Michael Pasternak has uploaded a new change for review. Change subject: sdk: implement insecure flag #848046 ......................................................................
sdk: implement insecure flag #848046 by default if not specified key_file, cert_file, ca_file, SSL connection initiation will fail, unless raised 'insecure' flag https://bugzilla.redhat.com/show_bug.cgi?id=848046 Change-Id: Ib3ab575aae4d5615de76b79ed93234aec354efed Signed-off-by: Michael Pasternak <mpast...@redhat.com> --- M src/codegen/entrypoint/entrypoint.py M src/ovirtsdk/api.py M src/ovirtsdk/infrastructure/connectionspool.py M src/ovirtsdk/infrastructure/errors.py M src/ovirtsdk/web/connection.py 5 files changed, 23 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine-sdk refs/changes/11/7211/1 diff --git a/src/codegen/entrypoint/entrypoint.py b/src/codegen/entrypoint/entrypoint.py index 1d15832..9512fff 100644 --- a/src/codegen/entrypoint/entrypoint.py +++ b/src/codegen/entrypoint/entrypoint.py @@ -128,7 +128,7 @@ api_template = EntryPoint.entryPointImports() + \ EntryPoint.entryPointCustomImports(types) + \ """class API(): - def __init__(self, url, username, password, key_file=None, cert_file=None, ca_file=None, port=None, timeout=None, persistent_auth=True, debug=False): + def __init__(self, url, username, password, key_file=None, cert_file=None, ca_file=None, port=None, timeout=None, persistent_auth=True, insecure=False, debug=False): \""" @param url: server url (format "http/s://server[:port]/api") @@ -140,6 +140,7 @@ [@param port: port to use (if not specified in url)] [@param timeout: request timeout] [@param persistent_auth: enable persistent authentication (format True|False)] + [@param insecure: signals to not demand site trustworthiness for ssl enabled connection (format True|False)] [@param debug: debug (format True|False)] \""" @@ -154,6 +155,7 @@ port=port, strict=False, timeout=timeout, + insecure=insecure, debug=debug ) diff --git a/src/ovirtsdk/api.py b/src/ovirtsdk/api.py index 10b90e3..63fc2b2 100644 --- a/src/ovirtsdk/api.py +++ b/src/ovirtsdk/api.py @@ -20,7 +20,7 @@ ######################################## ''' -Generated at: 2012-08-15 13:34:35.546882 +Generated at: 2012-08-15 15:14:36.711730 @author: mpast...@redhat.com ''' @@ -48,7 +48,7 @@ class API(): - def __init__(self, url, username, password, key_file=None, cert_file=None, ca_file=None, port=None, timeout=None, persistent_auth=True, debug=False): + def __init__(self, url, username, password, key_file=None, cert_file=None, ca_file=None, port=None, timeout=None, persistent_auth=True, insecure=False, debug=False): """ @param url: server url (format "http/s://server[:port]/api") @@ -60,6 +60,7 @@ [@param port: port to use (if not specified in url)] [@param timeout: request timeout] [@param persistent_auth: enable persistent authentication (format True|False)] + [@param insecure: signals to not demand site trustworthiness for ssl enabled connection (format True|False)] [@param debug: debug (format True|False)] """ @@ -74,6 +75,7 @@ port=port, strict=False, timeout=timeout, + insecure=insecure, debug=debug ) diff --git a/src/ovirtsdk/infrastructure/connectionspool.py b/src/ovirtsdk/infrastructure/connectionspool.py index 6c7d684..0237288 100644 --- a/src/ovirtsdk/infrastructure/connectionspool.py +++ b/src/ovirtsdk/infrastructure/connectionspool.py @@ -22,7 +22,7 @@ ''' ConnectionsManager used to manage pool of web connections ''' - def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, password, count=20, debug=False): + def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, password, count=20, insecure=False, debug=False): self.__free_connections = Queue(0) self.__busy_connections = {} @@ -43,6 +43,7 @@ username=username, \ password=password, manager=self, + insecure=insecure, debug=debug)) def getConnection(self, get_ttl=100): # try: diff --git a/src/ovirtsdk/infrastructure/errors.py b/src/ovirtsdk/infrastructure/errors.py index 774965c..7b7d897 100644 --- a/src/ovirtsdk/infrastructure/errors.py +++ b/src/ovirtsdk/infrastructure/errors.py @@ -84,6 +84,10 @@ def __init__(self, expect): Exception.__init__(self, '[ERROR]::oVirt API connection failure, %s' % expect) +class NoCertificatesError(Exception): + def __init__(self): + Exception.__init__(self, '[ERROR]::key_file, cert_file, ca_file must be specified for SSL connection.') + class RequestError(Exception): def __init__(self, response): self.detail = None diff --git a/src/ovirtsdk/web/connection.py b/src/ovirtsdk/web/connection.py index fdd3942..02ee7d3 100644 --- a/src/ovirtsdk/web/connection.py +++ b/src/ovirtsdk/web/connection.py @@ -19,23 +19,27 @@ import urllib import urlparse from ovirtsdk.web.httpsconnection import HTTPSConnection +from ovirtsdk.infrastructure.errors import NoCertificatesError class Connection(object): ''' The oVirt api connection proxy ''' - def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, password, manager, debug=False): + def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, password, manager, insecure=False, debug=False): self.__connection = self.__createConnection(url=url, port=port, key_file=key_file, cert_file=cert_file, ca_file=ca_file, + insecure=insecure, strict=strict, timeout=timeout) + self.__connection.set_debuglevel(int(debug)) self.__headers = self.__createHeaders(username, password) self.__manager = manager self.__id = id(self) + self.__insecure = insecure def get_id(self): return self.__id @@ -83,10 +87,13 @@ return urlparse.urlparse(url) - def __createConnection(self, url, key_file=None, cert_file=None, ca_file=None, port=None, strict=None, timeout=None): + def __createConnection(self, url, key_file=None, cert_file=None, ca_file=None, insecure=False, port=None, strict=None, timeout=None): u = self.__parse_url(url) if(u.scheme == 'https'): + if not insecure and (not ca_file or not key_file or not cert_file): + raise NoCertificatesError + return HTTPSConnection(host=u.hostname, port=u.port, key_file=key_file, @@ -94,6 +101,7 @@ ca_file=ca_file, strict=strict, timeout=timeout) + return HTTPConnection(host=u.hostname, port=u.port, strict=strict, -- To view, visit http://gerrit.ovirt.org/7211 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib3ab575aae4d5615de76b79ed93234aec354efed Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine-sdk Gerrit-Branch: master Gerrit-Owner: Michael Pasternak <mpast...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
