diff options
| author | Dean Troyer <dtroyer@gmail.com> | 2013-10-07 12:23:00 -0500 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2013-10-07 18:17:48 -0500 |
| commit | 3f9c68f1c6585c1d7f31b75c8719efc47230d86f (patch) | |
| tree | 142933220dc0488998948a08d35c1cb46184e354 /openstackclient/shell.py | |
| parent | bca4cf95789fc30577c796fdf349d072ef087f25 (diff) | |
| download | python-openstackclient-3f9c68f1c6585c1d7f31b75c8719efc47230d86f.tar.gz | |
Add options to support TLS certificate verification
Add --os-cacert and --verify|--insecure options using the same
sematics as the other project CLIs. --verify is included for
completeness.
Bug: 1236608
Change-Id: I8a116d790db5aa4cb17a2207efedce7cb229eba3
Diffstat (limited to 'openstackclient/shell.py')
| -rw-r--r-- | openstackclient/shell.py | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/openstackclient/shell.py b/openstackclient/shell.py index 67977907..d0905fd9 100644 --- a/openstackclient/shell.py +++ b/openstackclient/shell.py @@ -79,6 +79,9 @@ class OpenStackShell(app.App): # password flow auth self.auth_client = None + # Assume TLS host certificate verification is enabled + self.verify = True + # NOTE(dtroyer): This hack changes the help action that Cliff # automatically adds to the parser so we can defer # its execution until after the api-versioned commands @@ -159,6 +162,22 @@ class OpenStackShell(app.App): default=env('OS_REGION_NAME'), help='Authentication region name (Env: OS_REGION_NAME)') parser.add_argument( + '--os-cacert', + metavar='<ca-bundle-file>', + default=env('OS_CACERT'), + help='CA certificate bundle file (Env: OS_CACERT)') + verify_group = parser.add_mutually_exclusive_group() + verify_group.add_argument( + '--verify', + action='store_true', + help='Verify server certificate (default)', + ) + verify_group.add_argument( + '--insecure', + action='store_true', + help='Disable server certificate verification', + ) + parser.add_argument( '--os-default-domain', metavar='<auth-domain>', default=env( @@ -299,7 +318,9 @@ class OpenStackShell(app.App): username=self.options.os_username, password=self.options.os_password, region_name=self.options.os_region_name, - api_version=self.api_version) + verify=self.verify, + api_version=self.api_version, + ) return def init_keyring_backend(self): @@ -387,7 +408,11 @@ class OpenStackShell(app.App): self.DeferredHelpAction(self.parser, self.parser, None, None) # Set up common client session - self.restapi = restapi.RESTApi() + if self.options.os_cacert: + self.verify = self.options.os_cacert + else: + self.verify = not self.options.insecure + self.restapi = restapi.RESTApi(verify=self.verify) def prepare_to_run_command(self, cmd): """Set up auth and API versions""" |