From aba14a4ccde177141b6314b9fafafb0868b84400 Mon Sep 17 00:00:00 2001
From: Matt Borland <matt.borland@hpe.com>
Date: Thu, 4 Aug 2016 08:54:10 -0600
Subject: [PATCH] LBaaS dashboard resepects OPENSTACK_SSL settings

Currently when creating a session, the LBaaS dashboard API doesn't respect
OPENSTACK_SSL_NO_VERIFY and OPENSTACK_SSL_CACERT.  This patch directly
addresses that by checking those values, then applying the appropriate logic
for passing into the 'verify' parameter when creating a Session.

Change-Id: Ie452b32353e1430127994644725723ec917602d0
Closes-Bug: 1609843
---
 neutron_lbaas_dashboard/api/rest/barbican.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/neutron_lbaas_dashboard/api/rest/barbican.py b/neutron_lbaas_dashboard/api/rest/barbican.py
index 86e24ff3..06156239 100644
--- a/neutron_lbaas_dashboard/api/rest/barbican.py
+++ b/neutron_lbaas_dashboard/api/rest/barbican.py
@@ -44,7 +44,13 @@ def barbicanclient(request):
                              request.user.token.id,
                              project_id=project_id,
                              project_domain_id=domain_id)
-    return barbican_client.Client(session=session.Session(auth=auth),
+    insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
+    cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
+    # If 'insecure' is True, 'verify' is False in all cases; otherwise
+    # pass the cacert path if it is present, or True if no cacert.
+    verify = not insecure and (cacert or True)
+    return barbican_client.Client(session=session.Session(auth=auth,
+                                                          verify=verify),
                                   endpoint=endpoint,
                                   region_name=region)