Merge ~troyanov/maas:fix-1980436 into maas:master

Proposed by Anton Troyanov
Status: Merged
Approved by: Anton Troyanov
Approved revision: 3fa3c1a2da4894eeb52bba7435ffd563de36b2f3
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~troyanov/maas:fix-1980436
Merge into: maas:master
Diff against target: 78 lines (+17/-8)
2 files modified
src/maascli/auth.py (+11/-4)
src/maascli/cli.py (+6/-4)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Alberto Donato Approve
Review via email: mp+425984@code.launchpad.net

Commit message

fix(cli): pass CA certs to httpbakery

Fixes bug #1980436

To post a comment you must log in.
Revision history for this message
Alberto Donato (ack) wrote :

+1

review: Approve
Revision history for this message
Alberto Donato (ack) :
Revision history for this message
Alberto Donato (ack) wrote :

+1

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b fix-1980436 lp:~troyanov/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: f4c165c0e5b57b172531fd888ee144cd902514d4

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/src/maascli/auth.py b/src/maascli/auth.py
index 9c359d7..b01f265 100644
--- a/src/maascli/auth.py
+++ b/src/maascli/auth.py
@@ -27,7 +27,7 @@ def try_getpass(prompt):
27 return None27 return None
2828
2929
30def get_apikey_via_macaroon(url):30def get_apikey_via_macaroon(url, ca_certs=None, insecure=False):
31 """Try to get an API key using a macaroon.31 """Try to get an API key using a macaroon.
3232
33 httpbakery is used to create a new API token. If the MAAS server supports33 httpbakery is used to create a new API token. If the MAAS server supports
@@ -38,10 +38,15 @@ def get_apikey_via_macaroon(url):
38 If the MAAS server doesn't support macaroons, None is returned.38 If the MAAS server doesn't support macaroons, None is returned.
3939
40 """40 """
41 verify = True
42 if insecure:
43 verify = False
44 elif ca_certs:
45 verify = str(ca_certs)
41 url = url.strip("/")46 url = url.strip("/")
42 client = httpbakery.Client()47 client = httpbakery.Client()
43 resp = client.request(48 resp = client.request(
44 "POST", f"{url}/account/?op=create_authorisation_token"49 "POST", f"{url}/account/?op=create_authorisation_token", verify=verify
45 )50 )
46 if resp.status_code != 200:51 if resp.status_code != 200:
47 # Most likely the MAAS server doesn't support macaroons.52 # Most likely the MAAS server doesn't support macaroons.
@@ -50,7 +55,7 @@ def get_apikey_via_macaroon(url):
50 return "{consumer_key}:{token_key}:{token_secret}".format(**result)55 return "{consumer_key}:{token_key}:{token_secret}".format(**result)
5156
5257
53def obtain_credentials(url, credentials):58def obtain_credentials(url, credentials, ca_certs=None, insecure=False):
54 """Prompt for credentials if possible.59 """Prompt for credentials if possible.
5560
56 If the credentials are "-" then read from stdin without interactive61 If the credentials are "-" then read from stdin without interactive
@@ -59,7 +64,9 @@ def obtain_credentials(url, credentials):
59 if credentials == "-":64 if credentials == "-":
60 credentials = sys.stdin.readline().strip()65 credentials = sys.stdin.readline().strip()
61 elif credentials is None:66 elif credentials is None:
62 credentials = get_apikey_via_macaroon(url)67 credentials = get_apikey_via_macaroon(
68 url, ca_certs=ca_certs, insecure=insecure
69 )
63 if credentials is None:70 if credentials is None:
64 credentials = try_getpass(71 credentials = try_getpass(
65 "API key (leave empty for anonymous access): "72 "API key (leave empty for anonymous access): "
diff --git a/src/maascli/cli.py b/src/maascli/cli.py
index 4929633..36f8601 100644
--- a/src/maascli/cli.py
+++ b/src/maascli/cli.py
@@ -90,10 +90,6 @@ class cmd_login(Command):
90 "You cannot use both cacerts and insecure arguments."90 "You cannot use both cacerts and insecure arguments."
91 )91 )
9292
93 # Try and obtain credentials interactively if they're not given, or
94 # read them from stdin if they're specified as "-".
95 credentials = obtain_credentials(options.url, options.credentials)
96
97 cacerts = None93 cacerts = None
98 # temporary cacerts file, used to check for bogus credentials94 # temporary cacerts file, used to check for bogus credentials
99 # if credentials are correct, cacerts content is stored in profile95 # if credentials are correct, cacerts content is stored in profile
@@ -109,6 +105,12 @@ class cmd_login(Command):
109 cacerts_path = Path(cacerts_path)105 cacerts_path = Path(cacerts_path)
110 cacerts_path.write_text(cacerts)106 cacerts_path.write_text(cacerts)
111107
108 # Try and obtain credentials interactively if they're not given, or
109 # read them from stdin if they're specified as "-".
110 credentials = obtain_credentials(
111 options.url, options.credentials, cacerts_path, options.insecure
112 )
113
112 # Check for bogus credentials. Do this early so that the user is not114 # Check for bogus credentials. Do this early so that the user is not
113 # surprised when next invoking the MAAS CLI.115 # surprised when next invoking the MAAS CLI.
114 if credentials is not None:116 if credentials is not None:

Subscribers

People subscribed via source and target branches