Don't hide cacert when insecure == False

Currently 'insecure' wins over 'cacert' when both are provided in an
os_cloud_config config during verify argument computation which means
cacert is wrongly hidden when 'insecure' is provided and equals to
False.

This change sets verify to:
 * False when insecure is True
 * cacert when cacert is provided and insecure is False or not provided

Change-Id: Iecec08fd4a80121b2e20ac65e5ba4c7ef5201935

openstack/connection.py

@@ -140,8 +140,9 @@ def from_config(cloud_name=None, cloud_config=None, options=None):
         auth['verify'] = auth.pop('cacert')
     if 'cacert' in cloud_config.config:
         auth['verify'] = cloud_config.config['cacert']
-    if 'insecure' in cloud_config.config:
+    insecure = cloud_config.config.get('insecure', False)
-        auth['verify'] = not bool(cloud_config.config['insecure'])
+    if insecure:
+        auth['verify'] = False
 
     cert = cloud_config.config.get('cert')
     if cert:

openstack/tests/unit/test_connection.py

@@ -25,6 +25,7 @@ CONFIG_AUTH_URL = "http://127.0.0.1:5000/v2.0"
 CONFIG_USERNAME = "BozoTheClown"
 CONFIG_PASSWORD = "TopSecret"
 CONFIG_PROJECT = "TheGrandPrizeGame"
+CONFIG_CACERT = "TrustMe"
 
 CLOUD_CONFIG = """
 clouds:
@@ -35,8 +36,25 @@ clouds:
       username: {username}
       password: {password}
       project_name: {project}
+  insecure:
+    auth:
+      auth_url: {auth_url}
+      username: {username}
+      password: {password}
+      project_name: {project}
+    cacert: {cacert}
+    insecure: True
+  cacert:
+    auth:
+      auth_url: {auth_url}
+      username: {username}
+      password: {password}
+      project_name: {project}
+    cacert: {cacert}
+    insecure: False
 """.format(auth_url=CONFIG_AUTH_URL, username=CONFIG_USERNAME,
-           password=CONFIG_PASSWORD, project=CONFIG_PROJECT)
+           password=CONFIG_PASSWORD, project=CONFIG_PROJECT,
+           cacert=CONFIG_CACERT)
 
 
 class TestConnection(base.TestCase):
@@ -172,6 +190,15 @@ class TestConnection(base.TestCase):
         # up URLs with it.
         self.assertEqual("v" + version, pref.version)
 
+    def test_from_config_verify(self):
+        self._prepare_test_config()
+
+        sot = connection.from_config(cloud_name="insecure")
+        self.assertFalse(sot.session.verify)
+
+        sot = connection.from_config(cloud_name="cacert")
+        self.assertEqual(CONFIG_CACERT, sot.session.verify)
+
     def test_authorize_works(self):
         fake_session = mock.Mock()
         fake_headers = {'X-Auth-Token': 'FAKE_TOKEN'}