You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by an...@apache.org on 2017/04/02 01:55:20 UTC
[1/5] libcloud git commit: start building signed request adapter for
the requests package
Repository: libcloud
Updated Branches:
refs/heads/trunk 4c9d0333a -> d8757c9d3
start building signed request adapter for the requests package
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/64e0b3c9
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/64e0b3c9
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/64e0b3c9
Branch: refs/heads/trunk
Commit: 64e0b3c9fb7693747c2078adf9c1c3b47b6065e1
Parents: 4c9d033
Author: Anthony Shaw <an...@apache.org>
Authored: Sun Apr 2 10:32:49 2017 +1000
Committer: Anthony Shaw <an...@apache.org>
Committed: Sun Apr 2 10:32:49 2017 +1000
----------------------------------------------------------------------
libcloud/common/base.py | 2 --
libcloud/httplib_ssl.py | 68 ++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 66 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/64e0b3c9/libcloud/common/base.py
----------------------------------------------------------------------
diff --git a/libcloud/common/base.py b/libcloud/common/base.py
index de0c68a..0d458fc 100644
--- a/libcloud/common/base.py
+++ b/libcloud/common/base.py
@@ -468,8 +468,6 @@ class Connection(object):
if not hasattr(kwargs, 'cert_file') and hasattr(self, 'cert_file'):
kwargs.update({'cert_file': getattr(self, 'cert_file')})
- # kwargs = {'host': host, 'port': int(port)}
-
# Timeout is only supported in Python 2.6 and later
# http://docs.python.org/library/httplib.html#httplib.HTTPConnection
if self.timeout and not PY25:
http://git-wip-us.apache.org/repos/asf/libcloud/blob/64e0b3c9/libcloud/httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py
index 30579be..a88ea0d 100644
--- a/libcloud/httplib_ssl.py
+++ b/libcloud/httplib_ssl.py
@@ -21,6 +21,8 @@ verification, depending on libcloud.security settings.
import os
import warnings
import requests
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.util.ssl_ import create_urllib3_context
import libcloud.security
from libcloud.utils.py3 import urlparse, PY3
@@ -36,6 +38,59 @@ ALLOW_REDIRECTS = 1
HTTP_PROXY_ENV_VARIABLE_NAME = 'http_proxy'
+class SignedX509Adapter(HTTPAdapter):
+ def __init__(self, cert_file=None, key_file=None):
+ self.cert_file = cert_file
+ self.key_file = key_file
+
+ def init_poolmanager(self, *args, **kwargs):
+ self.tls_context = create_urllib3_context()
+ kwargs['ssl_context'] = self.tls_context
+
+ has_sni = getattr(ssl, 'HAS_SNI', False)
+
+ if has_sni:
+ self.tls_context.verify_mode = ssl.CERT_REQUIRED
+
+ if self.cert_file and self.key_file:
+ self.tls_context.load_cert_chain(
+ certfile=self.cert_file,
+ keyfile=self.key_file,
+ password=None)
+
+ if self.ca_cert:
+ self.tls_context.load_verify_locations(cafile=self.ca_cert)
+
+ try:
+ self.sock = self.tls_context.wrap_socket(
+ sock,
+ server_hostname=self.host,
+ )
+ except:
+ exc = sys.exc_info()[1]
+ exc = get_socket_error_exception(ssl_version=ssl_version,
+ exc=exc)
+ raise exc
+ else:
+ # SNI support not available
+ try:
+ self.sock = ssl.wrap_socket(
+ sock,
+ self.key_file,
+ self.cert_file,
+ cert_reqs=ssl.CERT_REQUIRED,
+ ca_certs=self.ca_cert,
+ ssl_version=ssl_version
+ )
+ except:
+ exc = sys.exc_info()[1]
+ exc = get_socket_error_exception(ssl_version=ssl_version,
+ exc=exc)
+ raise exc
+
+ return super(HTTPAdapter, self).init_poolmanager(*args, **kwargs)
+
+
class LibcloudBaseConnection(object):
"""
Base connection class to inherit from.
