From dcaf0cc51fe998ca6de89a82a3cdadd26131830b Mon Sep 17 00:00:00 2001
From: Radomir Dopieralski <openstack@dopieralski.pl>
Date: Fri, 19 Apr 2024 15:36:08 +0200
Subject: [PATCH] Respect SSL settings in placement API

Make the placement API client respect the OPENSTACK_SSL_NO_VERIFY and
OPENSTACK_SSL_CACERT configuration options, so that it can work properly
in TLS-everywhere deployments.

Change-Id: Id0bb085bdf411eef240c3d50da56016c0a1d075c
(cherry picked from commit 14212342cf8f7eb987e50de112958af31063e02e)
---
 openstack_dashboard/api/placement.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/openstack_dashboard/api/placement.py b/openstack_dashboard/api/placement.py
index 60c07d4ebe..98b51cd573 100644
--- a/openstack_dashboard/api/placement.py
+++ b/openstack_dashboard/api/placement.py
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from django.conf import settings
 from keystoneauth1 import adapter
 from keystoneauth1 import identity
 from keystoneauth1 import session
@@ -41,7 +42,15 @@ def make_adapter(request):
         project_name=request.user.project_name,
         project_domain_name=request.user.domain_id,
     )
-    return Adapter(session.Session(auth=auth), api_version="placement 1.6")
+    verify = True
+    if settings.OPENSTACK_SSL_NO_VERIFY:
+        verify = False
+    elif settings.OPENSTACK_SSL_CACERT:
+        verify = settings.OPENSTACK_SSL_CACERT
+    return Adapter(
+        session.Session(auth=auth, verify=verify),
+        api_version="placement 1.6",
+    )
 
 
 def _get_json(request, path):