From d32cdc0edc65214e2789633fd1ec82f9d627e60d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 14 Apr 2014 18:51:56 -0400
Subject: [PATCH] Heat client does not support OS_CACERT option

This option is standard in OpenStack clients to pass in the
location of any extra CA certificate bundle needed to
negotiate an SSL connection with SSL-secured services.

Change-Id: If675b36bf6bbd1df216277129b147c32555de0d0
Closes-Bug: 1308087
---
 heatclient/shell.py       | 11 ++++++++++-
 heatclient/tests/fakes.py |  2 ++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/heatclient/shell.py b/heatclient/shell.py
index badb72ad..22173f56 100644
--- a/heatclient/shell.py
+++ b/heatclient/shell.py
@@ -72,6 +72,13 @@ class HeatShell(object):
                             "certificate authorities. "
                             "This option should be used with caution.")
 
+        parser.add_argument('--os-cacert',
+                            metavar='<ca-certificate>',
+                            default=utils.env('OS_CACERT', default=None),
+                            help='Specify a CA bundle file to use in '
+                            'verifying a TLS (https) server certificate. '
+                            'Defaults to env[OS_CACERT]')
+
         parser.add_argument('--cert-file',
                             help='Path of certificate file to use in SSL '
                             'connection. This file can optionally be '
@@ -245,7 +252,8 @@ class HeatShell(object):
         :param token: token to use instead of username/password
         """
         kc_args = {'auth_url': kwargs.get('auth_url'),
-                   'insecure': kwargs.get('insecure')}
+                   'insecure': kwargs.get('insecure'),
+                   'cacert': kwargs.get('cacert')}
 
         if kwargs.get('tenant_id'):
             kc_args['tenant_id'] = kwargs.get('tenant_id')
@@ -353,6 +361,7 @@ class HeatShell(object):
             'service_type': args.os_service_type,
             'endpoint_type': args.os_endpoint_type,
             'insecure': args.insecure,
+            'cacert': args.os_cacert,
             'include_pass': args.include_password
         }
 
diff --git a/heatclient/tests/fakes.py b/heatclient/tests/fakes.py
index 5e8c4416..f0c6ba00 100644
--- a/heatclient/tests/fakes.py
+++ b/heatclient/tests/fakes.py
@@ -21,11 +21,13 @@ def script_keystone_client(token=None):
     if token:
         ksclient.Client(auth_url='http://no.where',
                         insecure=False,
+                        cacert=None,
                         tenant_id='tenant_id',
                         token=token).AndReturn(FakeKeystone(token))
     else:
         ksclient.Client(auth_url='http://no.where',
                         insecure=False,
+                        cacert=None,
                         password='password',
                         tenant_name='tenant_name',
                         username='username').AndReturn(FakeKeystone(