summaryrefslogtreecommitdiff
path: root/openstackclient
diff options
context:
space:
mode:
Diffstat (limited to 'openstackclient')
-rw-r--r--openstackclient/shell.py21
-rw-r--r--openstackclient/tests/test_shell.py9
2 files changed, 20 insertions, 10 deletions
diff --git a/openstackclient/shell.py b/openstackclient/shell.py
index 136542dc..36483b3a 100644
--- a/openstackclient/shell.py
+++ b/openstackclient/shell.py
@@ -264,12 +264,21 @@ class OpenStackShell(app.App):
self.log.debug("cloud cfg: %s", self.cloud.config)
# Set up client TLS
- cacert = self.cloud.cacert
- if cacert:
- self.verify = cacert
- else:
- self.verify = not self.cloud.config.get('insecure', False)
- self.verify = self.cloud.config.get('verify', self.verify)
+ # NOTE(dtroyer): --insecure is the non-default condition that
+ # overrides any verify setting in clouds.yaml
+ # so check it first, then fall back to any verify
+ # setting provided.
+ self.verify = not self.cloud.config.get(
+ 'insecure',
+ not self.cloud.config.get('verify', True),
+ )
+
+ # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
+ # --insecure now overrides any --os-cacert setting,
+ # where before --insecure was ignored if --os-cacert
+ # was set.
+ if self.verify and self.cloud.cacert:
+ self.verify = self.cloud.cacert
# Save default domain
self.default_domain = self.options.default_domain
diff --git a/openstackclient/tests/test_shell.py b/openstackclient/tests/test_shell.py
index 8850d8f9..b080ae91 100644
--- a/openstackclient/tests/test_shell.py
+++ b/openstackclient/tests/test_shell.py
@@ -540,14 +540,15 @@ class TestShellCli(TestShell):
self.assertTrue(_shell.verify)
# --os-cacert and --insecure
- # NOTE(dtroyer): This really is a bogus combination, the default is
- # to follow the requests.Session convention and let
- # --os-cacert override --insecure
+ # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
+ # in this combination --insecure now overrides any
+ # --os-cacert setting, where before --insecure
+ # was ignored if --os-cacert was set.
fake_execute(_shell, "--os-cacert foo --insecure list user")
self.assertIsNone(_shell.options.verify)
self.assertTrue(_shell.options.insecure)
self.assertEqual('foo', _shell.options.cacert)
- self.assertTrue(_shell.verify)
+ self.assertFalse(_shell.verify)
def test_default_env(self):
flag = ""
View Lorry Controller Status