[openstack-dev] [Clients] Does the keystoneclient have an --insecure option like nova does?

Yun Mao yunmao at gmail.com
Tue Nov 27 15:52:25 UTC 2012


+1. :)

Yun


On Tue, Nov 27, 2012 at 9:59 AM, Jay Pipes <jaypipes at gmail.com> wrote:

> jp833r at c2r1:~$ keystone endpoint-list
> No handlers could be found for logger "keystoneclient.client"
> Authorization Failed: Unable to communicate with identity service:
> [Errno 1] _ssl.c:504: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. (HTTP 400)
> jp833r at c2r1:~$ keystone --insecure endpoint-list
> usage: keystone [--os_username <auth-user-name>]
> <snip>
>                 <subcommand> ...
> keystone: error: unrecognized arguments: --insecure
>
> Whereas nova has the --insecure option, but doesn't have such a nice
> error message indicating that certificate verify failed :)
>
> jp833r at c2r1:~$ nova list
> ERROR: n/a (HTTP 400)
> jp833r at c2r1:~$ nova --insecure list
> +----+------+--------+----------+
> | ID | Name | Status | Networks |
> +----+------+--------+----------+
> +----+------+--------+----------+
>
> Thoughts? I think it would be great to get:
>
> 1) Some consistency between the two tools regarding how they indicate
> that cert verification failed
>
> 2) An --insecure option consistent in all clients for use in
> test/non-prod environments that have self-signed certs
>
> 3) The ability for all CLI tools to support a --version option (or
> version command)
>
> Do people agree?
>
> Best,
> -jay
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121127/b0376446/attachment.html>


More information about the OpenStack-dev mailing list