Michael Pasternak has uploaded a new change for review. Change subject: cli: implement server identity check ......................................................................
cli: implement server identity check Change-Id: I68d000db79c16e0e1cd568946d6669f60b993913 Signed-off-by: Michael Pasternak <[email protected]> --- M src/cli/messages.py M src/ovirtcli/command/connect.py M src/ovirtcli/context.py M src/ovirtcli/options.py M src/ovirtcli/settings.py M src/ovirtcli/shell/connectcmdshell.py 6 files changed, 32 insertions(+), 13 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine-cli refs/changes/49/7249/1 diff --git a/src/cli/messages.py b/src/cli/messages.py index 5733f86..0278b3b 100644 --- a/src/cli/messages.py +++ b/src/cli/messages.py @@ -30,6 +30,7 @@ NO_CONSOLE_FOUND = '%s viewer was not found, please install %s first.' NOT_CONNECTED = OvirtCliSettings.PRODUCT.lower() + '-shell is not connected.' NO_SUCH_COLLECTION = 'no such collection "%s" or given arguments not valid.' + NO_CERTIFICATES = 'client/server certificate files must be specified for SSL secured connection.' CANNOT_CREATE = 'cannot create "%s" because %s collection is not available or given arguments not valid.' CANNOT_CONNECT_TO_VM_DUE_TO_INVALID_STATE = 'cannot connect to vm due to invalid state.' CANNOT_START_CONSOLE_CLIENT = '$DISPLAY not set, cannot start a %s client.' diff --git a/src/ovirtcli/command/connect.py b/src/ovirtcli/command/connect.py index 4c0e588..e063030 100644 --- a/src/ovirtcli/command/connect.py +++ b/src/ovirtcli/command/connect.py @@ -18,7 +18,10 @@ from ovirtcli.command.command import OvirtCommand from ovirtsdk.api import API from ovirtcli.settings import OvirtCliSettings -from ovirtsdk.infrastructure.errors import RequestError +from ovirtsdk.infrastructure.errors import RequestError, NoCertificatesError, \ + ConnectionError +from cli.messages import Messages +from ovirtsdk.web.connection import Connection class ConnectCommand(OvirtCommand): @@ -45,8 +48,9 @@ * url - The URL to connect to. * username - The user to connect as. (format user@domain). * password - The password to use. - * [key-file] - The key file to use. - * [cert-file] - The certificate file to use. + * [key-file] - The client PEM key file to use. + * [cert-file] - The client PEM certificate file to use. + * [ca-file] - The server CA certificate file to use. * [port] - The port to use (if not specified in url). * [timeout] - The timeout on request. """ @@ -59,8 +63,9 @@ MIN_FORCE_CREDENTIALS_CHECK_VERSION = ('00000003', '00000001', '00000000', '00000004') - key_file = settings.get('ovirt-shell:key_file') - cert_file = settings.get('ovirt-shell:cert_file') + key_file = self.xNoneType(settings.get('ovirt-shell:key_file')) + cert_file = self.xNoneType(settings.get('ovirt-shell:cert_file')) + ca_file = self.xNoneType(settings.get('ovirt-shell:ca_file')) port = settings.get('ovirt-shell:port') timeout = settings.get('ovirt-shell:timeout') debug = settings.get('cli:debug') @@ -87,6 +92,7 @@ password=password, key_file=key_file, cert_file=cert_file, + ca_file=ca_file, port=port if port != -1 else None, timeout=timeout if timeout != -1 else None, debug=debug) @@ -100,10 +106,15 @@ except RequestError, e: self.__cleanContext() - stdout.write('\n') self.error(str(e.reason + ", [Errno: " + str(e.status) + ']\n')) + except NoCertificatesError: + self.__cleanContext() + self.error(Messages.Error.NO_CERTIFICATES) + except ConnectionError, e: + self.__cleanContext() + self.context._clean_settings() + self.error(str(e)) except Exception, e: - stdout.write('\n') self.