Skip to content

Commit

Permalink
pylxd/client: guard against cert=None (#618)
Browse files Browse the repository at this point in the history
```
>>> import pylxd
>>> c = pylxd.Client(endpoint="https://127.0.0.1:8443/", cert=None,  verify=False)
/opt/pylxd/.tox/integration/lib/python3.12/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  warnings.warn(
>>> c.authenticate("password")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/pylxd/.tox/integration/lib/python3.12/site-packages/pylxd/client.py", line 573, in authenticate
    cert = open(self.api.session.cert[0]).read().encode("utf-8")
                ~~~~~~~~~~~~~~~~~~~~~^^^
TypeError: 'NoneType' object is not subscriptable
```
  • Loading branch information
simondeziel authored Dec 12, 2024
2 parents 42332f8 + f236500 commit c2f0f6b
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 4 deletions.
2 changes: 1 addition & 1 deletion doc/source/authentication.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ essentially meaning that the authentication has not yet occurred.
>>> from pylxd import Client
>>> client = Client(
... endpoint='http://10.0.0.1:8443',
... endpoint='https://10.0.0.1:8443',
... cert=('lxd.crt', 'lxd.key'))
>>> client.trusted
False
Expand Down
4 changes: 2 additions & 2 deletions doc/source/usage.rst
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ certificate to the `verify` argument:
>>> from pylxd import Client
>>> client = Client(
... endpoint='http://10.0.0.1:8443',
... endpoint='https://10.0.0.1:8443',
... cert=('/path/to/client.crt', '/path/to/client.key'),
... verify='/path/to/server.crt')
Expand All @@ -38,7 +38,7 @@ for TLS verification.
>>> from pylxd import Client
>>> client = Client(
... endpoint='http://10.0.0.1:8443',
... endpoint='https://10.0.0.1:8443',
... cert=('/path/to/client.crt', '/path/to/client.key'),
... verify=False)
Expand Down
10 changes: 9 additions & 1 deletion pylxd/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -570,7 +570,15 @@ def assert_has_api_extension(self, name):
def authenticate(self, secret, use_token_auth=True):
if self.trusted:
return
cert = open(self.api.session.cert[0]).read().encode("utf-8")

if not isinstance(self.api.session.cert, tuple):
raise exceptions.ClientConnectionFailed("No client certificate specified")

try:
with open(self.api.session.cert[0]) as f:
cert = f.read().encode("utf-8")
except FileNotFoundError:
raise exceptions.ClientConnectionFailed("Client certificate not found")

# Quirk to handle 5.21 that supports explicit trust tokens as well as
# password auth. We need to ascertain if the provided secret is indeed a
Expand Down

0 comments on commit c2f0f6b

Please sign in to comment.