When using 'insecure' no callback is executed.
Make it more obvious that the set_verify callback
won't be called by replacing it with a lambda.
Fixes bug 1112361.
Change-Id: Ib5d43a8883f7ed76383971d8154e2111f5ab2869
VerifiedHTTPSConnection inherits from HTTPSConnection so 'port' should be
an optional argument. If not present it will be set by HTTPSConnection
in the usual way: by parsing the host string (eg 'localhost:8443')
or setting to the default of '443'.
Addresses bug 1102944.
Change-Id: I2c2cb92f824acf15b0ff54590b5614cf206b57e0
Current glance command does not show the details of error message.
For example, the glance command shows HTTPBadRequest only if some
necessary parameter is not specified.
$ glance image-create --file root-fs.img --name cirros-0.3.0-x86_64-uec
Request returned failure status.
HTTPBadRequest (HTTP 400)
$
By only the above message, it is not easy that a user understand the reason
of an error. glance-api server returns the details of reason, but glance
command does not show it.
This patch adds details, which is gotten from glance-api server, to error
message. And a user will be able to understand the reason of a error like
the following:
$ glance image-create --file root-fs.img --name cirros-0.3.0-x86_64-uec
Request returned failure status.
400 Bad Request
Invalid disk format 'None' for image.
(HTTP 400)
$
Fixes bug 1094917
Change-Id: I49192c3ebbc8a70b63dcfcede9fd13f1688388cf
* Rename --ca-file to --os-cacert (--ca-file deprecated for
backward compatibility)
* Add cacert to keystoneclient initialization to verify the
keystone server certificate
This aligns glanceclient with keystoneclient for option naming
and the use of TLS for the keystone auth connection. It does not
change the use of TLS/SSL for the glance connection.
Change-Id: If8b05655aea5f3c62612d77bf947dd790f77eddf
Standardize pep8 to 1.3.3 and cleared up any errors
found by pep8 tests.
Change-Id: Ib7eb97d0789556d1676ccad58b5d3364065b7d15
Signed-off-by: Chuck Short <chuck.short@canonical.com>
When using https verify that the Common Name (CN) or
the Subject Alternative Name listed in the server's
certificate match the host we are connected to.
Addresses LP bug 1079692.
Change-Id: I24ea1511a2cbdb7c34ce72ac704d7b5e7d57cec2
Fixes Bug #1079323
python-glanceclient (latest repository code) fails on Windows due to a
malformed API url. This error is due to the usage of os.path.normpath(),
which should not be used for URLs as it swaps "/" with "\" on Windows.
The fix consists in using posixpath.normpath().
Please see also https://bugs.launchpad.net/nova/+bug/1077125 and related
commit.
Change-Id: Iaa643bd579963ad9ffbf10674973cbca75d435ac
Use pyOpenSSL for HTTPS connections.
This allows:
* Neater loading of system CA files
* Optional disabling of SSL compression
The performance gain from disabling SSL compression is significant
in cases where the image being uploaded/downloaded is in an already
compressed format (eg qcow2).
Related to bp ssl-connect-rework.
Change-Id: I0568b6c95c5fc7b8eafdbd0284e24c453660a55a
It may not be possible to know in advance the total
size of image data which is to be uploaded, for example
if the data is being piped to stdin.
To handle this we use HTTP Transfer-Encoding: chunked
and do not set any image size headers.
Various subtly different cases needed to be handled for
both image-create and image-update, including:
* input from named pipe
* piped input of zero size
* regular file of zero length
Fix for bug 1056220.
Change-Id: I0c7f0a64d883e058993b954a1c465c5b057f2bcf
The endpoint parsing and connection instantiation code was too
complicated and easily broken. This assigns human-readable names to
instance variables and breaks up the parsing into more understandable
chunks.
Fixes bug 1060316.
Change-Id: I5c5236f90d88b9e797cf0a476aabe8cc7cfa1cc9
Fixes bug 1052846
Now the connection uses host, port and path to connect to Glance. So proxied connections to Glance are allowed.
