Merge "Allow --insecure to override --os-cacert"

2015-06-04 19:27:36 +00:00 · 2015-06-04 19:27:36 +00:00 · 7e067c6f4f
commit 7e067c6f4f
parent 0c5f12aec0 31d785ec69
2 changed files with 20 additions and 10 deletions
--- a/openstackclient/shell.py
+++ b/openstackclient/shell.py
@ -264,12 +264,21 @@ class OpenStackShell(app.App):
        self.log.debug("cloud cfg: %s", self.cloud.config)
        # Set up client TLS
-        cacert = self.cloud.cacert
+        # NOTE(dtroyer): --insecure is the non-default condition that
-        if cacert:
+        #                overrides any verify setting in clouds.yaml
-            self.verify = cacert
+        #                so check it first, then fall back to any verify
-        else:
+        #                setting provided.
-            self.verify = not self.cloud.config.get('insecure', False)
+        self.verify = not self.cloud.config.get(
-            self.verify = self.cloud.config.get('verify', self.verify)
+            'insecure',
            not self.cloud.config.get('verify', True),
        )
        # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
        #                --insecure now overrides any --os-cacert setting,
        #                where before --insecure was ignored if --os-cacert
        #                was set.
        if self.verify and self.cloud.cacert:
            self.verify = self.cloud.cacert
        # Save default domain
        self.default_domain = self.options.default_domain
--- a/openstackclient/tests/test_shell.py
+++ b/openstackclient/tests/test_shell.py
@ -540,14 +540,15 @@ class TestShellCli(TestShell):
        self.assertTrue(_shell.verify)
        # --os-cacert and --insecure
-        # NOTE(dtroyer): This really is a bogus combination, the default is
+        # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784
-        #                to follow the requests.Session convention and let
+        #                in this combination --insecure now overrides any
-        #                --os-cacert override --insecure
+        #                --os-cacert setting, where before --insecure
        #                was ignored if --os-cacert was set.
        fake_execute(_shell, "--os-cacert foo --insecure list user")
        self.assertIsNone(_shell.options.verify)
        self.assertTrue(_shell.options.insecure)
        self.assertEqual('foo', _shell.options.cacert)
-        self.assertTrue(_shell.verify)
+        self.assertFalse(_shell.verify)
    def test_default_env(self):
        flag = ""