From 2b5271039308e95369d71504954fbd54643596db Mon Sep 17 00:00:00 2001 From: spisarski Date: Fri, 21 Jul 2017 09:43:08 -0600 Subject: Default OSCreds cacert attribute to False. The default of True causes more problems than False when dealing with unsecure and secure (HTTPS) API calls. This was issue was found while testing against the new OPNFV CI test pod running Pike. JIRA: SNAPS-80 Change-Id: I819b4f64fa637bb7ce53c58a7a1164600ff6a3b9 Signed-off-by: spisarski --- snaps/openstack/os_credentials.py | 13 ++++++++----- snaps/openstack/tests/conf/os_credentials_tests.py | 18 ++++++++++-------- snaps/openstack/tests/openstack_tests.py | 3 +-- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/snaps/openstack/os_credentials.py b/snaps/openstack/os_credentials.py index 17f65e6..4c681ac 100644 --- a/snaps/openstack/os_credentials.py +++ b/snaps/openstack/os_credentials.py @@ -97,12 +97,15 @@ class OSCreds: else: self.interface = kwargs['interface'] - self.cacert = kwargs.get('cacert', True) - if isinstance(kwargs.get('cacert'), str): - if file_utils.file_exists(kwargs['cacert']): - self.cacert = kwargs['cacert'] + self.cacert = False + if kwargs.get('cacert') is not None: + if isinstance(kwargs.get('cacert'), str): + if file_utils.file_exists(kwargs['cacert']): + self.cacert = kwargs['cacert'] + else: + self.cacert = str2bool(kwargs['cacert']) else: - self.cacert = str2bool(self.cacert) + self.cacert = kwargs['cacert'] if isinstance(kwargs.get('proxy_settings'), ProxySettings): self.proxy_settings = kwargs.get('proxy_settings') diff --git a/snaps/openstack/tests/conf/os_credentials_tests.py b/snaps/openstack/tests/conf/os_credentials_tests.py index a4cfa61..cde8161 100644 --- a/snaps/openstack/tests/conf/os_credentials_tests.py +++ b/snaps/openstack/tests/conf/os_credentials_tests.py @@ -160,7 +160,7 @@ class OSCredsUnitTests(unittest.TestCase): self.assertEqual('default', os_creds.user_domain_id) self.assertEqual('default', os_creds.project_domain_id) self.assertEqual('admin', os_creds.interface) - self.assertTrue(os_creds.cacert) + self.assertFalse(os_creds.cacert) self.assertIsNone(os_creds.proxy_settings) def test_minimal_kwargs(self): @@ -178,7 +178,7 @@ class OSCredsUnitTests(unittest.TestCase): self.assertEqual('default', os_creds.user_domain_id) self.assertEqual('default', os_creds.project_domain_id) self.assertEqual('admin', os_creds.interface) - self.assertTrue(os_creds.cacert) + self.assertFalse(os_creds.cacert) self.assertIsNone(os_creds.proxy_settings) def test_all_kwargs_versions_str(self): @@ -186,7 +186,8 @@ class OSCredsUnitTests(unittest.TestCase): **{'username': 'foo', 'password': 'bar', 'auth_url': 'http://foo.bar:5000/v2', 'project_name': 'hello', 'identity_api_version': '5', 'image_api_version': '6', - 'compute_api_version': '7', 'heat_api_version': '8.0'}) + 'compute_api_version': '7', 'heat_api_version': '8.0', + 'cacert': 'true'}) self.assertEqual('foo', os_creds.username) self.assertEqual('bar', os_creds.password) self.assertEqual('http://foo.bar:5000/v2', os_creds.auth_url) @@ -206,7 +207,8 @@ class OSCredsUnitTests(unittest.TestCase): **{'username': 'foo', 'password': 'bar', 'auth_url': 'http://foo.bar:5000/v2', 'project_name': 'hello', 'identity_api_version': 5, 'image_api_version': 6, - 'compute_api_version': 7, 'heat_api_version': 8.0}) + 'compute_api_version': 7, 'heat_api_version': 8.0, + 'cacert': True}) self.assertEqual('foo', os_creds.username) self.assertEqual('bar', os_creds.password) self.assertEqual('http://foo.bar:5000/v2', os_creds.auth_url) @@ -237,7 +239,7 @@ class OSCredsUnitTests(unittest.TestCase): self.assertEqual('default', os_creds.user_domain_id) self.assertEqual('default', os_creds.project_domain_id) self.assertEqual('admin', os_creds.interface) - self.assertTrue(os_creds.cacert) + self.assertFalse(os_creds.cacert) self.assertEqual('foo', os_creds.proxy_settings.host) self.assertEqual(1234, os_creds.proxy_settings.port) self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd) @@ -259,7 +261,7 @@ class OSCredsUnitTests(unittest.TestCase): self.assertEqual('default', os_creds.user_domain_id) self.assertEqual('default', os_creds.project_domain_id) self.assertEqual('admin', os_creds.interface) - self.assertTrue(os_creds.cacert) + self.assertFalse(os_creds.cacert) self.assertEqual('foo', os_creds.proxy_settings.host) self.assertEqual(1234, os_creds.proxy_settings.port) self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd) @@ -279,7 +281,7 @@ class OSCredsUnitTests(unittest.TestCase): self.assertEqual('default', os_creds.user_domain_id) self.assertEqual('default', os_creds.project_domain_id) self.assertEqual('admin', os_creds.interface) - self.assertTrue(os_creds.cacert) + self.assertFalse(os_creds.cacert) self.assertEqual('foo', os_creds.proxy_settings.host) self.assertEqual(1234, os_creds.proxy_settings.port) self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd) @@ -300,7 +302,7 @@ class OSCredsUnitTests(unittest.TestCase): self.assertEqual('default', os_creds.user_domain_id) self.assertEqual('default', os_creds.project_domain_id) self.assertEqual('admin', os_creds.interface) - self.assertTrue(os_creds.cacert) + self.assertFalse(os_creds.cacert) self.assertEqual('foo', os_creds.proxy_settings.host) self.assertEqual(1234, os_creds.proxy_settings.port) self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd) diff --git a/snaps/openstack/tests/openstack_tests.py b/snaps/openstack/tests/openstack_tests.py index 9cf2028..855beb5 100644 --- a/snaps/openstack/tests/openstack_tests.py +++ b/snaps/openstack/tests/openstack_tests.py @@ -73,12 +73,11 @@ def get_credentials(os_env_file=None, proxy_settings_str=None, proxy_settings = ProxySettings(host=tokens[0], port=tokens[1], ssh_proxy_cmd=ssh_proxy_cmd) + https_cacert = None if config.get('OS_CACERT'): https_cacert = config.get('OS_CACERT') elif config.get('OS_INSECURE'): https_cacert = False - else: - https_cacert = True interface = 'admin' if config.get('OS_INTERFACE'): -- cgit 1.2.3-korg