Updated ImageStreamer client to also accept a ca cert file

fgbulsoni · fgbulsoni · commit ed79be82429f · 2017-11-27T14:45:36.000-02:00
- Updated README to include using a certificate file on Image Streamer
- Updated config-rename.json example
diff --git a/README.md b/README.md
@@ -145,18 +145,28 @@ oneview_client = OneViewClient(config)
 
 To enable the SDK to establish a SSL connection to the HPE OneView server, it is necessary to generate a CA Cert file containing the server credentials.
 
-1. Fetch the HPE OneView Appliance CA certificate
-
-Example:
-
+1. Fetch the HPE OneView Appliance CA certificate.
 ```bash
 $ openssl s_client -showcerts -host <host> -port 443
 ```
 
-Copy the server certificate content from `-----BEGIN CERTIFICATE-----` to `-----END CERTIFICATE-----` (inclusive) into a `<file_name>.crt` file.
-
-2. Declare the CA Certificate location when creating a `config` dictionary
+2. Copy the server certificate wrapped with a header line and a footer line into a `<file_name>.crt` file.
+```
+-----BEGIN CERTIFICATE-----
+... (HPE OneView Appliance certificate in base64 PEM encoding) ...
+-----END CERTIFICATE-----
+```
+When using HPE Image Streamer, the server certificate for the HPE Image Streamer should also be added to the certificates file. Example:
+```
+-----BEGIN CERTIFICATE-----
+... (HPE OneView Appliance certificate in base64 PEM encoding) ...
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+... (HPE Image Streamer Appliance certificate in base64 PEM encoding) ...
+-----END CERTIFICATE-----
+```
 
+3. Declare the CA Certificate location when creating a `config` dictionary.
 ```python
 config = {
     "ip": "172.16.102.82",
diff --git a/examples/config-rename.json b/examples/config-rename.json
@@ -1,7 +1,8 @@
 {
   "ip": "172.16.102.59",
   "image_streamer_ip": "172.16.102.60",
-  "api_version": 300,
+  "api_version": 500,
+  "ssl_certificate": "",
   "credentials": {
     "userName": "administrator",
     "authLoginDomain": "",
diff --git a/hpOneView/connection.py b/hpOneView/connection.py
@@ -1,5 +1,4 @@
 # -*- coding: utf-8 -*
-
 ###
 # (C) Copyright (2012-2017) Hewlett Packard Enterprise Development LP
 #
@@ -68,6 +67,7 @@ def __init__(self, applianceIp, api_version=300, sslBundle=False):
         self._proxyPort = None
         self._doProxy = False
         self._sslTrustAll = True
+        self._sslBundle = sslBundle
         self._sslTrustedBundle = self.set_trusted_ssl_bundle(sslBundle)
         self._nextPage = None
         self._prevPage = None
@@ -91,7 +91,7 @@ def set_proxy(self, proxyHost, proxyPort):
         self._doProxy = True
 
     def set_trusted_ssl_bundle(self, sslBundle):
-        if sslBundle is not False:
+        if sslBundle:
             self._sslTrustAll = False
         return sslBundle
 
diff --git a/hpOneView/image_streamer/image_streamer_client.py b/hpOneView/image_streamer/image_streamer_client.py
@@ -44,8 +44,8 @@
 
 
 class ImageStreamerClient(object):
-    def __init__(self, ip, session_id, api_version):
-        self.__connection = connection(ip, api_version)
+    def __init__(self, ip, session_id, api_version, sslBundle=False):
+        self.__connection = connection(ip, api_version, sslBundle)
         self.__connection.set_session_id(session_id)
         self.__golden_images = None
         self.__plan_scripts = None
diff --git a/hpOneView/oneview_client.py b/hpOneView/oneview_client.py
@@ -286,7 +286,8 @@ def create_image_streamer_client(self):
         """
         image_streamer = ImageStreamerClient(self.__image_streamer_ip,
                                              self.__connection.get_session_id(),
-                                             self.__connection._apiVersion)
+                                             self.__connection._apiVersion,
+                                             self.__connection._sslBundle)
 
         return image_streamer
 
diff --git a/tests/unit/test_connection.py b/tests/unit/test_connection.py
@@ -984,7 +984,7 @@ def test_get_connection_ssl_trust_all_with_proxy(self):
     def test_get_connection_trusted_ssl_bundle_with_proxy(self, mock_lvl):
 
         self.connection.set_proxy('10.0.0.1', 3128)
-        self.connection.set_trusted_ssl_bundle(None)
+        self.connection.set_trusted_ssl_bundle('/test')
 
         conn = self.connection.get_connection()
 
@@ -995,7 +995,7 @@ def test_get_connection_trusted_ssl_bundle_with_proxy(self, mock_lvl):
     @patch.object(ssl.SSLContext, 'load_verify_locations')
     def test_get_connection_trusted_ssl_bundle(self, mock_lvl):
 
-        self.connection.set_trusted_ssl_bundle(None)
+        self.connection.set_trusted_ssl_bundle('/test')
 
         conn = self.connection.get_connection()
 
