From bc495c3dc9e644a37324fc5025efbd6669e0436d Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk <mehdi.abaakouk@enovance.com>
Date: Tue, 16 Jul 2013 13:01:57 +0200
Subject: [PATCH] alarm: Per user setting to disable ssl verify

This allows the user to disable ssl verification via a query string
parameter in the action url.

example of action:
 https://unstrusted-ssl-host/?ceilometer-alarm-ssl-verify=0

Change-Id: I12294aa191ff4dfa5adaf2e24419bdfca70e8726
Blueprint: alarm-notifier
---
 ceilometer/alarm/notifier/rest.py |  7 +++++-
 tests/alarm/test_notifier.py      | 38 +++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/ceilometer/alarm/notifier/rest.py b/ceilometer/alarm/notifier/rest.py
index 394afd220..8f2d575fd 100644
--- a/ceilometer/alarm/notifier/rest.py
+++ b/ceilometer/alarm/notifier/rest.py
@@ -19,6 +19,7 @@
 
 import eventlet
 import requests
+import urlparse
 
 from oslo.config import cfg
 
@@ -58,7 +59,11 @@ class RestAlarmNotifier(notifier.AlarmNotifier):
         kwargs = {'data': jsonutils.dumps(body)}
 
         if action.scheme == 'https':
-            kwargs['verify'] = cfg.CONF.alarm.rest_notifier_ssl_verify
+            default_verify = int(cfg.CONF.alarm.rest_notifier_ssl_verify)
+            options = urlparse.parse_qs(action.query)
+            verify = bool(int(options.get('ceilometer-alarm-ssl-verify',
+                                          [default_verify])[-1]))
+            kwargs['verify'] = verify
 
             cert = cfg.CONF.alarm.rest_notifier_certificate_file
             key = cfg.CONF.alarm.rest_notifier_certificate_key
diff --git a/tests/alarm/test_notifier.py b/tests/alarm/test_notifier.py
index ac09bf64b..0eb9d35b6 100644
--- a/tests/alarm/test_notifier.py
+++ b/tests/alarm/test_notifier.py
@@ -157,6 +157,44 @@ class TestAlarmNotifier(base.TestCase):
                                           'state': 'ALARM',
                                       })
 
+    def test_notify_alarm_rest_action_with_ssl_verify_disable(self):
+        action = 'https://host/action?ceilometer-alarm-ssl-verify=0'
+        data_json = '{"state": "ALARM", "reason": "what ?"}'
+
+        self.mox.StubOutWithMock(requests, "post")
+        requests.post(action, data=data_json, verify=False)
+        self.mox.ReplayAll()
+
+        with mock.patch('eventlet.spawn_n', self._fake_spawn_n):
+            self.service.notify_alarm(context.get_admin_context(),
+                                      {
+                                          'actions': [action],
+                                          'alarm': {'name': 'foobar'},
+                                          'condition': {'threshold': 42},
+                                          'reason': 'what ?',
+                                          'state': 'ALARM',
+                                      })
+
+    def test_notify_alarm_rest_action_with_ssl_verify_enable_by_user(self):
+        action = 'https://host/action?ceilometer-alarm-ssl-verify=1'
+        data_json = '{"state": "ALARM", "reason": "what ?"}'
+
+        cfg.CONF.set_override("rest_notifier_ssl_verify", False,
+                              group='alarm')
+        self.mox.StubOutWithMock(requests, "post")
+        requests.post(action, data=data_json, verify=True)
+        self.mox.ReplayAll()
+
+        with mock.patch('eventlet.spawn_n', self._fake_spawn_n):
+            self.service.notify_alarm(context.get_admin_context(),
+                                      {
+                                          'actions': [action],
+                                          'alarm': {'name': 'foobar'},
+                                          'condition': {'threshold': 42},
+                                          'reason': 'what ?',
+                                          'state': 'ALARM',
+                                      })
+
     @staticmethod
     def _fake_urlsplit(*args, **kwargs):
         raise Exception("Evil urlsplit!")