The Synergy CLI is not SSL-enabled

Added support to HTTPS connections needed for interacting with Keystone Change-Id: I1de2a862e054ac0954c9e4a5c6666b9e6e18822f Sem-Ver: feature
2017-01-16 12:04:59 +01:00 · 2017-01-16 12:04:59 +01:00 · 56d28fa54b
commit 56d28fa54b
parent aebc4aef10
2 changed files with 65 additions and 69 deletions
--- a/synergy/client/keystone_v3.py
+++ b/synergy/client/keystone_v3.py
@ -252,7 +252,7 @@ class KeystoneClient(object):
                 user_domain_name="default", project_id=None,
                 project_name=None, project_domain_id=None,
                 project_domain_name="default", timeout=None,
-                 default_trust_expiration=None):
+                 default_trust_expiration=None, ca_cert=None):
        self.auth_url = auth_url
        self.username = username
        self.password = password
@ -264,6 +264,7 @@ class KeystoneClient(object):
        self.project_domain_name = project_domain_name
        self.timeout = timeout
        self.token = None
+        self.ca_cert = ca_cert

        if default_trust_expiration:
            self.default_trust_expiration = default_trust_expiration
@ -315,7 +316,8 @@ class KeystoneClient(object):
        response = requests.post(url=self.auth_url + "/auth/tokens",
                                 headers=headers,
                                 data=json.dumps(data),
-                                 timeout=self.timeout)
+                                 timeout=self.timeout,
+                                 verify=self.ca_cert)

        if response.status_code != requests.codes.ok:
            response.raise_for_status()
@ -454,7 +456,8 @@ class KeystoneClient(object):

        response = requests.delete(url=self.auth_url + "/auth/tokens",
                                   headers=headers,
-                                   timeout=self.timeout)
+                                   timeout=self.timeout,
+                                   verify=self.ca_cert)

        self.token = None

@ -473,7 +476,8 @@ class KeystoneClient(object):

        response = requests.get(url=self.auth_url + "/auth/tokens",
                                headers=headers,
-                                timeout=self.timeout)
+                                timeout=self.timeout,
+                                verify=self.ca_cert)

        if response.status_code != requests.codes.ok:
            response.raise_for_status()
@ -577,27 +581,32 @@ class KeystoneClient(object):
            response = requests.get(url,
                                    headers=headers,
                                    params=data,
-                                    timeout=self.timeout)
+                                    timeout=self.timeout,
+                                    verify=self.ca_cert)
        elif method == "POST":
            response = requests.post(url,
                                     headers=headers,
                                     data=json.dumps(data),
-                                     timeout=self.timeout)
+                                     timeout=self.timeout,
+                                     verify=self.ca_cert)
        elif method == "PUT":
            response = requests.put(url,
                                    headers=headers,
                                    data=json.dumps(data),
-                                    timeout=self.timeout)
+                                    timeout=self.timeout,
+                                    verify=self.ca_cert)
        elif method == "HEAD":
            response = requests.head(url,
                                     headers=headers,
                                     data=json.dumps(data),
-                                     timeout=self.timeout)
+                                     timeout=self.timeout,
+                                     verify=self.ca_cert)
        elif method == "DELETE":
            response = requests.delete(url,
                                       headers=headers,
                                       data=json.dumps(data),
-                                       timeout=self.timeout)
+                                       timeout=self.timeout,
+                                       verify=self.ca_cert)
        else:
            raise Exception("wrong HTTP method: %s" % method)

--- a/synergy/client/shell.py
+++ b/synergy/client/shell.py
@ -35,7 +35,7 @@ def main():
                                       " OpenStack Synergy API.")

