Repository : http://git.fedorahosted.org/cgit/cura-tools.git
On branch : openlmi-tools-lmiwbem
>---------------------------------------------------------------
commit 2106eeac9c8f0854cd0ade714de92c765b9bf87f
Author: Peter Hatina <phatina(a)redhat.com>
Date: Tue Apr 22 11:27:15 2014 +0200
introduce secure connection for indications using SSL
>---------------------------------------------------------------
cli/lmi/shell/LMIMethod.py | 16 ++++++++++------
cli/lmi/shell/LMIShellConfig.py | 30 ++++++++++++++++++++++++++++++
doc/src/shell/builtins.rst | 11 +++++++++++
doc/src/shell/indications.rst | 13 +++++--------
doc/src/shell/instances.rst | 2 ++
5 files changed, 58 insertions(+), 14 deletions(-)
diff --git a/cli/lmi/shell/LMIMethod.py b/cli/lmi/shell/LMIMethod.py
index 0eb931c..8169ff2 100644
--- a/cli/lmi/shell/LMIMethod.py
+++ b/cli/lmi/shell/LMIMethod.py
@@ -24,6 +24,7 @@ import collections
from LMIBaseObject import LMIWrapperBaseObject
from LMIBaseClient import LMIBaseClient
+from LMIShellConfig import LMIShellConfig
from LMIObjectFactory import LMIObjectFactory
from LMIFormatter import LMIMethodFormatter
from LMIFormatter import LMIMofFormatter
@@ -293,7 +294,10 @@ class LMIMethod(LMIWrapperBaseObject):
port = LMIMethod._INDICATION_DESTINATION_PORT
for i in xrange(LMIMethod._INDICATION_BIND_TRIES):
try:
- listener.start(port)
+ cert_file = LMIShellConfig
+ listener.start(port,
+ LMIShellConfig().cert_file,
+ LMIShellConfig().key_file)
break
except lmiwbem.ConnectionError, e:
port += 1
@@ -311,7 +315,6 @@ class LMIMethod(LMIWrapperBaseObject):
raise LMISynchroMethodCallFilterError(errorstr)
cim_filter = cim_filters[0]
- # Create handler object
netloc = urlparse.urlparse(self._conn.uri).netloc
if not netloc:
listener.stop()
@@ -330,12 +333,13 @@ class LMIMethod(LMIWrapperBaseObject):
raise LMISynchroMethodCallError(errorstr)
destination = s.getsockname()[0]
s.close()
- # NOTE: For now, we are using insecure HTTP as a transport protocol.
- # TODO: Switch to HTTPS
+
+ # Create handler object
cim_handler_props = {
"Name" : indication_name,
- "Destination" : "http://%s:%d/CIMListener/%s" % (destination,
- port, indication_name),
+ "Destination" : "%s://%s:%d/CIMListener/%s" % (
+ "https" if listener.uses_ssl else "http",
+ destination, port, indication_name),
}
cim_handler, _, _ = self._conn._client._create_instance(
"CIM_IndicationHandlerCIMXML",
diff --git a/cli/lmi/shell/LMIShellConfig.py b/cli/lmi/shell/LMIShellConfig.py
index e134747..35f14d7 100644
--- a/cli/lmi/shell/LMIShellConfig.py
+++ b/cli/lmi/shell/LMIShellConfig.py
@@ -31,6 +31,8 @@ class LMIShellConfig(object):
DEFAULT_HISTORY_LENGTH = -1
DEFAULT_USE_CACHE = True
DEFAULT_USE_EXCEPTIONS = False
+ DEFAULT_LISTENER_CERT_FILE = ""
+ DEFAULT_LISTENER_KEY_FILE = ""
def __init__(self):
try:
@@ -41,6 +43,10 @@ class LMIShellConfig(object):
self._history_length = conf.get("history_length", LMIShellConfig.DEFAULT_HISTORY_LENGTH)
self._use_cache = conf.get("use_cache", LMIShellConfig.DEFAULT_USE_CACHE)
self._use_exceptions = conf.get("use_exceptions", LMIShellConfig.DEFAULT_USE_EXCEPTIONS)
+ self._indication_cert_file = conf.get("indication_cert_file",
+ LMIShellConfig.DEFAULT_LISTENER_CERT_FILE)
+ self._indication_key_file = conf.get("indication_key_file",
+ LMIShellConfig.DEFAULT_LISTENER_KEY_FILE)
except (SyntaxError, IOError), e:
if isinstance(e, SyntaxError):
sys.stderr.write("Error: %s\n" % e)
@@ -48,6 +54,8 @@ class LMIShellConfig(object):
self._history_length = LMIShellConfig.DEFAULT_HISTORY_LENGTH
self._use_cache = LMIShellConfig.DEFAULT_USE_CACHE
self._use_exceptions = LMIShellConfig.DEFAULT_USE_EXCEPTIONS
+ self._indication_cert_file = LMIShellConfig.DEFAULT_LISTENER_CERT_FILE
+ self._indication_key_file = LMIShellConfig.DEFAULT_LISTENER_KEY_FILE
@property
def history_file(self):
@@ -90,3 +98,25 @@ class LMIShellConfig(object):
:rtype: bool
"""
return self._use_exceptions
+
+ @property
+ def cert_file(self):
+ """
+ Property returning a file name containing x509 certificate. This
+ is used for :py:class:`.LMIIndicationListener`.
