Set https connection verify flag from config
It was not a good idea to set verify=False for all https connection. It's better to parse value from config and set verify flag with it. Change-Id: Ied057aba6dc23024561f349130ab862b1ddddd60
This commit is contained in:
parent
6a5c1cdfea
commit
ea4cab81f7
|
@ -14,6 +14,7 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import botocore.session
|
import botocore.session
|
||||||
|
from oslo_config import types
|
||||||
|
|
||||||
|
|
||||||
def _get_client(client_name, url, region, access, secret, ca_bundle):
|
def _get_client(client_name, url, region, access, secret, ca_bundle):
|
||||||
|
@ -29,9 +30,10 @@ def _get_client(client_name, url, region, access, secret, ca_bundle):
|
||||||
'aws_secret_access_key': secret
|
'aws_secret_access_key': secret
|
||||||
}
|
}
|
||||||
if ca_bundle:
|
if ca_bundle:
|
||||||
|
try:
|
||||||
|
kwargs['verify'] = types.Boolean()(ca_bundle)
|
||||||
|
except Exception:
|
||||||
kwargs['verify'] = ca_bundle
|
kwargs['verify'] = ca_bundle
|
||||||
else:
|
|
||||||
kwargs['verify'] = False
|
|
||||||
return session.create_client(client_name, **kwargs)
|
return session.create_client(client_name, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ AWSGroup = [
|
||||||
cfg.StrOpt('ca_bundle',
|
cfg.StrOpt('ca_bundle',
|
||||||
default=None,
|
default=None,
|
||||||
help="The CA certificate bundle to use when verifying "
|
help="The CA certificate bundle to use when verifying "
|
||||||
"SSL certificates."),
|
"SSL certificates. Or True/False to pass to botocore."),
|
||||||
cfg.StrOpt('aws_secret',
|
cfg.StrOpt('aws_secret',
|
||||||
default=None,
|
default=None,
|
||||||
help="AWS Secret Key",
|
help="AWS Secret Key",
|
||||||
|
|
Loading…
Reference in New Issue