There is an '-insecure' option for keystoneclient. https://github.com/openstack/python-keystoneclient/blob/master/keystoneclien t/shell.py:167 +1 on "-version" and consistency. Question is "-version" for API version or binary version, or should we have two separate options? J Guang From: Yun Mao [mailto:yunmao at gmail.com] Sent: Tuesday, November 27, 2012 7:52 AM To: OpenStack Development Mailing List Cc: Joe Heck Subject: Re: [openstack-dev] [Clients] Does the keystoneclient have an --insecure option like nova does? +1. :) Yun On Tue, Nov 27, 2012 at 9:59 AM, Jay Pipes <jaypipes at gmail.com> wrote: jp833r at c2r1:~$ keystone endpoint-list No handlers could be found for logger "keystoneclient.client" Authorization Failed: Unable to communicate with identity service: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. (HTTP 400) jp833r at c2r1:~$ keystone --insecure endpoint-list usage: keystone [--os_username <auth-user-name>] <snip> <subcommand> ... keystone: error: unrecognized arguments: --insecure Whereas nova has the --insecure option, but doesn't have such a nice error message indicating that certificate verify failed :) jp833r at c2r1:~$ nova list ERROR: n/a (HTTP 400) jp833r at c2r1:~$ nova --insecure list +----+------+--------+----------+ | ID | Name | Status | Networks | +----+------+--------+----------+ +----+------+--------+----------+ Thoughts? I think it would be great to get: 1) Some consistency between the two tools regarding how they indicate that cert verification failed 2) An --insecure option consistent in all clients for use in test/non-prod environments that have self-signed certs 3) The ability for all CLI tools to support a --version option (or version command) Do people agree? Best, -jay _______________________________________________ OpenStack-dev mailing list OpenStack-dev at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121127/d802ee09/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6186 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121127/d802ee09/attachment.bin>