Unity: Enable ssl verification

This commit allow user to enable ssl verification on demand for the
Unity Cinder driver.

Change-Id: Iaaa498a377edae873c489b6a5818923e16d594f0

cinder/tests/unit/volume/drivers/dell_emc/unity/test_adapter.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2016 Dell Inc. or its subsidiaries.
+# Copyright (c) 2016 - 2018 Dell Inc. or its subsidiaries.
 # All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -43,7 +43,7 @@ class MockConfig(object):
         self.san_ip = '1.2.3.4'
         self.san_login = 'user'
         self.san_password = 'pass'
-        self.driver_ssl_cert_verify = False
+        self.driver_ssl_cert_verify = True
         self.driver_ssl_cert_path = None
 
     def safe_get(self, name):
@@ -412,7 +412,7 @@ class CommonAdapterTest(test.TestCase):
         self.assertEqual('1.2.3.4', self.adapter.ip)
         self.assertEqual('user', self.adapter.username)
         self.assertEqual('pass', self.adapter.password)
-        self.assertFalse(self.adapter.array_cert_verify)
+        self.assertTrue(self.adapter.array_cert_verify)
         self.assertIsNone(self.adapter.array_ca_cert_path)
 
     def test_do_setup_version_before_4_1(self):

cinder/volume/drivers/dell_emc/unity/adapter.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2016 Dell Inc. or its subsidiaries.
+# Copyright (c) 2016 - 2018 Dell Inc. or its subsidiaries.
 # All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -152,9 +152,8 @@ class CommonAdapter(object):
         self.ip = self.config.san_ip
         self.username = self.config.san_login
         self.password = self.config.san_password
-        # Unity currently not support to upload certificate.
-        # Once it supports, enable the verify.
-        self.array_cert_verify = False
+        # Allow for customized CA
+        self.array_cert_verify = self.config.driver_ssl_cert_verify
         self.array_ca_cert_path = self.config.driver_ssl_cert_path
 
         sys_version = self.client.system.system_version

doc/source/configuration/block-storage/drivers/dell-emc-unity-driver.rst

@@ -274,6 +274,35 @@ not efficient since a cloned volume will be created during backup.
 An effective approach to backups is to create a snapshot for the volume and
 connect this snapshot to the Block Storage host for volume backup.
 
+SSL support
+~~~~~~~~~~~
+
+Admin is able to enable the SSL verification for any communication against
+Unity REST API.
+
+By default, the SSL verification is disabled, user can enable it by following
+steps:
+
+#. Setup the Unity array certificate and import it to the Unity, see section
+   `Storage system certificate` of `Security Configuration Guide <https://www.emc.com/collateral/TechnicalDocument/docu69321.pdf>`_.
+
+#. Import the CA certficate to the Cinder nodes on which the driver is running.
+
+#. Enable the changes on cinder nodes and restart the cinder services.
+
+.. code-block:: ini
+
+     [unity]
+     ...
+     driver_ssl_cert_verify = True
+     driver_ssl_cert_path = <path to the CA>
+     ...
+
+
+If `driver_ssl_cert_path` is omitted, the system default CA will be used for CA
+verification.
+
+
 IPv6 support
 ~~~~~~~~~~~~
 

releasenotes/notes/unity-enable-ssl-14db2497225c4395.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - Dell EMC Unity Cinder driver allows enabling/disabling the SSL verification.
+    Admin can set `True` or `False` for `driver_ssl_cert_verify` to enable
+    or disable this function, alternatively set the
+    `driver_ssl_cert_path=<PATH>` for customized CA path.
+    Both above 2 options should go under the driver section.