@@ -139,6 +194,13 @@ class LibcloudBaseConnection(object):
else:
self.ca_cert = libcloud.security.CA_CERTS_PATH
+ def _setup_signing(self, cert_file=None, key_file=None):
+ """
+ Setup request signing by mounting a signing
+ adapter to the session
+ """
+ self.session.mount("https", SignedX509Adapter(cert_file, key_file))
+
class LibcloudConnection(LibcloudBaseConnection):
timeout = None
@@ -158,9 +220,11 @@ class LibcloudConnection(LibcloudBaseConnection):
self._setup_verify()
self._setup_ca_cert()
-
+
LibcloudBaseConnection.__init__(self)
-
+
+ if 'cert_file' in kwargs or 'key_file' in kwargs:
+ self._setup_signing(**kwargs)
if proxy_url:
self.set_http_proxy(proxy_url=proxy_url)
self.session.timeout = kwargs.get('timeout', 60)
[4/5] libcloud git commit: add a test for the certificate connection
class
Posted by an...@apache.org.
add a test for the certificate connection class
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/9065c626
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/9065c626
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/9065c626
Branch: refs/heads/trunk
Commit: 9065c626be3d96212463840989576181c3f547ae
Parents: 1a3d4d8
Author: Anthony Shaw <an...@apache.org>
Authored: Sun Apr 2 11:50:21 2017 +1000
Committer: Anthony Shaw <an...@apache.org>
Committed: Sun Apr 2 11:50:21 2017 +1000
----------------------------------------------------------------------
libcloud/test/test_connection.py | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/9065c626/libcloud/test/test_connection.py
----------------------------------------------------------------------
diff --git a/libcloud/test/test_connection.py b/libcloud/test/test_connection.py
index 8a4e9b6..5907e83 100644
--- a/libcloud/test/test_connection.py
+++ b/libcloud/test/test_connection.py
@@ -24,9 +24,10 @@ from mock import Mock, patch
import requests_mock
from libcloud.test import unittest
-from libcloud.common.base import Connection
+from libcloud.common.base import Connection, CertificateConnection
from libcloud.httplib_ssl import LibcloudBaseConnection
from libcloud.httplib_ssl import LibcloudConnection
+from libcloud.httplib_ssl import SignedHTTPSAdapter
from libcloud.utils.misc import retry
@@ -363,5 +364,17 @@ class ConnectionClassTestCase(unittest.TestCase):
self.assertGreater(mock_connect.call_count, 1,
'Retry logic failed')
+
+class CertificateConnectionClassTestCase(unittest.TestCase):
+ def setUp(self):
+ self.connection = CertificateConnection(cert_file='test.pem',
+ url='https://test.com/test')
+ self.connection.connect()
+
+ def test_adapter_internals(self):
+ adapter = self.connection.connection.session.adapters['https://']
+ self.assertTrue(isinstance(adapter, SignedHTTPSAdapter))
+ self.assertEqual(adapter.cert_file, 'test.pem')
+
if __name__ == '__main__':
sys.exit(unittest.main())
[2/5] libcloud git commit: committed fix
Posted by an...@apache.org.
committed fix
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/3637d7cc
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/3637d7cc
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/3637d7cc
Branch: refs/heads/trunk
Commit: 3637d7cc1c8b0f852edfad5ed3f7a6f808c2b788
Parents: 64e0b3c
Author: Anthony Shaw <an...@apache.org>
Authored: Sun Apr 2 11:37:30 2017 +1000
Committer: Anthony Shaw <an...@apache.org>
Committed: Sun Apr 2 11:37:30 2017 +1000
----------------------------------------------------------------------
libcloud/httplib_ssl.py | 66 ++++++++++----------------------------------
1 file changed, 14 insertions(+), 52 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/3637d7cc/libcloud/httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py
index a88ea0d..cf1c749 100644
--- a/libcloud/httplib_ssl.py
+++ b/libcloud/httplib_ssl.py
@@ -22,7 +22,7 @@ import os
import warnings
import requests
from requests.adapters import HTTPAdapter
-from requests.packages.urllib3.util.ssl_ import create_urllib3_context
+from requests.packages.urllib3.poolmanager import PoolManager
import libcloud.security
from libcloud.utils.py3 import urlparse, PY3
@@ -38,57 +38,18 @@ ALLOW_REDIRECTS = 1
HTTP_PROXY_ENV_VARIABLE_NAME = 'http_proxy'
-class SignedX509Adapter(HTTPAdapter):
- def __init__(self, cert_file=None, key_file=None):
+class SignedHTTPSAdapter(HTTPAdapter):
+ def __init__(self, cert_file, key_file):
self.cert_file = cert_file
self.key_file = key_file
