Merge "Client-side SSL Connection"

glanceclient/common/http.py

@@ -62,6 +62,8 @@ class HTTPClient(object):
         if parts.scheme == 'https':
             _class = VerifiedHTTPSConnection
             _kwargs['ca_file'] = kwargs.get('ca_file', None)
+            _kwargs['cert_file'] = kwargs.get('cert_file', None)
+            _kwargs['key_file'] = kwargs.get('key_file', None)
             _kwargs['insecure'] = kwargs.get('insecure', False)
         elif parts.scheme == 'http':
             _class = httplib.HTTPConnection
@@ -82,6 +84,19 @@ class HTTPClient(object):
             header = '-H \'%s: %s\'' % (key, value)
             curl.append(header)
 
+        conn_params_fmt = [
+            ('key_file', '--key %s'),
+            ('cert_file', '--cert %s'),
+            ('ca_file', '--cacert %s'),
+        ]
+        for (key, fmt) in conn_params_fmt:
+            value = self.connection_params[2].get(key)
+            if value:
+                curl.append(fmt % value)
+
+        if self.connection_params[2].get('insecure'):
+            curl.append('-k')
+
         if 'body' in kwargs:
             curl.append('-d \'%s\'' % kwargs['body'])
 
@@ -200,6 +215,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
         else:
             kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}
 
+        if self.cert_file:
+            kwargs['certfile'] = self.cert_file
+            if self.key_file:
+                kwargs['keyfile'] = self.key_file
+
         self.sock = ssl.wrap_socket(sock, **kwargs)
 
 

glanceclient/shell.py

@@ -64,6 +64,14 @@ class OpenStackImagesShell(object):
                  "not be verified against any certificate authorities. "
                  "This option should be used with caution.")
 
+        parser.add_argument('--cert-file',
+            help='Path of certificate file to use in SSL connection. This '
+                 'file can optionally be prepended with the private key.')
+
+        parser.add_argument('--key-file',
+            help='Path of client key to use in SSL connection. This option is '
+                 'not necessary if your key is prepended to your cert file.')
+
         parser.add_argument('--ca-file',
             help='Path of CA SSL certificate(s) used to sign the remote '
                  'server\'s certificate.')
@@ -384,6 +392,8 @@ class OpenStackImagesShell(object):
             'insecure': args.insecure,
             'timeout': args.timeout,
             'ca_file': args.ca_file,
+            'cert_file': args.cert_file,
+            'key_file': args.key_file,
         }
 
         client = glanceclient.Client(api_version, endpoint, **kwargs)