Specify the cacert file in the verify option when in secure mode

When running in secure mode we want to set the "verify" option to the path to the cacert file Tests: 1° I generate a certificate using the documentation and installed on the controller (activate https), I got the ca cert and I set up a remote cli pointing to a DC and I exported the certificate in a variable OS_CACERT to the client get it, I ran some commands from DC. 2° I passed a flag insecure to execute the dcmanager client in a insecure mode 3° Built an ISO to check if something broke and installed on DC using VDM to check if the dcmanager keeps the current behavior Note: I think is a good ideia to plan a standardization of the clients mainly the keystone (authentication) part This change is based on the documentation of the requests documentation https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification Closes-bug: 1927723 Signed-off-by: Rafael Jordão Jardim <RafaelJordao.Jardim@windriver.com> Change-Id: I4221657b97592b319b3fbf54b5b8c6d325ec9aa3
2021-05-06 16:27:06 -04:00 · 2021-05-06 16:27:06 -04:00 · d52a908008
parent 0ed351f715
commit d52a908008
1 changed files with 4 additions and 2 deletions
--- a/distributedcloud-client/dcmanagerclient/api/httpclient.py
+++ b/distributedcloud-client/dcmanagerclient/api/httpclient.py
@ -61,8 +61,10 @@ class HTTPClient(object):
                LOG.warning('Client is set to not verify even though '
                            'cacert is provided.')

-            self.ssl_options['verify'] = not insecure
-            self.ssl_options['cert'] = cacert
+            if insecure:
+                self.ssl_options['verify'] = False
+            else:
+                self.ssl_options['verify'] = True if not cacert else cacert

    @log_request
    def get(self, url, headers=None):