From 227d166109d6b35f44a1247c1127b2593fc1b9ec Mon Sep 17 00:00:00 2001
From: Brian Waldon <bcwaldon@gmail.com>
Date: Thu, 2 Aug 2012 15:30:50 -0700
Subject: [PATCH] Client-side SSL Connection

This allows a user to pass a cert and a key to use in HTTPS
connections. The flags --cert-file and --key-file are added
to the CLI.

Addiionally, update the debug curl logging to print --cacert and
-k when ca_file and insecure are set.

Related to bp glance-client-parity.

Change-Id: Ibaea51419a903afb7939a6b5b848f7a6667893bf
---
 glanceclient/common/http.py | 20 ++++++++++++++++++++
 glanceclient/shell.py       | 10 ++++++++++
 2 files changed, 30 insertions(+)

diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py
index 6414c5c..9dfda95 100644
--- a/glanceclient/common/http.py
+++ b/glanceclient/common/http.py
@@ -51,6 +51,8 @@ class HTTPClient(object):
         if parts.scheme == 'https':
             _class = VerifiedHTTPSConnection
             _kwargs['ca_file'] = kwargs.get('ca_file', None)
+            _kwargs['cert_file'] = kwargs.get('cert_file', None)
+            _kwargs['key_file'] = kwargs.get('key_file', None)
             _kwargs['insecure'] = kwargs.get('insecure', False)
         elif parts.scheme == 'http':
             _class = httplib.HTTPConnection
@@ -71,6 +73,19 @@ class HTTPClient(object):
             header = '-H \'%s: %s\'' % (key, value)
             curl.append(header)
 
+        conn_params_fmt = [
+            ('key_file', '--key %s'),
+            ('cert_file', '--cert %s'),
+            ('ca_file', '--cacert %s'),
+        ]
+        for (key, fmt) in conn_params_fmt:
+            value = self.connection_params[2].get(key)
+            if value:
+                curl.append(fmt % value)
+
+        if self.connection_params[2].get('insecure'):
+            curl.append('-k')
+
         if 'body' in kwargs:
             curl.append('-d \'%s\'' % kwargs['body'])
 
@@ -189,6 +204,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
         else:
             kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}
 
+        if self.cert_file:
+            kwargs['certfile'] = self.cert_file
+            if self.key_file:
+                kwargs['keyfile'] = self.key_file
+
         self.sock = ssl.wrap_socket(sock, **kwargs)
 
 
diff --git a/glanceclient/shell.py b/glanceclient/shell.py
index ca8b606..8a93d8c 100644
--- a/glanceclient/shell.py
+++ b/glanceclient/shell.py
@@ -64,6 +64,14 @@ class OpenStackImagesShell(object):
                  "not be verified against any certificate authorities. "
                  "This option should be used with caution.")
 
+        parser.add_argument('--cert-file',
+            help='Path of certificate file to use in SSL connection. This '
+                 'file can optionally be prepended with the private key.')
+
+        parser.add_argument('--key-file',
+            help='Path of client key to use in SSL connection. This option is '
+                 'not necessary if your key is prepended to your cert file.')
+
         parser.add_argument('--ca-file',
             help='Path of CA SSL certificate(s) used to sign the remote '
                  'server\'s certificate.')
@@ -384,6 +392,8 @@ class OpenStackImagesShell(object):
             'insecure': args.insecure,
             'timeout': args.timeout,
             'ca_file': args.ca_file,
+            'cert_file': args.cert_file,
+            'key_file': args.key_file,
         }
 
         client = glanceclient.Client(api_version, endpoint, **kwargs)