def select(endpoint,
cert=None,
key=None,
pem=None,
ca=None,
aad=False,
no_verify=False):
#pylint: disable-msg=too-many-locals
"""
Connects to a Service Fabric cluster endpoint.
If connecting to secure cluster specify an absolute path to a cert (.crt)
and key file (.key) or a single file with both (.pem). Do not specify both.
Optionally, if connecting to a secure cluster, specify also an absolute
path to a CA bundle file or directory of trusted CA certs.
:param str endpoint: Cluster endpoint URL, including port and HTTP or HTTPS
prefix
:param str cert: Absolute path to a client certificate file
:param str key: Absolute path to client certificate key file
:param str pem: Absolute path to client certificate, as a .pem file
:param str ca: Absolute path to CA certs directory to treat as valid
or CA bundle
file
:param bool aad: Use Azure Active Directory for authentication
:param bool no_verify: Disable verification for certificates when using
HTTPS, note: this is an insecure option and should not be used for
production environments
"""
from sfctl.config import (set_ca_cert, set_auth, set_aad_cache,
set_cluster_endpoint, set_no_verify)
from msrest import ServiceClient, Configuration
from sfctl.auth import ClientCertAuthentication, AdalAuthentication
select_arg_verify(endpoint, cert, key, pem, ca, aad, no_verify)
if aad:
new_token, new_cache = get_aad_token(endpoint, no_verify)
set_aad_cache(new_token, new_cache)
rest_client = ServiceClient(AdalAuthentication(no_verify),
Configuration(endpoint))
# Make sure basic GET request succeeds
rest_client.send(rest_client.get('/')).raise_for_status()
else:
client_cert = None
if pem:
client_cert = pem
elif cert:
client_cert = (cert, key)
rest_client = ServiceClient(
ClientCertAuthentication(client_cert, ca, no_verify),
Configuration(endpoint))
# Make sure basic GET request succeeds
rest_client.send(rest_client.get('/')).raise_for_status()
set_cluster_endpoint(endpoint)
set_no_verify(no_verify)
set_ca_cert(ca)
set_auth(pem, cert, key, aad)
def select(endpoint='http://localhost:19080', cert=None, key=None, pem=None, ca=None, #pylint: disable=invalid-name, too-many-arguments
aad=False, no_verify=False):
#pylint: disable-msg=too-many-locals
"""
Connects to a Service Fabric cluster endpoint.
If connecting to secure cluster, specify an absolute path to a cert (.crt)
and key file (.key) or a single file with both (.pem). Do not specify both.
Optionally, if connecting to a secure cluster, also specify an absolute
path to a CA bundle file or directory of trusted CA certs.
There is no connection to a cluster without running this command first, including
a connection to localhost. However, no explicit endpoint is required for connecting
to a local cluster.
If using a self signed cert, or other certificate not signed by a well known CA,
pass in the --ca parameter to ensure that validation passes. If not on a production
cluster, to bypass client side validation (useful for self signed or not well known
CA signed), use the --no-verify option. While possible, it is not recommended for
production clusters. A certificate verification error may result otherwise.
:param str endpoint: Cluster endpoint URL, including port and HTTP or HTTPS
prefix. Typically, the endpoint will look something like https://<your-url>:19080.
If no endpoint is given, it will default to http://localhost:19080.
:param str cert: Absolute path to a client certificate file
:param str key: Absolute path to client certificate key file
:param str pem: Absolute path to client certificate, as a .pem file
:param str ca: Absolute path to CA certs directory to treat as valid
or CA bundle file. If using a
directory of CA certs, `c_rehash <directory>` provided by OpenSSL must be run first to compute
the certificate hashes and create the appropriate symbolics links.
This is used to verify that the certificate returned by the cluster is valid
:param bool aad: Use Azure Active Directory for authentication
:param bool no_verify: Disable verification for certificates when using
HTTPS, note: this is an insecure option and should not be used for
production environments
"""
# Regarding c_rehash:
# The c_rehash is needed when specifying a CA certs directory
# because requests.Sessions which is used underneath requires
# the c_rehash operation to be performed.
# See http://docs.python-requests.org/en/master/user/advanced/
from sfctl.config import (set_ca_cert, set_auth,
set_cluster_endpoint,
set_no_verify)
select_arg_verify(endpoint, cert, key, pem, ca, aad, no_verify)
# Make sure basic GET request succeeds
rest_client = _get_rest_client(endpoint, cert, key, pem, ca, aad, no_verify)
rest_client.send(rest_client.get('/')).raise_for_status()
set_cluster_endpoint(endpoint)
set_no_verify(no_verify)
set_ca_cert(ca)
set_auth(pem, cert, key, aad)
def select(
endpoint,
cert=None,
key=None,
pem=None,
ca=None, #pylint: disable=invalid-name, too-many-arguments
aad=False,
no_verify=False):
#pylint: disable-msg=too-many-locals
"""
Connects to a Service Fabric cluster endpoint.
If connecting to secure cluster, specify an absolute path to a cert (.crt)
and key file (.key) or a single file with both (.pem). Do not specify both.
Optionally, if connecting to a secure cluster, also specify an absolute
path to a CA bundle file or directory of trusted CA certs. If using a
directory of CA certs, `c_rehash <directory>` provided by OpenSSL must be run first to compute
the certificate hashes and create the appropriate symbolics links.
Typically, the endpoint will look something like https://<your-url>:19080
:param str endpoint: Cluster endpoint URL, including port and HTTP or HTTPS
prefix
:param str cert: Absolute path to a client certificate file
:param str key: Absolute path to client certificate key file
:param str pem: Absolute path to client certificate, as a .pem file
:param str ca: Absolute path to CA certs directory to treat as valid
or CA bundle
file
:param bool aad: Use Azure Active Directory for authentication
:param bool no_verify: Disable verification for certificates when using
HTTPS, note: this is an insecure option and should not be used for
production environments
"""
# Regarding c_rehash:
# The c_rehash is needed when specifying a CA certs directory
# because requests.Sessions which is used underneath requires
# the c_rehash operation to be performed.
# See http://docs.python-requests.org/en/master/user/advanced/
from sfctl.config import (set_ca_cert, set_auth, set_cluster_endpoint,
set_no_verify)
select_arg_verify(endpoint, cert, key, pem, ca, aad, no_verify)
# Make sure basic GET request succeeds
rest_client = _get_rest_client(endpoint, cert, key, pem, ca, aad,
no_verify)
rest_client.send(rest_client.get('/')).raise_for_status()
set_cluster_endpoint(endpoint)
set_no_verify(no_verify)
set_ca_cert(ca)
set_auth(pem, cert, key, aad)
