starlingx
/
fault
Code Issues Proposed changes

Add support to --insecure parameter in fmclient 

current fmclient does not support --insecure parameter
and this cause that fm command doesn't work when
endpoint is configured with private signed certificates.

Closes-Bug: 1958262

Test Plan:

PASS: configure endpoint with private signed certificates
and run rm command with --insecure to get the alarm-list.
PASS: set FMCLIENT_INSECURE=true environment variable and
run fm alarm-list.

Signed-off-by: Giana Francisco <francisco.giana@windriver.com>
Change-Id: I2c2a33d24fb544147bd02fda2e0a89eafd48c818
This commit is contained in:
Giana Francisco 2022-01-17 16:28:14 -03:00
parent e9ba02ab5c
commit f0b7677999
3 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
python-fmclient/fmclient/fmclient/client.py
View File

@ -1,5 +1,5 @@
# #
# Copyright (c) 2018 Wind River Systems, Inc. # Copyright (c) 2018-2022 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -20,7 +20,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None,
region_name=None, timeout=None, region_name=None, timeout=None,
user_domain_id=None, user_domain_name=None, user_domain_id=None, user_domain_name=None,
project_domain_id=None, project_domain_name=None, project_domain_id=None, project_domain_name=None,
service_type=SERVICE_TYPE, endpoint_type=None, service_type=SERVICE_TYPE, endpoint_type=None, insecure=None,
**ignored_kwargs): **ignored_kwargs):
"""Get an authenticated client, based on the credentials.""" """Get an authenticated client, based on the credentials."""
kwargs = {} kwargs = {}
@ -62,7 +62,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None,
loader = loading.get_plugin_loader(auth_type) loader = loading.get_plugin_loader(auth_type)
auth_plugin = loader.load_from_options(**auth_kwargs) auth_plugin = loader.load_from_options(**auth_kwargs)
session = loading.session.Session().load_from_options( session = loading.session.Session().load_from_options(
auth=auth_plugin, timeout=timeout) auth=auth_plugin, timeout=timeout, insecure=insecure)
exception_msg = _('Must provide Keystone credentials or user-defined ' exception_msg = _('Must provide Keystone credentials or user-defined '
'endpoint and token') 'endpoint and token')
@ -86,6 +86,7 @@ def get_client(version, endpoint=None, session=None, auth_token=None,
kwargs['service_type'] = service_type kwargs['service_type'] = service_type
kwargs['interface'] = interface kwargs['interface'] = interface
kwargs['version'] = version kwargs['version'] = version
kwargs['insecure'] = insecure
fm_module = importutils.import_versioned_module('fmclient', fm_module = importutils.import_versioned_module('fmclient',
version, 'client') version, 'client')

4
python-fmclient/fmclient/fmclient/common/http.py
View File

@ -28,7 +28,6 @@ from oslo_utils import netutils
import requests import requests
import OpenSSL import OpenSSL
from fmclient.common import utils from fmclient.common import utils
from fmclient.common import exceptions as exc from fmclient.common import exceptions as exc
@ -318,6 +317,9 @@ class SessionClient(adapter.Adapter, _BaseHTTPClient):
def __init__(self, session, **kwargs): def __init__(self, session, **kwargs):
kwargs.setdefault('user_agent', USER_AGENT) kwargs.setdefault('user_agent', USER_AGENT)
insecure = kwargs.pop('insecure', False)
if insecure:
session.verify = False
self.global_request_id = kwargs.pop('global_request_id', None) self.global_request_id = kwargs.pop('global_request_id', None)
super(SessionClient, self).__init__(session, **kwargs) super(SessionClient, self).__init__(session, **kwargs)

24
python-fmclient/fmclient/fmclient/shell.py
View File

@ -1,5 +1,5 @@
# #
# Copyright (c) 2018 Wind River Systems, Inc. # Copyright (c) 2018-2022 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -12,6 +12,7 @@ from __future__ import print_function
import argparse import argparse
import httplib2 import httplib2
import logging import logging
import os
import sys import sys
from oslo_utils import importutils from oslo_utils import importutils
@ -21,6 +22,18 @@ from fmclient import exc
from fmclient import client from fmclient import client
def env(*args, **kwargs):
"""Returns the first environment variable set.
If all are empty, defaults to '' or keyword arg `default`.
"""
for arg in args:
value = os.environ.get(arg)
if value:
return value
return kwargs.get('default', '')
class FmShell(object): class FmShell(object):
def get_base_parser(self): def get_base_parser(self):
@ -165,6 +178,13 @@ class FmShell(object):
default=utils.env('OS_PROJECT_DOMAIN_NAME'), default=utils.env('OS_PROJECT_DOMAIN_NAME'),
help='Defaults to env[OS_PROJECT_DOMAIN_NAME].') help='Defaults to env[OS_PROJECT_DOMAIN_NAME].')
parser.add_argument('--insecure',
action='store_true',
dest='insecure',
default=env('FMCLIENT_INSECURE', default=False),
help='Disables SSL/TLS certificate verification '
'(Env: FMCLIENT_INSECURE)')
return parser return parser
def get_subcommand_parser(self, version): def get_subcommand_parser(self, version):
@ -259,7 +279,7 @@ class FmShell(object):
'os_tenant_name', 'os_region_name', 'os_user_domain_id', 'os_tenant_name', 'os_region_name', 'os_user_domain_id',
'os_user_domain_name', 'os_project_domain_id', 'os_user_domain_name', 'os_project_domain_id',
'os_project_domain_name', 'os_service_type', 'os_endpoint_type', 'os_project_domain_name', 'os_service_type', 'os_endpoint_type',
'timeout' 'timeout', 'insecure'
) )
kwargs = {} kwargs = {}
for key in client_args: for key in client_args: