diff options
author | Ivan Kolodyazhny <e0ne@e0ne.info> | 2019-08-12 15:44:31 +0300 |
---|---|---|
committer | Jay Bryant <jungleboyj@electronicjungle.net> | 2019-08-28 17:28:38 +0000 |
commit | 4a3a2c3c9a89ccff4e64d3da96de5b0af4303840 (patch) | |
tree | b8e99212b2f257af5177ad9ac0fa652eb76ab8e0 | |
parent | c4b50a10b3970aaf2d2e675e2fe8fd9b9bd4496b (diff) | |
download | python-cinderclient-4a3a2c3c9a89ccff4e64d3da96de5b0af4303840.tar.gz |
Add custom CA support for get_server_version
get_server_version fails when self-signed CA cert is used. This patch
adds:
* insecure option to ignore SSL certificate validation
* cacert to add ability to provide a custom SSL certificate
Change-Id: Ib1d34a5a6b595c53473ddd3acb182ab5a39cbba5
Related-Bug: 1744670
-rw-r--r-- | cinderclient/client.py | 19 | ||||
-rw-r--r-- | cinderclient/tests/unit/test_client.py | 35 |
2 files changed, 50 insertions, 4 deletions
diff --git a/cinderclient/client.py b/cinderclient/client.py index 2ae122c..e6a37c9 100644 --- a/cinderclient/client.py +++ b/cinderclient/client.py @@ -72,10 +72,14 @@ for svc in ('volume', 'volumev2', 'volumev3'): discover.add_catalog_discover_hack(svc, re.compile(r'/v[12]/\w+/?$'), '/') -def get_server_version(url): +def get_server_version(url, insecure=False, cacert=None): """Queries the server via the naked endpoint and gets version info. :param url: url of the cinder endpoint + :param insecure: Explicitly allow client to perform "insecure" TLS + (https) requests + :param cacert: Specify a CA bundle file to use in verifying a TLS + (https) server certificate :returns: APIVersion object for min and max version supported by the server """ @@ -106,7 +110,14 @@ def get_server_version(url): # leave as is without cropping. version_url = url - response = requests.get(version_url) + if insecure: + verify_cert = False + else: + if cacert: + verify_cert = cacert + else: + verify_cert = True + response = requests.get(version_url, verify=verify_cert) data = json.loads(response.text) versions = data['versions'] for version in versions: @@ -121,9 +132,9 @@ def get_server_version(url): api_versions.APIVersion(current_version)) -def get_highest_client_server_version(url): +def get_highest_client_server_version(url, insecure=False, cacert=None): """Returns highest supported version by client and server as a string.""" - min_server, max_server = get_server_version(url) + min_server, max_server = get_server_version(url, insecure, cacert) max_client = api_versions.APIVersion(api_versions.MAX_VERSION) return min(max_server, max_client).get_string() diff --git a/cinderclient/tests/unit/test_client.py b/cinderclient/tests/unit/test_client.py index 7fc6643..96348cd 100644 --- a/cinderclient/tests/unit/test_client.py +++ b/cinderclient/tests/unit/test_client.py @@ -361,6 +361,41 @@ class GetAPIVersionTestCase(utils.TestCase): self.assertEqual(max_version, api_versions.APIVersion('3.16')) @mock.patch('cinderclient.client.requests.get') + def test_get_server_version_insecure(self, mock_request): + mock_response = utils.TestResponse({ + "status_code": 200, + "text": json.dumps(fakes.fake_request_get_no_v3()) + }) + + mock_request.return_value = mock_response + + url = ( + "https://192.168.122.127:8776/v3/e5526285ebd741b1819393f772f11fc3") + expected_url = "https://192.168.122.127:8776/" + + cinderclient.client.get_server_version(url, True) + + mock_request.assert_called_once_with(expected_url, verify=False) + + @mock.patch('cinderclient.client.requests.get') + def test_get_server_version_cacert(self, mock_request): + mock_response = utils.TestResponse({ + "status_code": 200, + "text": json.dumps(fakes.fake_request_get_no_v3()) + }) + + mock_request.return_value = mock_response + + url = ( + "https://192.168.122.127:8776/v3/e5526285ebd741b1819393f772f11fc3") + expected_url = "https://192.168.122.127:8776/" + + cacert = '/path/to/cert' + cinderclient.client.get_server_version(url, cacert=cacert) + + mock_request.assert_called_once_with(expected_url, verify=cacert) + + @mock.patch('cinderclient.client.requests.get') @ddt.data('3.12', '3.40') def test_get_highest_client_server_version(self, version, mock_request): |