Support https keystone CA checking in volume quotas

Currently connecting to https secured keystone instance mostly fail in cinder quotas, since neither CA certificate nor the insecure option is passed to keystone client. Fixing this by passing these options from keystone_authtoken, converting them to a verify option for the keystone session object. Change-Id: Ifd9214b837d87d7bf6d78406a8cef447c2b7c39e Closes-Bug: #1537783
2016-02-20 19:34:48 +01:00
parent a8afb66b31
commit 6c27d05d8f
1 changed files with 4 additions and 1 deletions
--- a/cinder/quota_utils.py
+++ b/cinder/quota_utils.py
@@ -232,6 +232,9 @@ def _keystone_client(context, version=(3, 0)):
        auth_url=CONF.keystone_authtoken.auth_uri,
        token=context.auth_token,
        project_id=context.project_id)
-    client_session = session.Session(auth=auth_plugin)
+    client_session = session.Session(auth=auth_plugin,
+                                     verify=False if
+                                     CONF.keystone_authtoken.insecure else
+                                     (CONF.keystone_authtoken.cafile or True))
    return client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
                         session=client_session, version=version)