diff options
| author | Dean Troyer <dtroyer@gmail.com> | 2015-06-04 09:20:29 -0500 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2015-06-04 09:37:46 -0500 |
| commit | 31d785ec6951a84f831ea3dfd49214c42ae4fd26 (patch) | |
| tree | f93a58a9f75ad4277ceddd857fd156383a7bdfc0 /openstackclient | |
| parent | aa7145e0c96bc5e33c360edc3e51df2750ada42c (diff) | |
| download | python-openstackclient-31d785ec6951a84f831ea3dfd49214c42ae4fd26.tar.gz | |
Allow --insecure to override --os-cacert
Change --insecure to ignore the --os-cacert setting. This is a change
from before where OSC followed the requests pattern of cacert taking
priority.
This logic is also introduced in os-client-config 1.3.0; we
do not require that release yet so it is duplicated here for now.
That change will come with the upcoming global options refactor.
Closes-Bug: #1447784
Change-Id: Iaa6d499ed0929c00a56dcd92a2017487c702774a
Diffstat (limited to 'openstackclient')
| -rw-r--r-- | openstackclient/shell.py | 21 | ||||
| -rw-r--r-- | openstackclient/tests/test_shell.py | 9 |
2 files changed, 20 insertions, 10 deletions
diff --git a/openstackclient/shell.py b/openstackclient/shell.py index 136542dc..36483b3a 100644 --- a/openstackclient/shell.py +++ b/openstackclient/shell.py @@ -264,12 +264,21 @@ class OpenStackShell(app.App): self.log.debug("cloud cfg: %s", self.cloud.config) # Set up client TLS - cacert = self.cloud.cacert - if cacert: - self.verify = cacert - else: - self.verify = not self.cloud.config.get('insecure', False) - self.verify = self.cloud.config.get('verify', self.verify) + # NOTE(dtroyer): --insecure is the non-default condition that + # overrides any verify setting in clouds.yaml + # so check it first, then fall back to any verify + # setting provided. + self.verify = not self.cloud.config.get( + 'insecure', + not self.cloud.config.get('verify', True), + ) + + # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784 + # --insecure now overrides any --os-cacert setting, + # where before --insecure was ignored if --os-cacert + # was set. + if self.verify and self.cloud.cacert: + self.verify = self.cloud.cacert # Save default domain self.default_domain = self.options.default_domain diff --git a/openstackclient/tests/test_shell.py b/openstackclient/tests/test_shell.py index 8850d8f9..b080ae91 100644 --- a/openstackclient/tests/test_shell.py +++ b/openstackclient/tests/test_shell.py @@ -540,14 +540,15 @@ class TestShellCli(TestShell): self.assertTrue(_shell.verify) # --os-cacert and --insecure - # NOTE(dtroyer): This really is a bogus combination, the default is - # to follow the requests.Session convention and let - # --os-cacert override --insecure + # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784 + # in this combination --insecure now overrides any + # --os-cacert setting, where before --insecure + # was ignored if --os-cacert was set. fake_execute(_shell, "--os-cacert foo --insecure list user") self.assertIsNone(_shell.options.verify) self.assertTrue(_shell.options.insecure) self.assertEqual('foo', _shell.options.cacert) - self.assertTrue(_shell.verify) + self.assertFalse(_shell.verify) def test_default_env(self): flag = "" |