Change-Id: I53a890e6532adb8168961d1d09f938bf439e895c
logging.exception() should only be called from an exception handler,
which is not the case here.
Part of bug 1050260.
Change-Id: I591a68c458cd733c04cea7d2d640afdbb7dd19f6
When the server refuses the connection the error message displayed now
lists the endpoint that refused the connection.
Fixes: bug 1043067
Change-Id: I62797106732bbb6eec8c99e491fd38850ad58ff8
If glance v1 api is not enabled, and a request is made to it,
it gives a KeyError. This patch catches the 300 error and
displays error message.
Fixes bug 1046607
Change-Id: I0009a5deca3b5dd5ccaeaea90feee21274bfe090
In http.py the exception raised in get_connection
should be httplib.InvalidURL rather than httplib.InvalidUrl.
Fix for bug 1048698.
Change-Id: I7f18321fe7d8669b3b95bf823273ee8ae6961661
When SSL is being used and the --ca-file option is
not specified use an available system CA file to
verify the server's certificate.
Change-Id: Id5c9fda6fd9bd05cde3c2a9160a6e72cef086a44
Expand exceptions to cover more failures cases. This adds
CommunicationFailure to represent any failures while attempting
to communicate with the remote endpoint. This also adds a new base
exception class BaseException which should be used for all non-HTTP
related failures.
Change-Id: Ie3e1d45c520d816a3f491a85fde94a6c4edf295e
This allows a user to pass a cert and a key to use in HTTPS
connections. The flags --cert-file and --key-file are added
to the CLI.
Addiionally, update the debug curl logging to print --cacert and
-k when ca_file and insecure are set.
Related to bp glance-client-parity.
Change-Id: Ibaea51419a903afb7939a6b5b848f7a6667893bf
This adds support for validation of ssl certs returned by remote
servers over SSL. The --ca-file param represents the CA cert used
to sign the remote server's cert. Use --insecure if the remote
server is using a self-signed cert or you don't have the CA cert.
Related to bp glance-client-parity
Change-Id: I45253a6e2d88da599addfcc464571e62ae920166
A few files were missing copyright headers:
* glanceclient/common/http.py
* glanceclient/v1/__init__.py
* glanceclient/exc.py
Change-Id: Ibbd53cd49f9367994de66a30601b3aefe1a8d6ee
Using the --debug flag or the GLANCECLIENT_DEBUG env var, a user will
see http requests and responses in great detail. Requests are formed
into proper curl commands while responses are printed just as they would
as if the curl request provided were executed. Response bodies will not
be printed if they are application/octet-stream.
Change-Id: I9c9c5d6ec9f481091c944e596d073da3739795b6
The --debug argument has been ignored since httplib2 was replaced
with httplib. This re-enables the --debug flag as an equivalent
to the env var GLANCECLIENT_DEBUG.
Fixes bug 1030700
Change-Id: Ib653049eea2f18c4cc2f8f8aac7884245afd0f04
* This allows us to send truly chunked responses to users
* Handle bad connection url schemes with a new InvalidEndpoint exception
* Fixes bug 1023240
Change-Id: I34500987f51d4e0c6e1f89ecf93853de3fcbb1c3
* Consumers of this client should not depend on being able to import
any module other than glanceclient and glanceclient
* The only attributs of the glanceclient module are Client
and __version__
* The attributes of the glanceclient.exc modules have yet to be
locked down
* glanceclient.common.exceptions was replaced with a placeholder
module until consumers of it are updated
Change-Id: Iea9648cd06906d65764987c1f2ee5a88ebeee748
This is establishing the API for a future optimization. We want to
be able to offer true socket-level caching, but can't do that with
httplib2 right now. For now, we will just fake the optimization
by returning an iterator over the image body, which happens to already
be fully loaded into a string.
Change-Id: I2d36e3cdd45b26d7c7c27ba050bf6a4b5765df6c
Rather than depend on magic, I would prefer that we explicitly call
two different request methods: json_request and raw_request. The
former will encode/decode request bodies to and from JSON, while
the latter will not.
Change-Id: I6a429a5975993f71df85df55f11c5d51c050c289
Stuart McLaren