__cleanContext() self.error(str(e).replace(', ', ',\n')) @@ -118,3 +129,6 @@ except Exception, e: self.error(e.strerror.lower()) self.context.connection = None + + def xNoneType(self, s): + return None if s == 'None' else s diff --git a/src/ovirtcli/context.py b/src/ovirtcli/context.py index b20aa4d..6d2ad6e 100644 --- a/src/ovirtcli/context.py +++ b/src/ovirtcli/context.py @@ -146,6 +146,7 @@ self.settings['ovirt-shell:password'] = '' self.settings['ovirt-shell:key_file'] = None self.settings['ovirt-shell:cert_file'] = None + self.settings['ovirt-shell:ca_file'] = None self.settings['ovirt-shell:port'] = -1 self.settings['ovirt-shell:timeout'] = -1 self.settings['cli:debug'] = False diff --git a/src/ovirtcli/options.py b/src/ovirtcli/options.py index 69dc907..9f9eb9e 100644 --- a/src/ovirtcli/options.py +++ b/src/ovirtcli/options.py @@ -18,14 +18,15 @@ import textwrap from optparse import OptionParser import sys +from ovirtcli import settings class OvirtCliOptionParser(OptionParser): usage = '%prog [options]\n %prog [options] command...' description = textwrap.dedent("""\ - This program is a command-line interface to oVirt Virtualization. - """) + This program is a command-line interface to %s Virtualization. + """ % settings.OvirtCliSettings.PRODUCT) def __init__(self): @@ -34,11 +35,12 @@ self.add_option('-d', '--debug', action='store_true', help='enable debugging') self.add_option('-l', '--url', - help='specifies the API entry point URL') + help='specifies the API entry point URL (http[s]://server[:port]/api)') self.add_option('-u', '--username', help='connect as this user') self.add_option('-p', '--password', help='specify password') - self.add_option('-K', '--key-file', help='specify key-file') - self.add_option('-C', '--cert-file', help='specify cert-file') + self.add_option('-K', '--key-file', help='specify client PEM key-file') + self.add_option('-C', '--cert-file', help='specify client PEM cert-file') + self.add_option('-A', '--ca-file', help='specify server CA cert-file') self.add_option('-P', '--port', help='specify port') self.add_option('-T', '--timeout', help='specify timeout') self.add_option('-c', '--connect', action='store_true', diff --git a/src/ovirtcli/settings.py b/src/ovirtcli/settings.py index 56c9f1a..6671657 100644 --- a/src/ovirtcli/settings.py +++ b/src/ovirtcli/settings.py @@ -52,6 +52,7 @@ ('ovirt-shell:password', str, ''), ('ovirt-shell:key_file', str, None), ('ovirt-shell:cert_file', str, None), + ('ovirt-shell:ca_file', str, None), ('ovirt-shell:port', int, -1), ('ovirt-shell:timeout', int, -1), ('ovirt-shell:input_format', enum('xml'), 'xml'), diff --git a/src/ovirtcli/shell/connectcmdshell.py b/src/ovirtcli/shell/connectcmdshell.py index ff0b66a..e5cf25b 100644 --- a/src/ovirtcli/shell/connectcmdshell.py +++ b/src/ovirtcli/shell/connectcmdshell.py @@ -24,7 +24,7 @@ class ConnectCmdShell(CmdShell): NAME = 'connect' - OPTIONS = [ 'url', 'user', 'password', 'key-file', 'cert-file', 'port', 'timeout'] + OPTIONS = [ 'url', 'user', 'password', 'key-file', 'cert-file', 'ca-file', 'port', 'timeout'] def __init__(self, context, parser): CmdShell.__init__(self, context, parser) -- To view, visit http://gerrit.ovirt.org/7249 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I68d000db79c16e0e1cd568946d6669f60b993913 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine-cli Gerrit-Branch: master Gerrit-Owner: Michael Pasternak <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
