fence-agents/SOURCES/bz1830776-fence_compute-fence_evacuate-fix-insecure-parameter.patch

From 8920d2fc7993453e7ad05f807f6ec51745b408a5 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 4 May 2020 16:53:55 +0200
Subject: [PATCH] fence_compute/fence_evacuate: fix --insecure parameter

---
 agents/compute/fence_compute.py        | 10 +++++++---
 agents/evacuate/fence_evacuate.py      | 10 +++++++---
 tests/data/metadata/fence_compute.xml  |  2 +-
 tests/data/metadata/fence_evacuate.xml |  2 +-
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/agents/compute/fence_compute.py b/agents/compute/fence_compute.py
index d0e012e6..f53b97da 100644
--- a/agents/compute/fence_compute.py
+++ b/agents/compute/fence_compute.py
@@ -281,7 +281,7 @@ def create_nova_connection(options):
 
 	loader = loading.get_plugin_loader('password')
 	keystone_auth = loader.load_from_options(**kwargs)
-	keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))
+	keystone_session = session.Session(auth=keystone_auth, verify=not "--insecure" in options)
 
 	nova_versions = [ "2.11", "2" ]
 	for version in nova_versions:
@@ -307,7 +307,7 @@ def create_nova_connection(options):
 					     None, # Password
 					     None, # Tenant
 					     None, # Auth URL
-					     insecure=options["--insecure"],
+					     insecure="--insecure" in options,
 					     region_name=options["--region-name"],
 					     endpoint_type=options["--endpoint-type"],
 					     session=keystone_session, auth=keystone_auth,
@@ -395,7 +395,6 @@ def define_new_opts():
 		"help" : "--insecure                     Explicitly allow agent to perform \"insecure\" TLS (https) requests",
 		"required" : "0",
 		"shortdesc" : "Allow Insecure TLS Requests",
-		"default" : "False",
 		"order": 2,
 	}
 	all_opt["domain"] = {
@@ -484,6 +483,11 @@ def main():
 		options["--domain"] = options["--compute-domain"]
 		del options["--domain"]
 
+	# Disable insecure-certificate-warning message
+	if "--insecure" in options:
+		import urllib3
+		urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
 	logging.debug("Running "+options["--action"])
 	connection = create_nova_connection(options)
 
diff --git a/agents/evacuate/fence_evacuate.py b/agents/evacuate/fence_evacuate.py
index 60bb130e..88837dd8 100644
--- a/agents/evacuate/fence_evacuate.py
+++ b/agents/evacuate/fence_evacuate.py
@@ -217,7 +217,7 @@ def create_nova_connection(options):
 
 	loader = loading.get_plugin_loader('password')
 	keystone_auth = loader.load_from_options(**kwargs)
-	keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))
+	keystone_session = session.Session(auth=keystone_auth, verify=not "--insecure" in options)
 
 	versions = [ "2.11", "2" ]
 	for version in versions:
@@ -244,7 +244,7 @@ def create_nova_connection(options):
 					     None, # Password
 					     None, # Tenant
 					     None, # Auth URL
-					     insecure=options["--insecure"],
+					     insecure="--insecure" in options,
 					     region_name=options["--region-name"],
 					     endpoint_type=options["--endpoint-type"],
 					     session=keystone_session, auth=keystone_auth,
@@ -332,7 +332,6 @@ def define_new_opts():
 		"help" : "--insecure                                     Explicitly allow agent to perform \"insecure\" TLS (https) requests",
 		"required" : "0",
 		"shortdesc" : "Allow Insecure TLS Requests",
-		"default" : "False",
 		"order": 2,
 	}
 	all_opt["domain"] = {
@@ -397,6 +396,11 @@ def main():
 		del options["--domain"]
 
 
+	# Disable insecure-certificate-warning message
+	if "--insecure" in options:
+		import urllib3
+		urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
 	connection = create_nova_connection(options)
 
 	# Un-evacuating a server doesn't make sense
diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml
index 99d56af0..2f183268 100644
--- a/tests/data/metadata/fence_compute.xml
+++ b/tests/data/metadata/fence_compute.xml
@@ -70,7 +70,7 @@
 	</parameter>
 	<parameter name="insecure" unique="0" required="0">
 		<getopt mixed="--insecure" />
-		<content type="boolean" default="False"  />
+		<content type="boolean"  />
 		<shortdesc lang="en">Allow Insecure TLS Requests</shortdesc>
 	</parameter>
 	<parameter name="project-domain" unique="0" required="0" deprecated="1">
diff --git a/tests/data/metadata/fence_evacuate.xml b/tests/data/metadata/fence_evacuate.xml
index 8c720b80..95da0e1b 100644
--- a/tests/data/metadata/fence_evacuate.xml
+++ b/tests/data/metadata/fence_evacuate.xml
@@ -70,7 +70,7 @@
 	</parameter>
 	<parameter name="insecure" unique="0" required="0">
 		<getopt mixed="--insecure" />
-		<content type="boolean" default="False"  />
+		<content type="boolean"  />
 		<shortdesc lang="en">Allow Insecure TLS Requests</shortdesc>
 	</parameter>
 	<parameter name="project-domain" unique="0" required="0" deprecated="1">
import fence-agents-4.2.1-53.el8 2020-11-03 11:56:06 +00:00			`From 8920d2fc7993453e7ad05f807f6ec51745b408a5 Mon Sep 17 00:00:00 2001`
			`From: Oyvind Albrigtsen <oalbrigt@redhat.com>`
			`Date: Mon, 4 May 2020 16:53:55 +0200`
			`Subject: [PATCH] fence_compute/fence_evacuate: fix --insecure parameter`

