diff options
| author | Zuul <zuul@review.opendev.org> | 2021-10-06 22:14:37 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2021-10-06 22:14:37 +0000 |
| commit | d79ebc5278b1d38ca9c4d28564fd3610c63ac574 (patch) | |
| tree | f28a7f2bea716dd7d6ae55d62caea0619aa82c6f /openstackclient/compute | |
| parent | 49d2c213667bb55bb9c8a4370e15b8d706a7f02b (diff) | |
| parent | 28a376bfb0a330470b028b6d5244ee4c8e1fe864 (diff) | |
| download | python-openstackclient-d79ebc5278b1d38ca9c4d28564fd3610c63ac574.tar.gz | |
Merge "Add --trusted-image-cert option for server create"
Diffstat (limited to 'openstackclient/compute')
| -rw-r--r-- | openstackclient/compute/v2/server.py | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/openstackclient/compute/v2/server.py b/openstackclient/compute/v2/server.py index ae23d539..08345243 100644 --- a/openstackclient/compute/v2/server.py +++ b/openstackclient/compute/v2/server.py @@ -1171,6 +1171,19 @@ class CreateServer(command.ShowOne): action='store_true', help=_('Wait for build to complete'), ) + parser.add_argument( + '--trusted-image-cert', + metavar='<trusted-cert-id>', + action='append', + dest='trusted_image_certs', + help=_( + 'Trusted image certificate IDs used to validate certificates ' + 'during the image signature verification process. ' + 'May be specified multiple times to pass multiple trusted ' + 'image certificate IDs. ' + '(supported by --os-compute-api-version 2.63 or above)' + ), + ) return parser def take_action(self, parsed_args): @@ -1640,6 +1653,24 @@ class CreateServer(command.ShowOne): boot_kwargs['hostname'] = parsed_args.hostname + # TODO(stephenfin): Handle OS_TRUSTED_IMAGE_CERTIFICATE_IDS + if parsed_args.trusted_image_certs: + if not (image and not parsed_args.boot_from_volume): + msg = _( + '--trusted-image-cert option is only supported for ' + 'servers booted directly from images' + ) + raise exceptions.CommandError(msg) + if compute_client.api_version < api_versions.APIVersion('2.63'): + msg = _( + '--os-compute-api-version 2.63 or greater is required to ' + 'support the --trusted-image-cert option' + ) + raise exceptions.CommandError(msg) + + certs = parsed_args.trusted_image_certs + boot_kwargs['trusted_image_certificates'] = certs + LOG.debug('boot_args: %s', boot_args) LOG.debug('boot_kwargs: %s', boot_kwargs) @@ -3277,7 +3308,6 @@ class RebuildServer(command.ShowOne): help=_( 'Trusted image certificate IDs used to validate certificates ' 'during the image signature verification process. ' - 'Defaults to env[OS_TRUSTED_IMAGE_CERTIFICATE_IDS]. ' 'May be specified multiple times to pass multiple trusted ' 'image certificate IDs. ' 'Cannot be specified with the --no-trusted-certs option. ' |