Michael Pasternak has uploaded a new change for review. Change subject: sdk: Add constructor parameter validate_cert_chain=True #915225 ......................................................................
sdk: Add constructor parameter validate_cert_chain=True #915225 https://bugzilla.redhat.com/show_bug.cgi?id=915225 Change-Id: I61707c4b0380665bc42b34387efdc622cfc4201e Signed-off-by: Michael Pasternak <[email protected]> --- M src/codegen/templates/entrypointtemplate M src/ovirtsdk/api.py M src/ovirtsdk/infrastructure/connectionspool.py M src/ovirtsdk/web/connection.py 4 files changed, 35 insertions(+), 10 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine-sdk refs/changes/87/12487/1 diff --git a/src/codegen/templates/entrypointtemplate b/src/codegen/templates/entrypointtemplate index e4c8e47..c2aa864 100644 --- a/src/codegen/templates/entrypointtemplate +++ b/src/codegen/templates/entrypointtemplate @@ -1,7 +1,7 @@ class API(object): def __init__(self, url, username, password, key_file=None, cert_file=None, ca_file=None, port=None, timeout=None, persistent_auth=True, - insecure=False, filter=False, debug=False): + insecure=False, validate_cert_chain=True, filter=False, debug=False): ''' @param url: server url (format "http/s://server[:port]/api") @@ -13,7 +13,8 @@ [@param port: port to use (if not specified in url)] [@param timeout: request timeout] [@param persistent_auth: enable persistent authentication (format True|False)] - [@param insecure: signals to not demand site trustworthiness for ssl enabled connection (format True|False)] + [@param insecure: signals to not demand site trustworthiness for ssl enabled connection (format True|False, default is False)] + [@param validate_cert_chain: validate the server's certificate (format True|False, default is True)] [@param filter: signals if user permission based filtering should be turned on/off (format True|False)] [@param debug: debug (format True|False)] @@ -43,6 +44,7 @@ strict=False, timeout=timeout, insecure=insecure, + validate_cert_chain=validate_cert_chain, debug=debug ) diff --git a/src/ovirtsdk/api.py b/src/ovirtsdk/api.py index 653fc13..5d57787 100644 --- a/src/ovirtsdk/api.py +++ b/src/ovirtsdk/api.py @@ -20,7 +20,7 @@ ############ GENERATED CODE ############ ######################################## -'''Generated at: 2013-02-15 13:24:54.600583''' +'''Generated at: 2013-02-27 09:42:27.329672''' import types @@ -53,7 +53,7 @@ class API(object): def __init__(self, url, username, password, key_file=None, cert_file=None, ca_file=None, port=None, timeout=None, persistent_auth=True, - insecure=False, filter=False, debug=False): + insecure=False, validate_cert_chain=True, filter=False, debug=False): ''' @param url: server url (format "http/s://server[:port]/api") @@ -65,7 +65,8 @@ [@param port: port to use (if not specified in url)] [@param timeout: request timeout] [@param persistent_auth: enable persistent authentication (format True|False)] - [@param insecure: signals to not demand site trustworthiness for ssl enabled connection (format True|False)] + [@param insecure: signals to not demand site trustworthiness for ssl enabled connection (format True|False, default is False)] + [@param validate_cert_chain: validate the server's certificate (format True|False, default is True)] [@param filter: signals if user permission based filtering should be turned on/off (format True|False)] [@param debug: debug (format True|False)] @@ -95,6 +96,7 @@ strict=False, timeout=timeout, insecure=insecure, + validate_cert_chain=validate_cert_chain, debug=debug ) diff --git a/src/ovirtsdk/infrastructure/connectionspool.py b/src/ovirtsdk/infrastructure/connectionspool.py index 6b3a546..dbaf8a7 100644 --- a/src/ovirtsdk/infrastructure/connectionspool.py +++ b/src/ovirtsdk/infrastructure/connectionspool.py @@ -23,7 +23,9 @@ ''' ConnectionsManager used to manage pool of web connections ''' - def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, password, context, count=20, insecure=False, debug=False): + def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, + username, password, context, count=20, insecure=False, validate_cert_chain=True, + debug=False): self.__free_connections = Queue(0) self.__busy_connections = {} @@ -46,6 +48,7 @@ password=password, manager=self, insecure=insecure, + validate_cert_chain=validate_cert_chain, debug=debug)) def getConnection(self, get_ttl=100): # try: @@ -58,7 +61,7 @@ # return self.getConnection(get_ttl) # def __extendQueue(self): -#TODO: add more connections if needed +# TODO: add more connections if needed # continue def _freeResource(self, conn): diff --git a/src/ovirtsdk/web/connection.py b/src/ovirtsdk/web/connection.py index 481fbde..ff0b389 100644 --- a/src/ovirtsdk/web/connection.py +++ b/src/ovirtsdk/web/connection.py @@ -27,13 +27,16 @@ ''' The oVirt api connection proxy ''' - def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, password, manager, insecure=False, debug=False): + def __init__(self, url, port, key_file, cert_file, ca_file, strict, timeout, username, + password, manager, insecure=False, validate_cert_chain=True, debug=False): + self.__connection = self.__createConnection(url=url, port=port, key_file=key_file, cert_file=cert_file, ca_file=ca_file, insecure=insecure, + validate_cert_chain=validate_cert_chain, strict=strict, timeout=timeout) @@ -42,6 +45,7 @@ self.__manager = manager self.__id = id(self) self.__insecure = insecure + self.__validate_cert_chain = validate_cert_chain self.__context = manager.context def get_id(self): @@ -99,14 +103,16 @@ def __createConnection(self, url, key_file=None, cert_file=None, - ca_file=None, insecure=False, port=None, + ca_file=None, insecure=False, validate_cert_chain=True, port=None, strict=None, timeout=None): u = self.__parse_url(url) if(u.scheme == 'https'): - if not insecure and not ca_file: + if (not insecure and not ca_file) and validate_cert_chain: raise NoCertificatesError + elif not validate_cert_chain: + ca_file = None return HTTPSConnection( host=u.hostname, @@ -139,3 +145,15 @@ super(Connection, self).__setattr__(name, value) id = property(get_id, None, None, None) + + def isInsecure(self): + ''' + signals to not demand site trustworthiness for ssl enabled connection (default is False) + ''' + return self.__insecure + + def isValidateCertChain(self): + ''' + validate the server's certificate (default is True) + ''' + return self.__validate_cert_chain -- To view, visit http://gerrit.ovirt.org/12487 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I61707c4b0380665bc42b34387efdc622cfc4201e Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine-sdk Gerrit-Branch: sdk_3.2 Gerrit-Owner: Michael Pasternak <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
