adding support for cacert verification

2025-04-17 10:10:20 +00:00 · 2017-04-18 14:13:11 -06:00 · 2017-04-18 14:13:11 -06:00 · c24dfe3fba
commit c24dfe3fba
parent bfaf5e322d
2 changed files with 7 additions and 2 deletions
--- a/salt/cloud/clouds/nova.py
+++ b/salt/cloud/clouds/nova.py
@ -301,6 +301,11 @@ def get_conn():
    if 'password' in vm_:
        kwargs['password'] = vm_['password']

+    if 'verify' in vm_ and vm_['use_keystoneauth'] == True:
+        kwargs['verify'] = vm_['verify']
+    elif 'verify' in vm_ and vm_['use_keystoneauth'] == False:
+        log.warning('SSL Certificate verification variable is specified but keystoneauth is not used')
+        
    conn = nova.SaltNova(**kwargs)

    return conn
--- a/salt/utils/openstack/nova.py
+++ b/salt/utils/openstack/nova.py
@ -241,7 +241,7 @@ class SaltNova(object):
                           os_auth_plugin=os_auth_plugin,
                           **kwargs)

-    def _new_init(self, username, project_id, auth_url, region_name, password, os_auth_plugin, auth=None, **kwargs):
+    def _new_init(self, username, project_id, auth_url, region_name, password, os_auth_plugin, auth=None, verify=True, **kwargs):
        if auth is None:
            auth = {}

@ -281,7 +281,7 @@ class SaltNova(object):

        self.client_kwargs = sanatize_novaclient(self.client_kwargs)
        options = loader.load_from_options(**self.kwargs)
-        self.session = keystoneauth1.session.Session(auth=options)
+        self.session = keystoneauth1.session.Session(auth=options, verify=verify)
        conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
        self.kwargs['auth_token'] = conn.client.session.get_token()
        self.catalog = conn.client.session.get('/auth/catalog', endpoint_filter={'service_type': 'identity'}).json().get('catalog', [])