Skip to content

Commit a413d6b

Browse files
dymurraydjzager
dymurray
authored and
djzager
committed
Bug 1572452 - Change --secure option to specify CA cert (#285)
* Bug 1572452 - Change --secure option to specify CA cert * Small testing updates * Updates to conditionals
1 parent 52cff6f commit a413d6b

File tree

2 files changed

+63
-16
lines changed

2 files changed

+63
-16
lines changed

src/apb/cli.py

Lines changed: 48 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,16 @@ def subcmd_list_parser(subcmd):
3939
'--secure',
4040
action='store_true',
4141
dest='verify',
42-
help=u'Use secure connection to Ansible Service Broker',
42+
help=u'Verify SSL connection to Ansible Service Broker',
4343
default=False
4444
)
45+
subcmd.add_argument(
46+
'--ca-path',
47+
action='store',
48+
dest='cert',
49+
help=u'CA cert to use for verifying SSL connection to Ansible Service Broker',
50+
default=None
51+
)
4552
subcmd.add_argument(
4653
'--verbose',
4754
'-v',
@@ -227,9 +234,16 @@ def subcmd_push_parser(subcmd):
227234
'--secure',
228235
action='store_true',
229236
dest='verify',
230-
help=u'Use secure connection to Ansible Service Broker',
237+
help=u'Verify SSL connection to Ansible Service Broker',
231238
default=False
232239
)
240+
subcmd.add_argument(
241+
'--ca-path',
242+
action='store',
243+
dest='cert',
244+
help=u'CA cert to use for verifying SSL connection to Ansible Service Broker',
245+
default=None
246+
)
233247
subcmd.add_argument(
234248
'--username',
235249
'-u',
@@ -302,9 +316,16 @@ def subcmd_remove_parser(subcmd):
302316
'--secure',
303317
action='store_true',
304318
dest='verify',
305-
help=u'Use secure connection to Ansible Service Broker',
319+
help=u'Verify SSL connection to Ansible Service Broker',
306320
default=False
307321
)
322+
subcmd.add_argument(
323+
'--ca-path',
324+
action='store',
325+
dest='cert',
326+
help=u'CA cert to use for verifying SSL connection to Ansible Service Broker',
327+
default=None
328+
)
308329
subcmd.add_argument(
309330
'--username',
310331
'-u',
@@ -350,9 +371,16 @@ def subcmd_bootstrap_parser(subcmd):
350371
'--secure',
351372
action='store_true',
352373
dest='verify',
353-
help=u'Use secure connection to Ansible Service Broker',
374+
help=u'Verify SSL connection to Ansible Service Broker',
354375
default=False
355376
)
377+
subcmd.add_argument(
378+
'--ca-path',
379+
action='store',
380+
dest='cert',
381+
help=u'CA cert to use for verifying SSL connection to Ansible Service Broker',
382+
default=None
383+
)
356384
subcmd.add_argument(
357385
'--no-relist',
358386
action='store_true',
@@ -506,9 +534,16 @@ def subcmd_relist_parser(subcmd):
506534
'--secure',
507535
action='store_true',
508536
dest='verify',
509-
help=u'Use secure connection to Ansible Service Broker',
537+
help=u'Verify SSL connection to Ansible Service Broker',
510538
default=False
511539
)
540+
subcmd.add_argument(
541+
'--ca-path',
542+
action='store',
543+
dest='cert',
544+
help=u'CA cert to use for verifying SSL connection to Ansible Service Broker',
545+
default=None
546+
)
512547
subcmd.add_argument(
513548
'--username',
514549
'-u',
@@ -534,9 +569,16 @@ def subcmd_refresh_parser(subcmd):
534569
'--secure',
535570
action='store_true',
536571
dest='verify',
537-
help=u'Use secure connection to Ansible Service Broker',
572+
help=u'Verify SSL connection to Ansible Service Broker',
538573
default=False
539574
)
575+
subcmd.add_argument(
576+
'--ca-path',
577+
action='store',
578+
dest='cert',
579+
help=u'CA cert to use for verifying SSL connection to Ansible Service Broker',
580+
default=None
581+
)
540582
subcmd.add_argument(
541583
'--username',
542584
'-u',

src/apb/engine.py

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -746,6 +746,11 @@ def broker_request(broker, service_route, method, **kwargs):
746746
if not broker.startswith('http'):
747747
broker = 'https://' + broker
748748

749+
if kwargs["cert"] is not None:
750+
verify = kwargs["cert"]
751+
else:
752+
verify = kwargs["verify"]
753+
749754
url = broker + service_route
750755
print("Contacting the ansible-service-broker at: %s" % url)
751756

