Merge ~troyanov/maas:backport-fix-1980436-3.2 into maas:3.2

Proposed by Anton Troyanov
Status: Merged
Approved by: Anton Troyanov
Approved revision: dec18257fe2bf4b75dabd32893ac77b7eea1b3fc
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~troyanov/maas:backport-fix-1980436-3.2
Merge into: maas:3.2
Diff against target: 78 lines (+17/-8)
2 files modified
src/maascli/auth.py (+11/-4)
src/maascli/cli.py (+6/-4)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
MAAS Maintainers Pending
Review via email: mp+426015@code.launchpad.net

Commit message

fix(cli): pass CA certs to httpbakery

Fixes bug #1980436

(cherry picked from commit 894bf33c54dedeeaed3c5d6d77c16259a7de34e5)

To post a comment you must log in.
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b backport-fix-1980436-3.2 lp:~troyanov/maas/+git/maas into -b 3.2 lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: dec18257fe2bf4b75dabd32893ac77b7eea1b3fc

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/maascli/auth.py b/src/maascli/auth.py
2index 9c359d7..b01f265 100644
3--- a/src/maascli/auth.py
4+++ b/src/maascli/auth.py
5@@ -27,7 +27,7 @@ def try_getpass(prompt):
6 return None
7
8
9-def get_apikey_via_macaroon(url):
10+def get_apikey_via_macaroon(url, ca_certs=None, insecure=False):
11 """Try to get an API key using a macaroon.
12
13 httpbakery is used to create a new API token. If the MAAS server supports
14@@ -38,10 +38,15 @@ def get_apikey_via_macaroon(url):
15 If the MAAS server doesn't support macaroons, None is returned.
16
17 """
18+ verify = True
19+ if insecure:
20+ verify = False
21+ elif ca_certs:
22+ verify = str(ca_certs)
23 url = url.strip("/")
24 client = httpbakery.Client()
25 resp = client.request(
26- "POST", f"{url}/account/?op=create_authorisation_token"
27+ "POST", f"{url}/account/?op=create_authorisation_token", verify=verify
28 )
29 if resp.status_code != 200:
30 # Most likely the MAAS server doesn't support macaroons.
31@@ -50,7 +55,7 @@ def get_apikey_via_macaroon(url):
32 return "{consumer_key}:{token_key}:{token_secret}".format(**result)
33
34
35-def obtain_credentials(url, credentials):
36+def obtain_credentials(url, credentials, ca_certs=None, insecure=False):
37 """Prompt for credentials if possible.
38
39 If the credentials are "-" then read from stdin without interactive
40@@ -59,7 +64,9 @@ def obtain_credentials(url, credentials):
41 if credentials == "-":
42 credentials = sys.stdin.readline().strip()
43 elif credentials is None:
44- credentials = get_apikey_via_macaroon(url)
45+ credentials = get_apikey_via_macaroon(
46+ url, ca_certs=ca_certs, insecure=insecure
47+ )
48 if credentials is None:
49 credentials = try_getpass(
50 "API key (leave empty for anonymous access): "
51diff --git a/src/maascli/cli.py b/src/maascli/cli.py
52index 4929633..36f8601 100644
53--- a/src/maascli/cli.py
54+++ b/src/maascli/cli.py
55@@ -90,10 +90,6 @@ class cmd_login(Command):
56 "You cannot use both cacerts and insecure arguments."
57 )
58
59- # Try and obtain credentials interactively if they're not given, or
60- # read them from stdin if they're specified as "-".
61- credentials = obtain_credentials(options.url, options.credentials)
62-
63 cacerts = None
64 # temporary cacerts file, used to check for bogus credentials
65 # if credentials are correct, cacerts content is stored in profile
66@@ -109,6 +105,12 @@ class cmd_login(Command):
67 cacerts_path = Path(cacerts_path)
68 cacerts_path.write_text(cacerts)
69
70+ # Try and obtain credentials interactively if they're not given, or
71+ # read them from stdin if they're specified as "-".
72+ credentials = obtain_credentials(
73+ options.url, options.credentials, cacerts_path, options.insecure
74+ )
75+
76 # Check for bogus credentials. Do this early so that the user is not
77 # surprised when next invoking the MAAS CLI.
78 if credentials is not None:

Subscribers

People subscribed via source and target branches