images' + ) + raise exceptions.CommandError(msg) + if compute_client.api_version < api_versions.APIVersion('2.63'): + msg = _( + '--os-compute-api-version 2.63 or greater is required to ' + 'support the --trusted-image-cert option' + ) + raise exceptions.CommandError(msg) + + certs = parsed_args.trusted_image_certs + boot_kwargs['trusted_image_certificates'] = certs + LOG.debug('boot_args: %s', boot_args) LOG.debug('boot_kwargs: %s', boot_kwargs) @@ -3277,7 +3308,6 @@ class RebuildServer(command.ShowOne): help=_( 'Trusted image certificate IDs used to validate certificates ' 'during the image signature verification process. ' - 'Defaults to env[OS_TRUSTED_IMAGE_CERTIFICATE_IDS]. ' 'May be specified multiple times to pass multiple trusted ' 'image certificate IDs. ' 'Cannot be specified with the --no-trusted-certs option. ' |