Add --insecure in CURL if set True in client option

The CURL attribute is offen used as part of
the user data to signal back to heat in wait
handle. If the insecure option is set True in
the clients_heat option, we need to add
--insecure to the CURL url to make it work.

Change-Id: I153a9c71837ee61632e0cf39254bbbc66427b1de
Closes-Bug: #1505958

heat/engine/clients/os/heat_plugin.py

@@ -106,3 +106,6 @@ class HeatClientPlugin(client_plugin.ClientPlugin):
             six.text_type(cfg.CONF.heat_api_cloudwatch.bind_port))
         url_parts[-1] = '/'.join(port_and_version)
         return ':'.join(url_parts)
+
+    def get_insecure_option(self):
+        return self._get_client_option(CLIENT_NAME, 'insecure')

heat/engine/resources/openstack/heat/wait_condition_handle.py

@@ -175,12 +175,15 @@ class HeatWaitConditionHandle(wc_base.BaseWaitConditionHandle):
                 token = self.data().get('token')
                 if endpoint is None or token is None:
                     return None
-                return ("curl -i -X POST "
+                heat_client_plugin = self.stack.clients.client_plugin('heat')
+                insecure_option = heat_client_plugin.get_insecure_option()
+                return ("curl %(insecure)s-i -X POST "
                         "-H 'X-Auth-Token: %(token)s' "
                         "-H 'Content-Type: application/json' "
                         "-H 'Accept: application/json' "
                         "%(endpoint)s" %
-                        dict(token=token, endpoint=endpoint))
+                        dict(insecure="--insecure " if insecure_option else "",
+                             token=token, endpoint=endpoint))
 
     def get_status(self):
         # before we check status, we have to update the signal transports

heat/tests/openstack/heat/test_waitcondition.py

@@ -404,6 +404,9 @@ class HeatWaitConditionTest(common.HeatTestCase):
         self.m.StubOutWithMock(heat_plugin.HeatClientPlugin, 'get_heat_url')
         heat_plugin.HeatClientPlugin.get_heat_url().AndReturn(
             'foo/%s' % self.tenant_id)
+        self.m.StubOutWithMock(
+            heat_plugin.HeatClientPlugin, 'get_insecure_option')
+        heat_plugin.HeatClientPlugin.get_insecure_option().AndReturn(False)
         self.m.ReplayAll()
         handle = self._create_heat_handle()
         expected = ("curl -i -X POST -H 'X-Auth-Token: adomainusertoken' "
@@ -414,6 +417,24 @@ class HeatWaitConditionTest(common.HeatTestCase):
         self.assertEqual(expected, handle.FnGetAtt('curl_cli'))
         self.m.VerifyAll()
 
+    def test_getatt_curl_cli_insecure_true(self):
+        self.m.StubOutWithMock(heat_plugin.HeatClientPlugin, 'get_heat_url')
+        heat_plugin.HeatClientPlugin.get_heat_url().AndReturn(
+            'foo/%s' % self.tenant_id)
+        self.m.StubOutWithMock(
+            heat_plugin.HeatClientPlugin, 'get_insecure_option')
+        heat_plugin.HeatClientPlugin.get_insecure_option().AndReturn(True)
+        self.m.ReplayAll()
+        handle = self._create_heat_handle()
+        expected = (
+            "curl --insecure -i -X POST -H 'X-Auth-Token: adomainusertoken' "
+            "-H 'Content-Type: application/json' "
+            "-H 'Accept: application/json' "
+            "foo/aprojectid/stacks/test_stack/%s/resources/wait_handle"
+            "/signal" % self.stack_id)
+        self.assertEqual(expected, handle.FnGetAtt('curl_cli'))
+        self.m.VerifyAll()
+
     def test_getatt_signal_heat(self):
         handle = self._create_heat_handle(
             template=test_template_heat_waithandle_heat)