        # Global arguments
-        parser.add_argument("--version", action="version", version="v1.0")
+        parser.add_argument("--version", action="version", version="v1.1")

        parser.add_argument("--debug",
                            default=False,
@ -99,11 +99,6 @@ def main():
                            default=os.environ.get("OS_AUTH_URL"),
                            help="defaults to env[OS_AUTH_URL]")

-        parser.add_argument("--os-auth-system",
-                            metavar="<auth-system>",
-                            default=os.environ.get("OS_AUTH_SYSTEM"),
-                            help="defaults to env[OS_AUTH_SYSTEM]")
-
        parser.add_argument("--bypass-url",
                            metavar="<bypass-url>",
                            dest="bypass_url",
@ -116,16 +111,6 @@ def main():
                            help="Specify a CA bundle file to use in verifying"
                                 " a TLS (https) server certificate. Defaults "
                                 "to env[OS_CACERT]")
-        """
-        parser.add_argument("--insecure",
-                            default=os.environ.get("INSECURE", False),
-                            action="store_true",
-                            help="explicitly allow Synergy's client to perform"
-                                 " \"insecure\" SSL (https) requests. The "
-                                 "server's certificate will not be verified "
-                                 "against any certificate authorities. This "
-                                 "option should be used with caution.")
-        """

        subparser = parser.add_subparsers(help="commands", dest="command_name")
        commands = {}
@ -150,56 +135,58 @@ def main():
        os_auth_token = args.os_auth_token
        os_auth_token_cache = args.os_auth_token_cache
        os_auth_url = args.os_auth_url
+        os_cacert = args.os_cacert
        bypass_url = args.bypass_url
        command_name = args.command_name
-
-        if not os_username:
-            raise Exception("'os-username' not defined!")
-
-        if not os_password:
-            raise Exception("'os-password' not defined!")
-
-        if not os_project_name:
-            raise Exception("'os-project-name' not defined!")
-
-        if not os_auth_url:
-            raise Exception("'os-auth-url' not defined!")
-
-        if not os_user_domain_name:
-            os_user_domain_name = "default"
-
-        if not os_project_domain_name:
-            os_project_domain_name = "default"
-
-        client = keystone_v3.KeystoneClient(
-            auth_url=os_auth_url,
-            username=os_username,
-            password=os_password,
-            user_domain_id=os_user_domain_id,
-            user_domain_name=os_user_domain_name,
-            project_name=os_project_name,
-            project_domain_id=os_project_domain_id,
-            project_domain_name=os_project_domain_name)
-
-        token = None
-
-        if os_auth_token:
-            token = os_auth_token
-        elif os_auth_token_cache:
-            token = keystone_v3.Token.load(".auth_token")
-
-            if token is None or token.isExpired():
-                client.authenticate()
-                token = client.getToken()
-                token.save(".auth_token")
-        else:
-            client.authenticate()
-            token = client.getToken()
-
        synergy_url = None
+
        if bypass_url:
            synergy_url = bypass_url
        else:
+            if not os_username:
+                raise Exception("'os-username' not defined!")
+
+            if not os_password:
+                raise Exception("'os-password' not defined!")
+
+            if not os_project_name:
+                raise Exception("'os-project-name' not defined!")
+
+            if not os_auth_url:
+                raise Exception("'os-auth-url' not defined!")
+
+            if not os_user_domain_name:
+                os_user_domain_name = "default"
+
+            if not os_project_domain_name:
+                os_project_domain_name = "default"
+
+            client = keystone_v3.KeystoneClient(
+                auth_url=os_auth_url,
+                username=os_username,
+                password=os_password,
+                ca_cert=os_cacert,
+                user_domain_id=os_user_domain_id,
+                user_domain_name=os_user_domain_name,
+                project_name=os_project_name,
+                project_domain_id=os_project_domain_id,
+                project_domain_name=os_project_domain_name)
+
+            token = None
+
+            if os_auth_token:
+                token = os_auth_token
+            elif os_auth_token_cache:
+                token = keystone_v3.Token.load(".auth_token")
+
+                if token is None or token.isExpired():
+                    client.authenticate()
+                    token = client.getToken()
+                    token.save(".auth_token")
+            else:
+                client.authenticate()
+                token = client.getToken()
+
            synergy_service = client.getService(name="synergy")

            synergy_endpoint = client.getEndpoint(