From 574e9d5f383fd8551fefcbd604e916d7bff6427c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Ole=C5=9B?= <loles@mirantis.com>
Date: Mon, 8 Apr 2013 11:54:00 +0400
Subject: [PATCH] Allow insecure authentication Pass through the value of
 OPENSTACK_SSL_NO_VERIFY from settings.py to keystoneclient. This allows
 connecting to servers with self-signed or otherwise invalid certificates for
 testing purposes. It extends commit 8759ad4804271d0f86eed514a8007157f44d4ba4

---
 openstack_auth/user.py  | 6 +++++-
 openstack_auth/views.py | 8 ++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index d8ca142..af49ef6 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -2,6 +2,7 @@ import hashlib
 import logging
 
 from django.contrib.auth.models import AnonymousUser
+from django.conf import settings
 
 from keystoneclient.v2_0 import client as keystone_client
 from keystoneclient import exceptions as keystone_exceptions
@@ -118,13 +119,16 @@ class User(AnonymousUser):
     @property
     def authorized_tenants(self):
         """ Returns a memoized list of tenants this user may access. """
+        insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
+
         if self.is_authenticated() and self._authorized_tenants is None:
             endpoint = self.endpoint
             token = self.token
             try:
                 client = keystone_client.Client(username=self.username,
                                                 auth_url=endpoint,
-                                                token=token.id)
+                                                token=token.id,
+                                                insecure=insecure)
                 self._authorized_tenants = client.tenants.list()
             except (keystone_exceptions.ClientException,
                     keystone_exceptions.AuthorizationFailure):
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index 71e0806..e497f58 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -80,12 +80,14 @@ def logout(request):
 
 
 def delete_all_tokens(token_list):
+    insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
     for token_tuple in token_list:
         try:
             endpoint = token_tuple[0]
             token = token_tuple[1]
             client = keystone_client.Client(endpoint=endpoint,
-                                            token=token)
+                                            token=token,
+                                            insecure=insecure)
             client.tokens.delete(token=token)
         except keystone_exceptions.ClientException as e:
             LOG.info('Could not delete token')
@@ -96,8 +98,10 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
     """ Switches an authenticated user from one tenant to another. """
     LOG.debug('Switching to tenant %s for user "%s".'
               % (tenant_id, request.user.username))
+    insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
     endpoint = request.user.endpoint
-    client = keystone_client.Client(endpoint=endpoint)
+    client = keystone_client.Client(endpoint=endpoint,
+                                    insecure=insecure)
     try:
         token = client.tokens.authenticate(tenant_id=tenant_id,
                                         token=request.user.token.id)