From d1ed7ca9010e36ef19561efc507d57477996fe69 Mon Sep 17 00:00:00 2001 From: Eduardo Olivares Date: Tue, 23 Jan 2024 17:40:18 +0100 Subject: [PATCH] [openstackclient-cli] Use certificate when TLS-e is configured When the Openstack auth-url is based on https, the openstack CLI commands should include `--os-cacert `, which can be extracted from the tobiko configuration. Change-Id: Ib62bd52ac2dfe1296bc9dfedb6450c2213bc2c7c --- tobiko/openstack/openstackclient/_client.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tobiko/openstack/openstackclient/_client.py b/tobiko/openstack/openstackclient/_client.py index d7f2da268..ce0111258 100644 --- a/tobiko/openstack/openstackclient/_client.py +++ b/tobiko/openstack/openstackclient/_client.py @@ -19,12 +19,14 @@ import json from oslo_log import log +from tobiko import config from tobiko.openstack import keystone from tobiko.openstack.openstackclient import _exception from tobiko.shell import sh import tobiko.tripleo +CONF = config.CONF LOG = log.getLogger(__name__) @@ -66,6 +68,9 @@ def _param_list(*args, **kwargs): tmp_auth['os-project-domain-id'] = credentials.project_domain_id if credentials.api_version == 3: tmp_auth['os-identity-api-version'] = credentials.api_version + if 'https://' in credentials.auth_url and not credentials.cacert: + tmp_auth['os-cacert'] = \ + CONF.tobiko.tripleo.undercloud_cacert_file for key, val in tmp_auth.items(): if val: kwargs[key] = val