From d01d6007e59f85de38daac70ce1190aa4378b5c3 Mon Sep 17 00:00:00 2001
From: Martin Kopec <mkopec@redhat.com>
Date: Tue, 22 Dec 2020 16:01:09 +0000
Subject: [PATCH] Get ssl opts to every service class

Service base class will accept kwargs so that services
such as orchestration can set their ssl related opts
properly.

Change-Id: I6da5e0a5430363466a4f427e4cb03311c0534464
---
 config_tempest/main.py                   | 3 +--
 config_tempest/services/base.py          | 3 ++-
 config_tempest/services/identity.py      | 5 +++--
 config_tempest/services/image.py         | 6 ------
 config_tempest/services/orchestration.py | 8 ++++----
 config_tempest/services/services.py      | 3 ++-
 6 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/config_tempest/main.py b/config_tempest/main.py
index 59363e84..2f2ea09a 100755
--- a/config_tempest/main.py
+++ b/config_tempest/main.py
@@ -87,8 +87,7 @@ def load_basic_defaults(conf):
             ("project_name", "demo"),
             ("alt_username", "alt_demo_tempestconf"),
             ("alt_password", "secrete"),
-            ("alt_project_name", "alt_demo"),
-            ("disable_ssl_certificate_validation", "true")
+            ("alt_project_name", "alt_demo")
         ],
         "scenario": [
             ("img_dir", "etc")
diff --git a/config_tempest/services/base.py b/config_tempest/services/base.py
index 234185e2..b977c81d 100644
--- a/config_tempest/services/base.py
+++ b/config_tempest/services/base.py
@@ -33,12 +33,13 @@ class ServiceError(Exception):
 
 class Service(object):
     def __init__(self, name, s_type, service_url, token,
-                 disable_ssl_validation, client=None):
+                 disable_ssl_validation, client=None, **kwargs):
         self.name = name
         self.s_type = s_type
         self.service_url = service_url
         self.headers = {'Accept': 'application/json', 'X-Auth-Token': token}
         self.disable_ssl_validation = disable_ssl_validation
+        self.ca_certs = kwargs.get('ca_certs', None)
         self.client = client
 
         self.extensions = []
diff --git a/config_tempest/services/identity.py b/config_tempest/services/identity.py
index f3def83f..25039721 100644
--- a/config_tempest/services/identity.py
+++ b/config_tempest/services/identity.py
@@ -24,9 +24,10 @@ from config_tempest.services.base import VersionedService
 
 class IdentityService(VersionedService):
     def __init__(self, name, s_type, service_url, token,
-                 disable_ssl_validation, client=None):
+                 disable_ssl_validation, client=None, **kwargs):
         super(IdentityService, self).__init__(
-            name, s_type, service_url, token, disable_ssl_validation, client)
+            name, s_type, service_url, token, disable_ssl_validation,
+            client, **kwargs)
         self.extensions_v3 = []
         version = ''
         if 'v2' in self.service_url:
diff --git a/config_tempest/services/image.py b/config_tempest/services/image.py
index fea130f2..020ecf42 100644
--- a/config_tempest/services/image.py
+++ b/config_tempest/services/image.py
@@ -28,12 +28,6 @@ from config_tempest.services.base import VersionedService
 
 class ImageService(VersionedService):
 
-    def __init__(self, name, s_type, service_url, token,
-                 disable_ssl_validation, client=None):
-        super(ImageService, self).__init__(name, s_type, service_url, token,
-                                           disable_ssl_validation,
-                                           client)
-
     def set_image_preferences(self, disk_format, non_admin, no_rng=False,
                               convert=False):
         """Sets image prefferences.
diff --git a/config_tempest/services/orchestration.py b/config_tempest/services/orchestration.py
index 80645fa7..2dd49fcb 100644
--- a/config_tempest/services/orchestration.py
+++ b/config_tempest/services/orchestration.py
@@ -53,10 +53,6 @@ class OrchestrationService(Service):
             domain_name = conf.get('auth', 'admin_domain_name')
             conf.set(sec, 'project_domain_name', domain_name)
             conf.set(sec, 'user_domain_name', domain_name)
-
-            # should be set to True if using self-signed SSL certificates which
-            # is a general case
-            conf.set(sec, 'disable_ssl_certificate_validation', 'True')
         except configparser.NoOptionError:
             LOG.warning("Be aware that an option required for "
                         "heat_tempest_plugin cannot be set!")
@@ -102,6 +98,10 @@ class OrchestrationService(Service):
                         username)
 
     def post_configuration(self, conf, is_service):
+        conf.set('heat_plugin', 'disable_ssl_certificate_validation',
+                 str(self.disable_ssl_validation))
+        if self.ca_certs:
+            conf.set('heat_plugin', 'ca_file', self.ca_certs)
         if conf.has_section('compute'):
             compute_options = conf.options('compute')
             if 'flavor_ref' in compute_options:
diff --git a/config_tempest/services/services.py b/config_tempest/services/services.py
index 9b887692..c4fe899d 100644
--- a/config_tempest/services/services.py
+++ b/config_tempest/services/services.py
@@ -109,7 +109,8 @@ class Services(object):
                     service = s_class(s_name, s_type, url, self.token,
                                       self._ssl_validation,
                                       self._clients.get_service_client(
-                                          s_type))
+                                          s_type),
+                                      ca_certs=self._creds.ca_certs)
                     # discover extensions of the service
                     service.set_extensions()