Keith Robertson has uploaded a new change for review. Change subject: tools: support mandatory verify(BZ854721) SDK changed to force clients to send either 'insecure' flag or supply a CA. ......................................................................
tools: support mandatory verify(BZ854721) SDK changed to force clients to send either 'insecure' flag or supply a CA. Signed-off-by: Keith Robertson <[email protected]> Change-Id: Icc0049efbdfa499bbf61ec09e1345f0619335710 --- M src/engine-image-uploader.py 1 file changed, 26 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-image-uploader refs/changes/73/7773/1 diff --git a/src/engine-image-uploader.py b/src/engine-image-uploader.py index 7046048..4fd5eb1 100644 --- a/src/engine-image-uploader.py +++ b/src/engine-image-uploader.py @@ -27,6 +27,7 @@ from ovf.ovfenvelope import * from ovirtsdk.api import API from ovirtsdk.xml import params +from ovirtsdk.infrastructure.errors import RequestError, ConnectionError, NoCertificatesError @@ -348,10 +349,13 @@ raise Exception("Insufficient information provided to communicate with the oVirt Engine REST API.") url = "https://"; + self.configuration.get("engine") + "/api" - self.api = API(url=url, - username=self.configuration.get("user"), - password=self.configuration.get("passwd")) try: + self.api = API(url=url, + username=self.configuration.get("user"), + password=self.configuration.get("passwd"), + ca_file=self.configuration.get("engine_ca"), + insecure=self.configuration.get("insecure")) + pi = self.api.get_product_info() if pi is not None: vrm = '%s.%s.%s' % (pi.get_version().get_major(), @@ -361,6 +365,15 @@ else: logging.error(_("Unable to connect to REST API.")) return False + except RequestError, re: + logging.error(_("Unable to connect to REST API. Reason: %s") % re.reason) + return False + except ConnectionError: + logging.error(_("Problem connecting to the REST API. Is the service available and does the CA certificate exist?")) + return False + except NoCertificatesError: + logging.error(_("Problem connecting to the REST API. The CA is invalid. To override use the \'insecure\' option.")) + return False except Exception, e: logging.error(_("Unable to connect to REST API. Message: %s") % e) return False @@ -1282,6 +1295,16 @@ help=_("path to configuration file (default=%s)" % DEFAULT_CONFIGURATION_FILE), metavar=_("PATH")) + parser.add_option("", "--engine-ca", dest="engine_ca", + help="The CA certificate used to validate the engine. (default=/etc/pki/ovirt-engine/ca.pem)", + metavar="/etc/pki/ovirt-engine/ca.pem", + default="/etc/pki/ovirt-engine/ca.pem") + + parser.add_option("", "--insecure", dest="insecure", + help="Do not make an attempt to verify the engine.", + action="store_true", + default=False) + parser.add_option("-v", "--verbose", dest="verbose", action="store_true", default=False) -- To view, visit http://gerrit.ovirt.org/7773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icc0049efbdfa499bbf61ec09e1345f0619335710 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-image-uploader Gerrit-Branch: master Gerrit-Owner: Keith Robertson <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
