diff options
author | jfwood <john.wood@rackspace.com> | 2013-11-25 17:01:01 -0600 |
---|---|---|
committer | jfwood <john.wood@rackspace.com> | 2013-11-25 17:06:17 -0600 |
commit | 729cb647b97c87a61ff288d02ece4bbddd924bc6 (patch) | |
tree | 54371528c232bd07ee702c1a1abf0a0551993719 | |
parent | fb6e4ab6c4dd7f2d61c8dce6a96839eeb83c0fab (diff) | |
parent | eb0b49843ff12fddf483624db1c11d6677694251 (diff) | |
download | python-barbicanclient-729cb647b97c87a61ff288d02ece4bbddd924bc6.tar.gz |
Fix merge conflicts.
-rw-r--r-- | barbicanclient/client.py | 18 | ||||
-rw-r--r-- | barbicanclient/common/auth.py | 8 | ||||
-rw-r--r-- | barbicanclient/keep.py | 73 | ||||
-rw-r--r-- | barbicanclient/orders.py | 3 | ||||
-rw-r--r-- | barbicanclient/secrets.py | 3 |
5 files changed, 71 insertions, 34 deletions
diff --git a/barbicanclient/client.py b/barbicanclient/client.py index 0912a03..1d6d080 100644 --- a/barbicanclient/client.py +++ b/barbicanclient/client.py @@ -13,11 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. import json +import logging import os import requests -from barbicanclient.openstack.common import log as logging from barbicanclient.openstack.common.gettextutils import _ from barbicanclient import orders from barbicanclient import secrets @@ -25,7 +25,6 @@ from barbicanclient import verifications LOG = logging.getLogger(__name__) -logging.setup('barbicanclient') class HTTPError(Exception): @@ -51,8 +50,8 @@ class HTTPAuthError(HTTPError): class Client(object): - def __init__(self, session=None, auth_plugin=None, - endpoint=None, tenant_id=None): + def __init__(self, session=None, auth_plugin=None, endpoint=None, + tenant_id=None, insecure=False): """ Barbican client object used to interact with barbican service. @@ -68,6 +67,7 @@ class Client(object): LOG.debug(_("Creating Client object")) self._session = session or requests.Session() + self.verify = not insecure self.auth_plugin = auth_plugin if self.auth_plugin is not None: @@ -96,23 +96,25 @@ class Client(object): def get(self, href, params=None): headers = {'Accept': 'application/json'} - resp = self._session.get(href, params=params, headers=headers) + resp = self._session.get(href, params=params, headers=headers, + verify=self.verify) self._check_status_code(resp) return resp.json() def get_raw(self, href, headers): - resp = self._session.get(href, headers=headers) + resp = self._session.get(href, headers=headers, verify=self.verify) self._check_status_code(resp) return resp.content def delete(self, href): - resp = self._session.delete(href) + resp = self._session.delete(href, verify=self.verify) self._check_status_code(resp) def post(self, path, data): url = '{0}/{1}/'.format(self.base_url, path) headers = {'content-type': 'application/json'} - resp = self._session.post(url, data=json.dumps(data), headers=headers) + resp = self._session.post(url, data=json.dumps(data), headers=headers, + verify=self.verify) self._check_status_code(resp) return resp.json() diff --git a/barbicanclient/common/auth.py b/barbicanclient/common/auth.py index fbc594f..c663191 100644 --- a/barbicanclient/common/auth.py +++ b/barbicanclient/common/auth.py @@ -12,10 +12,11 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. +import logging + from keystoneclient.v2_0 import client as ksclient from keystoneclient import exceptions -from barbicanclient.openstack.common import log as logging LOG = logging.getLogger(__name__) @@ -28,14 +29,15 @@ class AuthException(Exception): class KeystoneAuthV2(object): def __init__(self, auth_url='', username='', password='', - tenant_name='', tenant_id='', keystone=None): + tenant_name='', tenant_id='', insecure=False, keystone=None): if not all([auth_url, username, password, tenant_name or tenant_id]): raise ValueError('Please provide auth_url, username, password,' ' and tenant_id or tenant_name)') self._keystone = keystone or ksclient.Client(username=username, password=password, tenant_name=tenant_name, - auth_url=auth_url) + auth_url=auth_url, + insecure=insecure) self._barbican_url = None #TODO(dmend): make these configurable self._service_type = 'keystore' diff --git a/barbicanclient/keep.py b/barbicanclient/keep.py index 9a37412..f0e5f77 100644 --- a/barbicanclient/keep.py +++ b/barbicanclient/keep.py @@ -19,6 +19,9 @@ import argparse from barbicanclient.common import auth from barbicanclient import client +from barbicanclient.openstack.common import log as logging + +logging.setup('barbicanclient') class Keep: @@ -72,22 +75,35 @@ class Keep: metavar='<barbican-url>', default=client.env('BARBICAN_ENDPOINT'), help='Defaults to env[BARBICAN_ENDPOINT].') + parser.add_argument('--insecure', + default=False, + action="store_true", + help='Explicitly allow barbicanclient to perform ' + '"insecure" TLS (https) requests. The ' + 'server\'s certificate will not be verified ' + 'against any certificate authorities. This ' + 'option should be used with caution.') return parser def _add_verify_args(self): verify_parser = self.subparsers.add_parser('verify', - help='Create a new verification.') + help='Create a new ' + 'verification.') verify_parser.add_argument('--type', '-t', default='image', - help='resource type to verify, such as "image".') + help='resource type to verify, ' + 'such as "image".') verify_parser.add_argument('--ref', '-r', - help='reference URI to resource to verify.') + help='reference URI to ' + 'resource to verify.') verify_parser.add_argument('--action', '-a', default='vm_attach', - help='action to perform on resource, such as "vm_attach".') + help='action to perform on ' + 