diff options
| author | jonnary <liu.xuefeng1@zte.com.cn> | 2019-08-16 01:43:22 +0800 |
|---|---|---|
| committer | Douglas Mendizábal <dmendiza@redhat.com> | 2019-10-02 20:09:25 +0000 |
| commit | 16760f3b44d6466d2018ce7765556d5b69d9d806 (patch) | |
| tree | 561b3029ec5225d67eec2b613affa2768dfc1cf6 /barbicanclient | |
| parent | 79f387fbd5fde9e671dd32684f73dbf3451379dc (diff) | |
| download | python-barbicanclient-16760f3b44d6466d2018ce7765556d5b69d9d806.tar.gz | |
Support two-way auth for barbicanclient
This patch supports two-way auth for barbicanclient.
Change-Id: I19fb971de864e94b31bf436bc27d5180aebbce4f
blueprint:support-two-way-auth
Diffstat (limited to 'barbicanclient')
| -rw-r--r-- | barbicanclient/barbican.py | 13 | ||||
| -rw-r--r-- | barbicanclient/tests/test_barbican.py | 40 |
2 files changed, 51 insertions, 2 deletions
diff --git a/barbicanclient/barbican.py b/barbicanclient/barbican.py index a462f1d..dbaa3d3 100644 --- a/barbicanclient/barbican.py +++ b/barbicanclient/barbican.py @@ -151,8 +151,17 @@ class Barbican(app.App): method = identity.Token if auth_type == 'token' else identity.Password auth = method(**kwargs) - - return session.Session(auth=auth, verify=not args.insecure) + cacert = args.os_cacert + cert = args.os_cert + key = args.os_key + insecure = args.insecure + if insecure: + verify = False + else: + verify = cacert or True + if cert and key: + cert = (cert, key) + return session.Session(auth=auth, verify=verify, cert=cert) def create_client(self, args): created_client = None diff --git a/barbicanclient/tests/test_barbican.py b/barbicanclient/tests/test_barbican.py index e5c178f..dab036e 100644 --- a/barbicanclient/tests/test_barbican.py +++ b/barbicanclient/tests/test_barbican.py @@ -219,6 +219,46 @@ class WhenTestingBarbicanCLI(test_client.BaseEntityResource): self.assertEqual(1, self.responses._adapter.call_count) self.assertEqual([], secret_list) + def test_insecure_true_kwargs_set_correctly(self): + auth_args = ('--no-auth --endpoint https://barbican_endpoint:9311/v1 ' + '--os-project-id project1') + endpoint_filter_args = ('--interface public ' + '--service-type custom-type ' + '--service-name Burrbican ' + '--region-name RegionTwo ' + '--barbican-api-version v1') + args = auth_args + ' ' + endpoint_filter_args + argv, remainder = self.parser.parse_known_args(args.split()) + argv.insecure = True + argv.os_identity_api_version = '2.0' + argv.os_tenant_name = 'my_tenant_name' + barbican_client = self.barbican.create_client(argv) + httpclient = barbican_client.secrets._api + self.assertFalse(httpclient.session.verify) + + def test_cafile_certfile_keyfile_kwargs_set_correctly(self): + auth_args = ('no_auth ' + '--os-auth-url https://keystone_endpoint:5000/v2 ' + '--os-auth-token f554ccb5-e157-4824-b67b-d139c87bc555 ' + '--os-project-id project1') + endpoint_filter_args = ('--interface public ' + '--service-type custom-type ' + '--service-name Burrbican ' + '--region-name RegionTwo ' + '--barbican-api-version v1') + args = auth_args + ' ' + endpoint_filter_args + argv, remainder = self.parser.parse_known_args(args.split()) + argv.os_cacert = 'ca.pem' + argv.os_cert = 'cert.pem' + argv.os_key = 'key.pem' + argv.os_identity_api_version = '2.0' + argv.os_tenant_name = 'my_tenant_name' + barbican_client = self.barbican.create_client(argv) + httpclient = barbican_client.secrets._api + self.assertEqual('ca.pem', httpclient.session.verify) + self.assertEqual('cert.pem', httpclient.session.cert[0]) + self.assertEqual('key.pem', httpclient.session.cert[1]) + class TestBarbicanWithKeystonePasswordAuth( keystone_client_fixtures.KeystoneClientFixture): |