Allow --insecure to override --os-cacert
Change --insecure to ignore the --os-cacert setting. This is a change from before where OSC followed the requests pattern of cacert taking priority. This logic is also introduced in os-client-config 1.3.0; we do not require that release yet so it is duplicated here for now. That change will come with the upcoming global options refactor. Closes-Bug: #1447784 Change-Id: Iaa6d499ed0929c00a56dcd92a2017487c702774a
This commit is contained in:
parent
aa7145e0c9
commit
31d785ec69
@ -264,12 +264,21 @@ class OpenStackShell(app.App):
|
|||||||
self.log.debug("cloud cfg: %s", self.cloud.config)
|
self.log.debug("cloud cfg: %s", self.cloud.config)
|
||||||
|
|
||||||
# Set up client TLS
|
# Set up client TLS
|
||||||
cacert = self.cloud.cacert
|
# NOTE(dtroyer): --insecure is the non-default condition that
|
||||||
if cacert:
|
# overrides any verify setting in clouds.yaml
|
||||||
self.verify = cacert
|
# so check it first, then fall back to any verify
|
||||||
else:
|
# setting provided.
|
||||||
self.verify = not self.cloud.config.get('insecure', False)
|
self.verify = not self.cloud.config.get(
|
||||||
self.verify = self.cloud.config.get('verify', self.verify)
|
'insecure',
|
||||||
|
not self.cloud.config.get('verify', True),
|
||||||
|
)
|
||||||
|
|
||||||
|
# NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
|
||||||
|
# --insecure now overrides any --os-cacert setting,
|
||||||
|
# where before --insecure was ignored if --os-cacert
|
||||||
|
# was set.
|
||||||
|
if self.verify and self.cloud.cacert:
|
||||||
|
self.verify = self.cloud.cacert
|
||||||
|
|
||||||
# Save default domain
|
# Save default domain
|
||||||
self.default_domain = self.options.default_domain
|
self.default_domain = self.options.default_domain
|
||||||
|
@ -540,14 +540,15 @@ class TestShellCli(TestShell):
|
|||||||
self.assertTrue(_shell.verify)
|
self.assertTrue(_shell.verify)
|
||||||
|
|
||||||
# --os-cacert and --insecure
|
# --os-cacert and --insecure
|
||||||
# NOTE(dtroyer): This really is a bogus combination, the default is
|
# NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
|
||||||
# to follow the requests.Session convention and let
|
# in this combination --insecure now overrides any
|
||||||
# --os-cacert override --insecure
|
# --os-cacert setting, where before --insecure
|
||||||
|
# was ignored if --os-cacert was set.
|
||||||
fake_execute(_shell, "--os-cacert foo --insecure list user")
|
fake_execute(_shell, "--os-cacert foo --insecure list user")
|
||||||
self.assertIsNone(_shell.options.verify)
|
self.assertIsNone(_shell.options.verify)
|
||||||
self.assertTrue(_shell.options.insecure)
|
self.assertTrue(_shell.options.insecure)
|
||||||
self.assertEqual('foo', _shell.options.cacert)
|
self.assertEqual('foo', _shell.options.cacert)
|
||||||
self.assertTrue(_shell.verify)
|
self.assertFalse(_shell.verify)
|
||||||
|
|
||||||
def test_default_env(self):
|
def test_default_env(self):
|
||||||
flag = ""
|
flag = ""
|
||||||
|
Loading…
Reference in New Issue
Block a user