From 31d785ec6951a84f831ea3dfd49214c42ae4fd26 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Thu, 4 Jun 2015 09:20:29 -0500 Subject: Allow --insecure to override --os-cacert Change --insecure to ignore the --os-cacert setting. This is a change from before where OSC followed the requests pattern of cacert taking priority. This logic is also introduced in os-client-config 1.3.0; we do not require that release yet so it is duplicated here for now. That change will come with the upcoming global options refactor. Closes-Bug: #1447784 Change-Id: Iaa6d499ed0929c00a56dcd92a2017487c702774a --- openstackclient/shell.py | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'openstackclient/shell.py') diff --git a/openstackclient/shell.py b/openstackclient/shell.py index 136542dc..36483b3a 100644 --- a/openstackclient/shell.py +++ b/openstackclient/shell.py @@ -264,12 +264,21 @@ class OpenStackShell(app.App): self.log.debug("cloud cfg: %s", self.cloud.config) # Set up client TLS - cacert = self.cloud.cacert - if cacert: - self.verify = cacert - else: - self.verify = not self.cloud.config.get('insecure', False) - self.verify = self.cloud.config.get('verify', self.verify) + # NOTE(dtroyer): --insecure is the non-default condition that + # overrides any verify setting in clouds.yaml + # so check it first, then fall back to any verify + # setting provided. + self.verify = not self.cloud.config.get( + 'insecure', + not self.cloud.config.get('verify', True), + ) + + # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784 + # --insecure now overrides any --os-cacert setting, + # where before --insecure was ignored if --os-cacert + # was set. + if self.verify and self.cloud.cacert: + self.verify = self.cloud.cacert # Save default domain self.default_domain = self.options.default_domain -- cgit v1.2.1