'resource, such as "vm_attach".') verify_parser.add_argument('--impersonation', '-i', default=True, - help='is impersonation allowed for the resource.') + help='is impersonation allowed ' + 'for the resource.') verify_parser.set_defaults(func=self.verify) def _add_create_args(self): @@ -110,7 +126,8 @@ class Keep: default='application/octet-stream', help='the type/format of the secret to be' ' generated (default: %(default)s).') - create_parser.add_argument('--expiration', '-x', help='the expiration ' + create_parser.add_argument('--expiration', '-x', + help='the expiration ' 'time for the secret in ISO 8601 format.') create_parser.set_defaults(func=self.create) @@ -122,7 +139,8 @@ class Keep: store_parser.add_argument('--name', '-n', help='a human-friendly name.') store_parser.add_argument('--payload', '-p', help='the unencrypted' - ' secret; if provided, you must also provide' + ' secret; if provided, ' + 'you must also provide' ' a payload_content_type') store_parser.add_argument('--payload-content-type', '-t', help='the type/format of the provided ' @@ -133,7 +151,8 @@ class Keep: help='required if --payload-content-type is' ' "application/octet-stream".') store_parser.add_argument('--algorithm', '-a', default='aes', - help='the algorithm (default: %(default)s).') + help='the algorithm (default: ' + '%(default)s).') store_parser.add_argument('--bit-length', '-b', default=256, help='the bit length ' '(default: %(default)s).', @@ -148,18 +167,22 @@ class Keep: def _add_delete_args(self): delete_parser = self.subparsers.add_parser( 'delete', - help='Delete a secret, order or verification by providing its href.' + help='Delete a secret, order or ' + 'verification by providing its href.' ) delete_parser.add_argument('URI', help='The URI reference for the' - ' secret, order or verification') + ' secret, order ' + 'or verification') delete_parser.set_defaults(func=self.delete) def _add_get_args(self): get_parser = self.subparsers.add_parser( 'get', - help='Retrieve a secret, order or verification by providing its URI.' + help='Retrieve a secret, order or ' + 'verification by providing its URI.' ) - get_parser.add_argument('URI', help='The URI reference for the secret, ' + get_parser.add_argument('URI', help='The URI reference ' + 'for the secret, ' 'order or verification.') get_parser.add_argument('--decrypt', '-d', help='if specified, keep' ' will retrieve the unencrypted secret data;' @@ -176,9 +199,11 @@ class Keep: def _add_list_args(self): list_parser = self.subparsers.add_parser('list', - help='List secrets, orders or verifications') - list_parser.add_argument('--limit', '-l', default=10, help='specify t' - 'he limit to the number of items to list per' + help='List secrets, ' + 'orders or ' + 'verifications') + list_parser.add_argument('--limit', '-l', default=10, help='specify ' + 'the limit to the number of items to list per' ' page (default: %(default)s; maximum: 100)', type=int) list_parser.add_argument('--offset', '-o', default=0, help='specify t' @@ -223,7 +248,8 @@ class Keep: self.client.orders.delete(args.URI) else: self.parser.exit(status=1, message='ERROR: delete is only ' - 'supported for secrets, orders or verifications\n') + 'supported for secrets, ' + 'orders or verifications\n') def get(self, args): if args.command == 'secret': @@ -238,7 +264,8 @@ class Keep: print self.client.orders.get(args.URI) else: self.parser.exit(status=1, message='ERROR: get is only ' - 'supported for secrets, orders or verifications\n') + 'supported for secrets, ' + 'orders or verifications\n') def list(self, args): if args.command == 'secret': @@ -249,7 +276,8 @@ class Keep: ls = self.client.orders.list(args.limit, args.offset) else: self.parser.exit(status=1, message='ERROR: get list is only ' - 'supported for secrets, orders or verifications\n') + 'supported for secrets, ' + 'orders or verifications\n') for obj in ls: print obj print '{0}s displayed: {1} - offset: {2}'.format(args.command, len(ls), @@ -271,18 +299,21 @@ class Keep: args = self.parser.parse_args(kwargs.get('argv')) if args.no_auth: self.client = client.Client(endpoint=args.endpoint, - tenant_id=args.os_tenant_id) + tenant_id=args.os_tenant_id, + insecure=args.insecure) elif all([args.os_auth_url, args.os_username, args.os_password, args.os_tenant_name]): self._keystone = auth.KeystoneAuthV2( auth_url=args.os_auth_url, username=args.os_username, password=args.os_password, - tenant_name=args.os_tenant_name + tenant_name=args.os_tenant_name, + insecure=args.insecure ) self.client = client.Client(auth_plugin=self._keystone, endpoint=args.endpoint, - tenant_id=args.os_tenant_id) + tenant_id=args.os_tenant_id, + insecure=args.insecure) else: self.parser.exit( status=1, diff --git a/barbicanclient/orders.py b/barbicanclient/orders.py index 11dc009..7b2f3e3 100644 --- a/barbicanclient/orders.py +++ b/barbicanclient/orders.py @@ -12,9 +12,10 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. +import logging + from barbicanclient import base from barbicanclient.openstack.common.gettextutils import _ -from barbicanclient.openstack.common import log as logging from barbicanclient.openstack.common import timeutils diff --git a/barbicanclient/secrets.py b/barbicanclient/secrets.py index 81ba1d7..a1e9b12 100644 --- a/barbicanclient/secrets.py +++ b/barbicanclient/secrets.py @@ -12,8 +12,9 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. +import logging + from barbicanclient import base -from barbicanclient.openstack.common import log as logging from barbicanclient.openstack.common.timeutils import parse_isotime |