@@ -762,7 +767,7 @@ def broker_request(broker, service_route, method, **kwargs):
762767
else:
763768
token = openshift_client.Configuration().get_api_key_with_prefix('authorization')
764769
headers = {'Authorization': token}
765-
response = requests.request(method, url, verify=kwargs["verify"],
770+
response = requests.request(method, url, verify=verify,
766771
headers=headers, data=kwargs.get("data"))
767772
except Exception as e:
768773
print("ERROR: Failed broker request (%s) %s" % (method, url))
@@ -773,7 +778,7 @@ def broker_request(broker, service_route, method, **kwargs):
773778

774779
def cmdrun_list(**kwargs):
775780
response = broker_request(kwargs['broker'], "/v2/catalog", "get",
776-
verify=kwargs["verify"],
781+
verify=kwargs["verify"], cert=kwargs["cert"],
777782
basic_auth_username=kwargs.get("basic_auth_username"),
778783
basic_auth_password=kwargs.get("basic_auth_password"),
779784
auth_token=kwargs.get("auth_token"))
@@ -1142,7 +1147,7 @@ def cmdrun_push(**kwargs):
11421147
print(spec)
11431148
if kwargs['broker_push']:
11441149
response = broker_request(broker, "/v2/apb", "post", data=data_spec,
1145-
verify=kwargs["verify"],
1150+
verify=kwargs["verify"], cert=kwargs["cert"],
11461151
basic_auth_username=kwargs.get("basic_auth_username"),
11471152
basic_auth_password=kwargs.get("basic_auth_password"),
11481153
auth_token=kwargs.get("auth_token"))
@@ -1165,7 +1170,7 @@ def cmdrun_push(**kwargs):
11651170
kwargs.get("basic_auth_username"),
11661171
kwargs.get("basic_auth_password"),
11671172
kwargs.get("auth_token"),
1168-
kwargs["verify"]
1173+
kwargs["verify"], kwargs["cert"]
11691174
)
11701175

11711176
if not kwargs['no_relist']:
@@ -1209,14 +1214,14 @@ def cmdrun_remove(**kwargs):
12091214
kwargs.get("basic_auth_username"),
12101215
kwargs.get("basic_auth_password"),
12111216
kwargs.get("auth_token"),
1212-
kwargs["verify"]
1217+
kwargs["verify"], cert=kwargs["cert"]
12131218
)
12141219
exit()
12151220
else:
12161221
raise Exception("No flag specified. Use --id or --local.")
12171222

12181223
response = broker_request(kwargs["broker"], route, "delete",
1219-
verify=kwargs["verify"],
1224+
verify=kwargs["verify"], cert=kwargs["cert"],
12201225
basic_auth_username=kwargs.get("basic_auth_username"),
12211226
basic_auth_password=kwargs.get("basic_auth_password"),
12221227
auth_token=kwargs.get("auth_token"))
@@ -1225,7 +1230,7 @@ def cmdrun_remove(**kwargs):
12251230
print("Received a 404 trying to remove APB with id: %s" % kwargs["id"])
12261231
print("Attempting to contact 3.7 endpoint before erroring out.")
12271232
response = broker_request(kwargs["broker"], old_route, "delete",
1228-
verify=kwargs["verify"],
1233+
verify=kwargs["verify"], cert=kwargs["cert"],
12291234
basic_auth_username=kwargs.get("basic_auth_username"),
12301235
basic_auth_password=kwargs.get("basic_auth_password"),
12311236
auth_token=kwargs.get("auth_token"))
@@ -1241,9 +1246,9 @@ def cmdrun_remove(**kwargs):
12411246
print("Successfully deleted APB")
12421247

12431248

1244-
def bootstrap(broker, username, password, token, verify):
1249+
def bootstrap(broker, username, password, token, verify, cert):
12451250
response = broker_request(broker, "/v2/bootstrap", "post", data={},
1246-
verify=verify,
1251+
verify=verify, cert=cert,
12471252
basic_auth_username=username,
12481253
basic_auth_password=password,
12491254
auth_token=token)
@@ -1259,7 +1264,7 @@ def bootstrap(broker, username, password, token, verify):
12591264
def cmdrun_bootstrap(**kwargs):
12601265
bootstrap(kwargs["broker"], kwargs.get("basic_auth_username"),
12611266
kwargs.get("basic_auth_password"), kwargs.get("auth_token"),
1262-
kwargs["verify"])
1267+
kwargs["verify"], kwargs["cert"])
12631268

12641269
if not kwargs['no_relist']:
12651270
relist_service_broker(kwargs)

0 commit comments

Comments
 (0)