46 lines
1.7 KiB
Diff
46 lines
1.7 KiB
Diff
---
|
|
keystoneclient/v2_0/client.py | 18 ++++++++++++++++++
|
|
1 file changed, 18 insertions(+)
|
|
|
|
--- a/keystoneclient/v2_0/client.py
|
|
+++ b/keystoneclient/v2_0/client.py
|
|
@@ -13,6 +13,7 @@
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
+import os
|
|
import logging
|
|
|
|
from keystoneclient.auth.identity import v2 as v2_auth
|
|
@@ -29,6 +30,8 @@ from keystoneclient.v2_0 import tenants
|
|
from keystoneclient.v2_0 import tokens
|
|
from keystoneclient.v2_0 import users
|
|
|
|
+import requests
|
|
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
|
|
|
_logger = logging.getLogger(__name__)
|
|
|
|
@@ -130,6 +133,21 @@ class Client(httpclient.HTTPClient):
|
|
|
|
def __init__(self, **kwargs):
|
|
"""Initialize a new client for the Keystone v2.0 API."""
|
|
+
|
|
+ # NOTE(knasim-wrs): As per US76645, the Keystone adminURL
|
|
+ # is no longer an internal address since it needs to be
|
|
+ # accessible via remote Openstack client. Things get
|
|
+ # complicated with HTTPS where the internal keystone client
|
|
+ # gets this adminURL and cannot connect to Keystone server
|
|
+ # as it cannot verify the SSL certificate.
|
|
+ # We will check for this condition here, if OS_ENDPOINT_TYPE
|
|
+ # is not publicURL then this is an internal access scenario and
|
|
+ # Keystone client will be set to SSL insecure mode
|
|
+ if os.environ.get('OS_ENDPOINT_TYPE') == 'internalURL':
|
|
+ kwargs['insecure'] = True
|
|
+ # disable verbose insecurity warnings
|
|
+ requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
|
+
|
|
super(Client, self).__init__(**kwargs)
|
|
|
|
self.certificates = certificates.CertificatesManager(self._adapter)
|