+
+ :returns: x509 certificate file name
+ :rtype: string
+ """
+ return self._indication_cert_file
+
+ @property
+ def key_file(self):
+ """
+ Property returning a file name containing x509 certificate private key.
+ This is used for :py:class:`.LMIIndicationListener`.
+
+ :returns: x509 certificate private key
+ :rtype: string
+ """
+ return self._indication_key_file
diff --git a/doc/src/shell/builtins.rst b/doc/src/shell/builtins.rst
index b6449cc..2b0ba3a 100644
--- a/doc/src/shell/builtins.rst
+++ b/doc/src/shell/builtins.rst
@@ -17,6 +17,17 @@ In configuration file, you can set these properties:
use_cache = True
# default value for exceptions
use_exceptions = False
+ # default value for indication_cert_file
+ indication_cert_file = ""
+ # default value for indication_key_file
+ indication_key_file = ""
+
+**NOTE:** :py:obj:`indication_cert_file` and :py:obj:`indication_key_file` are
+used by :ref:`instance_sync_methods`, if the given method waits for an
+indication using :py:class:`.LMIIndicationListener`. Both configuration options
+may contain path to X509 certificate and private key in PEM format,
+respectively. If the configuration options are not set, SSL connection will not
+be used.
Inspecting a script
-------------------
diff --git a/doc/src/shell/indications.rst b/doc/src/shell/indications.rst
index 57cad2f..a69de2e 100644
--- a/doc/src/shell/indications.rst
+++ b/doc/src/shell/indications.rst
@@ -34,7 +34,7 @@ indication:
... do_something_with(indication)
> listener = LMIIndicationListener()
> unique_name = listener.add_handler("indication-name-XXXXXXXX", handler, arg1, arg2, **kwargs)
- > listener.start(listening_port)
+ > listener.start(listening_port, cert_file, key_file)
>
The first argument of the handler is a :py:class:`lmiwbem.CIMInstance` object;
@@ -49,14 +49,11 @@ uniqueness capability is not mandatory but is highly recommended. The
substituted name is returned as the result of the
:py:meth:`.LMIIndicationListener.add_handler` method so it can be used later.
-.. The :py:class:`.LMIIndicationListener` constructor takes up to four
- arguments, two mandatory (hostname and port) and two optional when using SSL
- (certfile and keyfile). It returns an :py:class:`.LMIIndicationListener`
- object.
+When all necessary handlers are registered, the listener can be started by
+calling :py:meth:`.LMIIndicationListener.start`, which takes up to three
+arguments, one mandatory (port) and two optional when using SSL (cert_file and
+key_file; paths to X509 certificate and private key in PEM format).
-When all necessary handlers are registered, the
-:py:class:`.LMIIndicationListener` can be started by calling
-:py:meth:`.LMIIndicationListener.start`.
Subscribing to an indication
----------------------------
diff --git a/doc/src/shell/instances.rst b/doc/src/shell/instances.rst
index ff837d5..7bc1599 100644
--- a/doc/src/shell/instances.rst
+++ b/doc/src/shell/instances.rst
@@ -55,6 +55,8 @@ The tuple in the previous example will contain return value of the method call
(``rval``), returned parameters (``rparams``) and possible error string
(``errorstr``).
