Set https connection verify flag from config

It was not a good idea to set verify=False for all https connection.
It's better to parse value from config and set verify flag with it.

Change-Id: Ied057aba6dc23024561f349130ab862b1ddddd60
This commit is contained in:
Andrey Pavlov 2016-02-09 12:47:25 +03:00
parent 6a5c1cdfea
commit ea4cab81f7
2 changed files with 6 additions and 4 deletions

View File

@ -14,6 +14,7 @@
# under the License.
import botocore.session
from oslo_config import types
def _get_client(client_name, url, region, access, secret, ca_bundle):
@ -29,9 +30,10 @@ def _get_client(client_name, url, region, access, secret, ca_bundle):
'aws_secret_access_key': secret
}
if ca_bundle:
kwargs['verify'] = ca_bundle
else:
kwargs['verify'] = False
try:
kwargs['verify'] = types.Boolean()(ca_bundle)
except Exception:
kwargs['verify'] = ca_bundle
return session.create_client(client_name, **kwargs)

View File

@ -28,7 +28,7 @@ AWSGroup = [
cfg.StrOpt('ca_bundle',
default=None,
help="The CA certificate bundle to use when verifying "
"SSL certificates."),
"SSL certificates. Or True/False to pass to botocore."),
cfg.StrOpt('aws_secret',
default=None,
help="AWS Secret Key",