From 32e2ad973be1ff496583ee5c8675cc451fa89ec6 Mon Sep 17 00:00:00 2001
From: "chen, hao" <Chenh1987@gmail.com>
Date: Tue, 9 Aug 2016 14:25:45 -0700
Subject: [PATCH] Allow setting "insecure" in neutron_lbaas.conf

Keystone deployments can be on self signed certs, which will fail
on verifying the cert on client side. This patch allows an user
to turn off cert verification.

Change-Id: I7db3c7f9dd5c2f8b0ff4da65eefaf6cd95a5c671
Partially-Closes: #1611509
(cherry picked from commit 56c7669dcfbd5e209d4bcd8233117f6cf1bd28f2)
---
 neutron_lbaas/common/keystone.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/neutron_lbaas/common/keystone.py b/neutron_lbaas/common/keystone.py
index 82905b2c1..d7f925010 100644
--- a/neutron_lbaas/common/keystone.py
+++ b/neutron_lbaas/common/keystone.py
@@ -76,6 +76,11 @@ OPTS = [
         'endpoint_type',
         default='public',
         help=_('The endpoint_type to be used')
+    ),
+    cfg.BoolOpt(
+        'insecure',
+        default=False,
+        help=_('Disable server certificate verification')
     )
 ]
 
@@ -92,6 +97,7 @@ def get_session():
     if not _SESSION:
 
         auth_url = cfg.CONF.service_auth.auth_url
+        insecure = cfg.CONF.service_auth.insecure
         kwargs = {'auth_url': auth_url,
                   'username': cfg.CONF.service_auth.admin_user,
                   'password': cfg.CONF.service_auth.admin_password}
@@ -111,7 +117,7 @@ def get_session():
 
         try:
             kc = client.Password(**kwargs)
-            _SESSION = session.Session(auth=kc)
+            _SESSION = session.Session(auth=kc, verify=not insecure)
         except Exception:
             with excutils.save_and_reraise_exception():
                 LOG.exception(_LE("Error creating Keystone session."))