+.. _instance_sync_methods:
+
Synchronous methods
^^^^^^^^^^^^^^^^^^^
LMIShell can perform synchronous method call, which means, that the LMIShell is
Repository : http://git.fedorahosted.org/cgit/cura-tools.git
On branch : master
>---------------------------------------------------------------
commit 2c98176e6c1c51df115096824905908f00e2ba06
Author: Peter Hatina <phatina(a)redhat.com>
Date: Fri Apr 18 09:34:58 2014 +0200
fix LMINamespace.__getattr__() doc string
>---------------------------------------------------------------
cli/lmi/shell/LMINamespace.py | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/cli/lmi/shell/LMINamespace.py b/cli/lmi/shell/LMINamespace.py
index 9ee4428..6ead4f7 100644
--- a/cli/lmi/shell/LMINamespace.py
+++ b/cli/lmi/shell/LMINamespace.py
@@ -37,11 +37,10 @@ class LMINamespace(LMIWrapperBaseObject):
def __getattr__(self, name):
"""
- Returns a :py:class:`LMIClass` object, but first it fetches the classes list from the
- CIMOM.
+ Returns a :py:class:`LMIClass` object.
- :param string name: class member, class name
- :returns: class member or :py:class:`LMIClass` object
+ :param string name: class name
+ :returns: :py:class:`LMIClass` object
"""
if name in self.__dict__:
return self.__dict__[name]
Repository : http://git.fedorahosted.org/cgit/cura-tools.git
On branch : openlmi-tools-lmiwbem
>---------------------------------------------------------------
commit f6de3ecada1e67c70bc0ce385414c7593a2d13b5
Author: Peter Hatina <phatina(a)redhat.com>
Date: Fri Apr 18 07:46:44 2014 +0200
simplify LMIShellClient._get_class() interface
Applicable for full fetching of CIMClass objects. Parameter full_fetch,
if specified, overrides IncludeQualifiers and IncludeClassOrigin.
>---------------------------------------------------------------
cli/lmi/shell/LMIClass.py | 6 ++----
cli/lmi/shell/LMIShellClient.py | 11 ++++++++++-
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/cli/lmi/shell/LMIClass.py b/cli/lmi/shell/LMIClass.py
index 147f788..0c440c1 100644
--- a/cli/lmi/shell/LMIClass.py
+++ b/cli/lmi/shell/LMIClass.py
@@ -149,10 +149,8 @@ class LMIClass(LMIWrapperBaseObject):
self._cim_class, _, _ = self._conn._client._get_class(
self._cim_classname,
self._namespace.name,
- full_fetch,
- LocalOnly=False,
- IncludeQualifiers=full_fetch,
- IncludeClassOrigin=full_fetch)
+ full_fetch=full_fetch,
+ LocalOnly=False)
except:
raise
finally:
diff --git a/cli/lmi/shell/LMIShellClient.py b/cli/lmi/shell/LMIShellClient.py
index 2eac9dc..809a6b5 100644
--- a/cli/lmi/shell/LMIShellClient.py
+++ b/cli/lmi/shell/LMIShellClient.py
@@ -86,13 +86,15 @@ class LMIShellClient(LMIBaseClient):
return LMIReturnValue(rval=class_list)
return LMIBaseClient._get_class_names(self, namespace, **kwargs)
- def _get_class(self, class_name, namespace=None, full_fetch=False, **kwargs):
+ def _get_class(self, class_name, namespace=None, **kwargs):
"""
Returns a :class:`CIMClass` object.
:param string class_name: class name
:param string namespace: namespace name, from which the class should be retrieved;
if None, default namespace will be used (**NOTE:** see :mod:`lmiwbem`)
+ :param bool full_fetch: if specified, it overrides IncludeQualifiers
+ and IncludeClassOrigin parameters
:param bool LocalOnly:indicates, if only local members should be present in the
returned :class:`CIMClass`; any CIM elements (properties, methods, and
qualifiers), except those added or overridden in the class as specified in the
@@ -118,6 +120,13 @@ class LMIShellClient(LMIBaseClient):
appropriate error string
:raises: :exc:`CIMError`, :exc:`ConnectionError`
"""
+ # Override IncludeQualifiers and IncludeClassOrigin, if full_fetch
+ # parameter was specified.
+ full_fetch = kwargs.pop("full_fetch", None)
+ if not full_fetch is None:
+ kwargs["IncludeQualifiers"] = full_fetch
+ kwargs["IncludeClassOrigin"] = full_fetch
+
if self._cache.active:
cls_cache_entry = self._cache.get_class(class_name, namespace)
if cls_cache_entry is None or (not cls_cache_entry.full_fetch and full_fetch):