From abdfc35f37520f94f7d6b99c1bc786a9120aa11c Mon Sep 17 00:00:00 2001
From: Chuck Short <chucks@redhat.com>
Date: Tue, 31 Jul 2018 09:45:22 -0400
Subject: [PATCH] tintri: Enable SSL with requests

SSL requests are not being verified when contacting the
REST API. Use the driver_ssl_cert_verify config option
to turn on or off. Defaults to False.

Change-Id: I3a40a5865cfed8e29dd58d31d955840ec6370a69
Signed-off-by: Chuck Short <chucks@redhat.com>
(cherry picked from commit 7d85fa9a0cc484af24a688f6db568e15d82acaa0)
---
 cinder/volume/drivers/tintri.py | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/cinder/volume/drivers/tintri.py b/cinder/volume/drivers/tintri.py
index 63bf80e9b54..d82dae3e66c 100644
--- a/cinder/volume/drivers/tintri.py
+++ b/cinder/volume/drivers/tintri.py
@@ -113,6 +113,9 @@ class TintriDriver(driver.ManageableVD,
         self._api_version = getattr(self.configuration, 'tintri_api_version')
         self._image_cache_expiry = getattr(self.configuration,
                                            'tintri_image_cache_expiry_days')
+        self.verify_ssl = getattr(self.configuration, 'driver_ssl_cert_verify')
+        self.ssl_cert_path = getattr(self.configuration,
+                                     'driver_ssl_cert_path')
 
     def get_pool(self, volume):
         """Returns pool name where volume resides.
@@ -841,24 +844,31 @@ class TClient(object):
         url = self.api_url + api
 
         return requests.get(url, headers=self.headers,
-                            params=query, verify=False)
+                            params=query, verify=self.verify_ssl,
+                            cert=self.ssl_cert_path)
 
     def delete(self, api):
         url = self.api_url + api
 
-        return requests.delete(url, headers=self.headers, verify=False)
+        return requests.delete(url, headers=self.headers,
+                               verify=self.verify_ssl,
+                               cert=self.ssl_cert_path)
 
     def put(self, api, payload):
         url = self.api_url + api
 
         return requests.put(url, data=json.dumps(payload),
-                            headers=self.headers, verify=False)
+                            headers=self.headers,
+                            verify=self.verify_ssl,
+                            cert=self.ssl_cert_path)
 
     def post(self, api, payload):
         url = self.api_url + api
 
         return requests.post(url, data=json.dumps(payload),
-                             headers=self.headers, verify=False)
+                             headers=self.headers,
+                             verify=self.verify_ssl,
+                             cert=self.ssl_cert_path)
 
     def login(self, username, password):
         # Payload, header and URL for login
@@ -872,7 +882,9 @@ class TClient(object):
         url = self.api_url + '/' + self.api_version + '/session/login'
 
         r = requests.post(url, data=json.dumps(payload),
-                          headers=headers, verify=False)
+                          headers=headers,
+                          verify=self.verify_ssl,
+                          cert=self.ssl_cert_path)
 
         if r.status_code != 200:
             msg = _('Failed to login for user %s.') % username
@@ -883,7 +895,9 @@ class TClient(object):
     def logout(self):
         url = self.api_url + '/' + self.api_version + '/session/logout'
 
-        requests.get(url, headers=self.headers, verify=False)
+        requests.get(url, headers=self.headers,
+                     verify=self.verify_ssl,
+                     cert=self.ssl_cert_path)
 
     @staticmethod
     def _remove_prefix(volume_path, prefix):