diff --git a/README.md b/README.md index dc722a3c..8da86743 100644 --- a/README.md +++ b/README.md @@ -145,18 +145,28 @@ oneview_client = OneViewClient(config) To enable the SDK to establish a SSL connection to the HPE OneView server, it is necessary to generate a CA Cert file containing the server credentials. -1. Fetch the HPE OneView Appliance CA certificate - -Example: - +1. Fetch the HPE OneView Appliance CA certificate. ```bash $ openssl s_client -showcerts -host -port 443 ``` -Copy the server certificate content from `-----BEGIN CERTIFICATE-----` to `-----END CERTIFICATE-----` (inclusive) into a `.crt` file. - -2. Declare the CA Certificate location when creating a `config` dictionary +2. Copy the server certificate wrapped with a header line and a footer line into a `.crt` file. +``` +-----BEGIN CERTIFICATE----- +... (HPE OneView Appliance certificate in base64 PEM encoding) ... +-----END CERTIFICATE----- +``` +When using HPE Image Streamer, the server certificate for the HPE Image Streamer should also be added to the certificates file. Example: +``` +-----BEGIN CERTIFICATE----- +... (HPE OneView Appliance certificate in base64 PEM encoding) ... +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +... (HPE Image Streamer Appliance certificate in base64 PEM encoding) ... +-----END CERTIFICATE----- +``` +3. Declare the CA Certificate location when creating a `config` dictionary. ```python config = { "ip": "172.16.102.82", diff --git a/examples/config-rename.json b/examples/config-rename.json index 68f02e11..28a8ebee 100644 --- a/examples/config-rename.json +++ b/examples/config-rename.json @@ -1,7 +1,8 @@ { "ip": "172.16.102.59", "image_streamer_ip": "172.16.102.60", - "api_version": 300, + "api_version": 500, + "ssl_certificate": "", "credentials": { "userName": "administrator", "authLoginDomain": "", diff --git a/hpOneView/connection.py b/hpOneView/connection.py index 277fc4c0..2d8e8301 100644 --- a/hpOneView/connection.py +++ b/hpOneView/connection.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -* - ### # (C) Copyright (2012-2017) Hewlett Packard Enterprise Development LP # @@ -68,6 +67,7 @@ def __init__(self, applianceIp, api_version=300, sslBundle=False): self._proxyPort = None self._doProxy = False self._sslTrustAll = True + self._sslBundle = sslBundle self._sslTrustedBundle = self.set_trusted_ssl_bundle(sslBundle) self._nextPage = None self._prevPage = None @@ -91,7 +91,7 @@ def set_proxy(self, proxyHost, proxyPort): self._doProxy = True def set_trusted_ssl_bundle(self, sslBundle): - if sslBundle is not False: + if sslBundle: self._sslTrustAll = False return sslBundle diff --git a/hpOneView/image_streamer/image_streamer_client.py b/hpOneView/image_streamer/image_streamer_client.py index 8e89bd04..e15d777a 100644 --- a/hpOneView/image_streamer/image_streamer_client.py +++ b/hpOneView/image_streamer/image_streamer_client.py @@ -44,8 +44,8 @@ class ImageStreamerClient(object): - def __init__(self, ip, session_id, api_version): - self.__connection = connection(ip, api_version) + def __init__(self, ip, session_id, api_version, sslBundle=False): + self.__connection = connection(ip, api_version, sslBundle) self.__connection.set_session_id(session_id) self.__golden_images = None self.__plan_scripts = None diff --git a/hpOneView/oneview_client.py b/hpOneView/oneview_client.py index 03cf64fb..50c4cec7 100755 --- a/hpOneView/oneview_client.py +++ b/hpOneView/oneview_client.py @@ -286,7 +286,8 @@ def create_image_streamer_client(self): """ image_streamer = ImageStreamerClient(self.__image_streamer_ip, self.__connection.get_session_id(), - self.__connection._apiVersion) + self.__connection._apiVersion, + self.__connection._sslBundle) return image_streamer diff --git a/tests/unit/test_connection.py b/tests/unit/test_connection.py index 588644a5..22dc9762 100644 --- a/tests/unit/test_connection.py +++ b/tests/unit/test_connection.py @@ -984,7 +984,7 @@ def test_get_connection_ssl_trust_all_with_proxy(self): def test_get_connection_trusted_ssl_bundle_with_proxy(self, mock_lvl): self.connection.set_proxy('10.0.0.1', 3128) - self.connection.set_trusted_ssl_bundle(None) + self.connection.set_trusted_ssl_bundle('/test') conn = self.connection.get_connection() @@ -995,7 +995,7 @@ def test_get_connection_trusted_ssl_bundle_with_proxy(self, mock_lvl): @patch.object(ssl.SSLContext, 'load_verify_locations') def test_get_connection_trusted_ssl_bundle(self, mock_lvl): - self.connection.set_trusted_ssl_bundle(None) + self.connection.set_trusted_ssl_bundle('/test') conn = self.connection.get_connection()