From 2494c1f920d15a60b4efe5fb00c98721246c9234 Mon Sep 17 00:00:00 2001
From: ptoohill1 <phillip.toohill@rackspace.com>
Date: Thu, 17 Sep 2015 00:52:46 -0500
Subject: [PATCH] Make keystone verify configurable

In some cases, such as test environements, it is required
to run with an insecure keystone connection. Allow for a
configuration option to set the verify flag.

Change-Id: I4b0658322b5d737b116d5659551fb2fe4f9e68a1
---
 etc/octavia.conf           | 1 +
 octavia/common/keystone.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/etc/octavia.conf b/etc/octavia.conf
index fbf80d3934..993ce11cdf 100644
--- a/etc/octavia.conf
+++ b/etc/octavia.conf
@@ -51,6 +51,7 @@
 # admin_user = octavia
 # admin_password = password
 # admin_tenant_name = service
+# insecure = False
 
 [keystone_authtoken_v3]
 # If using Keystone v3
diff --git a/octavia/common/keystone.py b/octavia/common/keystone.py
index fa358e57bc..474b346045 100644
--- a/octavia/common/keystone.py
+++ b/octavia/common/keystone.py
@@ -60,7 +60,8 @@ def get_session():
 
         try:
             kc = client.Password(**kwargs)
-            _SESSION = session.Session(auth=kc)
+            _SESSION = session.Session(
+                auth=kc, verify=not cfg.CONF.keystone_authtoken.insecure)
         except Exception:
             with excutils.save_and_reraise_exception():
                 LOG.exception(_LE("Error creating Keystone session."))