+ super(SignedX509Adapter, self).__init__()
- def init_poolmanager(self, *args, **kwargs):
- self.tls_context = create_urllib3_context()
- kwargs['ssl_context'] = self.tls_context
-
- has_sni = getattr(ssl, 'HAS_SNI', False)
-
- if has_sni:
- self.tls_context.verify_mode = ssl.CERT_REQUIRED
-
- if self.cert_file and self.key_file:
- self.tls_context.load_cert_chain(
- certfile=self.cert_file,
- keyfile=self.key_file,
- password=None)
-
- if self.ca_cert:
- self.tls_context.load_verify_locations(cafile=self.ca_cert)
-
- try:
- self.sock = self.tls_context.wrap_socket(
- sock,
- server_hostname=self.host,
- )
- except:
- exc = sys.exc_info()[1]
- exc = get_socket_error_exception(ssl_version=ssl_version,
- exc=exc)
- raise exc
- else:
- # SNI support not available
- try:
- self.sock = ssl.wrap_socket(
- sock,
- self.key_file,
- self.cert_file,
- cert_reqs=ssl.CERT_REQUIRED,
- ca_certs=self.ca_cert,
- ssl_version=ssl_version
- )
- except:
- exc = sys.exc_info()[1]
- exc = get_socket_error_exception(ssl_version=ssl_version,
- exc=exc)
- raise exc
-
- return super(HTTPAdapter, self).init_poolmanager(*args, **kwargs)
+ def init_poolmanager(self, connections, maxsize, block=False):
+ self.poolmanager = PoolManager(
+ num_pools=connections, maxsize=maxsize,
+ block=block,
+ cert_file=self.cert_file,
+ key_file=self.key_file)
class LibcloudBaseConnection(object):
@@ -199,7 +160,7 @@ class LibcloudBaseConnection(object):
Setup request signing by mounting a signing
adapter to the session
"""
- self.session.mount("https", SignedX509Adapter(cert_file, key_file))
+ self.session.mount('https://', SignedHTTPSAdapter(cert_file, key_file))
class LibcloudConnection(LibcloudBaseConnection):
@@ -220,11 +181,12 @@ class LibcloudConnection(LibcloudBaseConnection):
self._setup_verify()
self._setup_ca_cert()
-
+
LibcloudBaseConnection.__init__(self)
-
+
if 'cert_file' in kwargs or 'key_file' in kwargs:
self._setup_signing(**kwargs)
+
if proxy_url:
self.set_http_proxy(proxy_url=proxy_url)
self.session.timeout = kwargs.get('timeout', 60)
[5/5] libcloud git commit: changes for #1015
Posted by an...@apache.org.
changes for #1015
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/d8757c9d
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/d8757c9d
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/d8757c9d
Branch: refs/heads/trunk
Commit: d8757c9d3f99c4336dc88bc098b8ea07b991dcfd
Parents: 9065c62
Author: Anthony Shaw <an...@apache.org>
Authored: Sun Apr 2 11:55:14 2017 +1000
Committer: Anthony Shaw <an...@apache.org>
Committed: Sun Apr 2 11:55:14 2017 +1000
----------------------------------------------------------------------
CHANGES.rst | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/d8757c9d/CHANGES.rst
----------------------------------------------------------------------
diff --git a/CHANGES.rst b/CHANGES.rst
index 9b2b802..ccdb572 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,11 @@ Changes in latest version of Apache Libcloud
Common
~~~~~~
+- Fix CertificateConnection not correctly signing requests in 2.0rc1, impacted
+ Azure classic driver, OpenStack and Docker driver
+ [GITHUB-1015]
+ (Anthony Shaw)
+
- Change Cloudscale to cloudscale.ch.
[GITHUB-993]
(David Halter)
[3/5] libcloud git commit: fix super naming
Posted by an...@apache.org.
fix super naming
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/1a3d4d8a
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/1a3d4d8a
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/1a3d4d8a
Branch: refs/heads/trunk
Commit: 1a3d4d8aff8ad3a9fdac6286e449f4756dcaecf6
Parents: 3637d7c
Author: Anthony Shaw <an...@apache.org>
Authored: Sun Apr 2 11:41:20 2017 +1000
Committer: Anthony Shaw <an...@apache.org>
Committed: Sun Apr 2 11:41:20 2017 +1000
----------------------------------------------------------------------
libcloud/httplib_ssl.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/1a3d4d8a/libcloud/httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py
index cf1c749..e78d92c 100644
--- a/libcloud/httplib_ssl.py
+++ b/libcloud/httplib_ssl.py
@@ -42,7 +42,7 @@ class SignedHTTPSAdapter(HTTPAdapter):
def __init__(self, cert_file, key_file):
self.cert_file = cert_file
self.key_file = key_file
- super(SignedX509Adapter, self).__init__()
+ super(SignedHTTPSAdapter, self).__init__()
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(