Set SSL verification settings to licensing and logging clients

coriolisclient/cli/shell.py

@@ -124,7 +124,7 @@ def build_kwargs_based_on_version(self, args, api_version=None):
         return dict((k, v) for (k, v) in six.iteritems(kwargs) if v)
 
     def create_keystone_session(
-            self, args, api_version, kwargs_dict, auth_type
+            self, args, api_version, kwargs_dict, auth_type, verify=True,
     ):
         # Make sure we have the correct arguments to function
         self.check_auth_arguments(args, api_version, raise_exc=True)
@@ -148,15 +148,14 @@ def create_keystone_session(
 
         auth = method(**kwargs)
 
-        verify = args.os_cacert or not args.insecure
-
         return session.Session(auth=auth, verify=verify)
 
     def create_client(self, args):
         created_client = None
         endpoint_filter_kwargs = self._get_endpoint_filter_kwargs(args)
 
         api_version = args.os_identity_api_version
+        verify = args.os_cacert or not args.insecure
         if args.no_auth and args.os_auth_url:
             raise Exception(
                 'ERROR: argument --os-auth-url/-A: not allowed '
@@ -172,7 +171,7 @@ def create_client(self, args):
             created_client = client.Client(
                 endpoint=args.endpoint,
                 project_id=args.os_tenant_id or args.os_project_id,
-                verify=not args.insecure,
+                verify=verify,
                 **endpoint_filter_kwargs
             )
         # Token-based authentication
@@ -184,11 +183,12 @@ def create_client(self, args):
                 'token': args.os_auth_token
             }
             session = self.create_keystone_session(
-                args, api_version, token_kwargs, auth_type='token'
-            )
+                args, api_version, token_kwargs, auth_type='token',
+                verify=verify)
             created_client = client.Client(
                 session=session,
                 endpoint=args.endpoint,
+                verify=verify,
                 **endpoint_filter_kwargs
             )
 
@@ -201,11 +201,12 @@ def create_client(self, args):
                 'username': args.os_username,
             }
             session = self.create_keystone_session(
-                args, api_version, password_kwargs, auth_type='password'
-            )
+                args, api_version, password_kwargs, auth_type='password',
+                verify=verify)
             created_client = client.Client(
                 session=session,
                 endpoint=args.endpoint,
+                verify=verify,
                 **endpoint_filter_kwargs
             )
         else:

coriolisclient/client.py

@@ -49,11 +49,12 @@
 
 
 class _HTTPClient(adapter.Adapter):
-    def __init__(self, session, project_id=None, **kwargs):
+    def __init__(self, session, project_id=None, verify=True, **kwargs):
         kwargs.setdefault('interface', _DEFAULT_SERVICE_INTERFACE)
         kwargs.setdefault('service_type', _DEFAULT_SERVICE_TYPE)
         kwargs.setdefault('version', _DEFAULT_API_VERSION)
         endpoint = kwargs.pop('endpoint', None)
+        self.verify = verify
 
         super(_HTTPClient, self).__init__(session, **kwargs)
 

coriolisclient/v1/licensing.py

@@ -56,7 +56,7 @@ def _do_req(self, method_name, resource, body=None, response_key=None,
         endpoint_url = self._get_licensing_endpoint_url()
         url = '%s/%s' % (endpoint_url.rstrip('/'), resource.lstrip('/'))
 
-        kwargs = dict()
+        kwargs = {"verify": self._cli.verify}
         if body:
             if not isinstance(body, (str, bytes)):
                 body = json.dumps(body)

coriolisclient/v1/logging.py

@@ -17,6 +17,7 @@
 import datetime
 import json
 import logging
+import ssl
 import traceback
 
 import requests
@@ -100,9 +101,18 @@ def stream_logs(self, app_name=None, severity=None):
             "severity": severity,
         }
         url = self._construct_url("ws", args, is_websocket=True)
+        if self._cli.verify:
+            cafile = None
+            if isinstance(self._cli.verify, str):
+                cafile = self._cli.verify
+            ssl_context = ssl.create_default_context(cafile=cafile)
+        else:
+            ssl_context = ssl.SSLContext()
+            ssl_context.verify_mode = ssl.CERT_NONE
 
         async def nested():
-            async with websockets.connect(url, extra_headers=headers) as ws:
+            async with websockets.connect(
+                    url, extra_headers=headers, ssl=ssl_context) as ws:
                 while True:
                     msg = await ws.recv()
                     as_dict = json.loads(msg)
@@ -162,7 +172,9 @@ def download_logs(self, app, to, start_time=None, end_time=None):
         }
         resource = "logs/%s/" % app
         url = self._construct_url(resource, args)
-        with requests.get(url, headers=headers, stream=True) as r:
+        verify = self._cli.verify
+        with requests.get(
+                url, headers=headers, stream=True, verify=verify) as r:
             r.raise_for_status()
             with open(to, 'wb') as fd:
                 for chunk in r.iter_content(chunk_size=8192):
@@ -172,7 +184,7 @@ def download_logs(self, app, to, start_time=None, end_time=None):
     def list_logs(self):
         headers = self._auth_headers
         url = self._construct_url("logs/")
-        req = requests.get(url, headers=headers)
+        req = requests.get(url, headers=headers, verify=self._cli.verify)
         req.raise_for_status()
         ret = req.json()
         return ret.get("logs", [])