			`---`
			`agents/compute/fence_compute.py \| 10 +++++++---`
			`agents/evacuate/fence_evacuate.py \| 10 +++++++---`
			`tests/data/metadata/fence_compute.xml \| 2 +-`
			`tests/data/metadata/fence_evacuate.xml \| 2 +-`
			`4 files changed, 16 insertions(+), 8 deletions(-)`

			`diff --git a/agents/compute/fence_compute.py b/agents/compute/fence_compute.py`
			`index d0e012e6..f53b97da 100644`
			`--- a/agents/compute/fence_compute.py`
			`+++ b/agents/compute/fence_compute.py`
			`@@ -281,7 +281,7 @@ def create_nova_connection(options):`

			`loader = loading.get_plugin_loader('password')`
			`keystone_auth = loader.load_from_options(**kwargs)`
			`- keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))`
			`+ keystone_session = session.Session(auth=keystone_auth, verify=not "--insecure" in options)`

			`nova_versions = [ "2.11", "2" ]`
			`for version in nova_versions:`
			`@@ -307,7 +307,7 @@ def create_nova_connection(options):`
			`None, # Password`
			`None, # Tenant`
			`None, # Auth URL`
			`- insecure=options["--insecure"],`
			`+ insecure="--insecure" in options,`
			`region_name=options["--region-name"],`
			`endpoint_type=options["--endpoint-type"],`
			`session=keystone_session, auth=keystone_auth,`
			`@@ -395,7 +395,6 @@ def define_new_opts():`
			`"help" : "--insecure Explicitly allow agent to perform \"insecure\" TLS (https) requests",`
			`"required" : "0",`
			`"shortdesc" : "Allow Insecure TLS Requests",`
			`- "default" : "False",`
			`"order": 2,`
			`}`
			`all_opt["domain"] = {`
			`@@ -484,6 +483,11 @@ def main():`
			`options["--domain"] = options["--compute-domain"]`
			`del options["--domain"]`

			`+ # Disable insecure-certificate-warning message`
			`+ if "--insecure" in options:`
			`+ import urllib3`
			`+ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`
			`+`
			`logging.debug("Running "+options["--action"])`
			`connection = create_nova_connection(options)`

			`diff --git a/agents/evacuate/fence_evacuate.py b/agents/evacuate/fence_evacuate.py`
			`index 60bb130e..88837dd8 100644`
			`--- a/agents/evacuate/fence_evacuate.py`
			`+++ b/agents/evacuate/fence_evacuate.py`
			`@@ -217,7 +217,7 @@ def create_nova_connection(options):`

			`loader = loading.get_plugin_loader('password')`
			`keystone_auth = loader.load_from_options(**kwargs)`
			`- keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))`
			`+ keystone_session = session.Session(auth=keystone_auth, verify=not "--insecure" in options)`

			`versions = [ "2.11", "2" ]`
			`for version in versions:`
			`@@ -244,7 +244,7 @@ def create_nova_connection(options):`
			`None, # Password`
			`None, # Tenant`
			`None, # Auth URL`
			`- insecure=options["--insecure"],`
			`+ insecure="--insecure" in options,`
			`region_name=options["--region-name"],`
			`endpoint_type=options["--endpoint-type"],`
			`session=keystone_session, auth=keystone_auth,`
			`@@ -332,7 +332,6 @@ def define_new_opts():`
			`"help" : "--insecure Explicitly allow agent to perform \"insecure\" TLS (https) requests",`
			`"required" : "0",`
			`"shortdesc" : "Allow Insecure TLS Requests",`
			`- "default" : "False",`
			`"order": 2,`
			`}`
			`all_opt["domain"] = {`
			`@@ -397,6 +396,11 @@ def main():`
			`del options["--domain"]`


			`+ # Disable insecure-certificate-warning message`
			`+ if "--insecure" in options:`
			`+ import urllib3`
			`+ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`
			`+`
			`connection = create_nova_connection(options)`

			`# Un-evacuating a server doesn't make sense`
			`diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml`
			`index 99d56af0..2f183268 100644`
			`--- a/tests/data/metadata/fence_compute.xml`
			`+++ b/tests/data/metadata/fence_compute.xml`
			`@@ -70,7 +70,7 @@`
			`</parameter>`
			`<parameter name="insecure" unique="0" required="0">`
			`<getopt mixed="--insecure" />`
			`- <content type="boolean" default="False" />`
			`+ <content type="boolean" />`
			`<shortdesc lang="en">Allow Insecure TLS Requests</shortdesc>`
			`</parameter>`
			`<parameter name="project-domain" unique="0" required="0" deprecated="1">`
			`diff --git a/tests/data/metadata/fence_evacuate.xml b/tests/data/metadata/fence_evacuate.xml`
			`index 8c720b80..95da0e1b 100644`
			`--- a/tests/data/metadata/fence_evacuate.xml`
			`+++ b/tests/data/metadata/fence_evacuate.xml`
			`@@ -70,7 +70,7 @@`
			`</parameter>`
			`<parameter name="insecure" unique="0" required="0">`
			`<getopt mixed="--insecure" />`
			`- <content type="boolean" default="False" />`
			`+ <content type="boolean" />`
			`<shortdesc lang="en">Allow Insecure TLS Requests</shortdesc>`
			`</parameter>`
			`<parameter name="project-domain" unique="0" required="0" deprecated="1">`