From 6e0d1145463fecdbd3be01f56bf008d4abe1b724 Mon Sep 17 00:00:00 2001
From: SharpRazor <bjcb@cn.ibm.com>
Date: Wed, 20 Dec 2017 17:29:56 +0800
Subject: [PATCH] set up ca file configuration in drver

add 3 items in configuration file:zvm_ssl_enabled, zvm_verify_enabled
and zvm_ca_file.

Change-Id: I1adc33882689513865bb850618e558a09810ccfe
---
 nova_zvm/virt/zvm/conf.py  |  7 +++++++
 nova_zvm/virt/zvm/utils.py | 15 ++++++++++++++-
 requirements.txt           |  2 +-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/nova_zvm/virt/zvm/conf.py b/nova_zvm/virt/zvm/conf.py
index ac8a73b..fa7f5d1 100644
--- a/nova_zvm/virt/zvm/conf.py
+++ b/nova_zvm/virt/zvm/conf.py
@@ -49,6 +49,13 @@ Possible Values:
     but it will vary depending on instance and system load.
     A value of 0 is used for debug. In this case the underlying z/VM guest
     will not be deleted when the instance is marked in ERROR state.
+"""),
+    cfg.StrOpt('zvm_ca_file',
+               default=None,
+               help="""
+CA certificate file to be verified in httpd server
+
+A string, it must be a path to a CA bundle to use.
 """),
     ]
 
diff --git a/nova_zvm/virt/zvm/utils.py b/nova_zvm/virt/zvm/utils.py
index 2b7470c..eb2b991 100644
--- a/nova_zvm/virt/zvm/utils.py
+++ b/nova_zvm/virt/zvm/utils.py
@@ -45,7 +45,20 @@ class zVMConnectorRequestHandler(object):
 
     def __init__(self):
         _url = urlparse.urlparse(CONF.zvm_cloud_connector_url)
-        self._conn = connector.ZVMConnector(_url.hostname, _url.port)
+        _ca_file = CONF.zvm_ca_file
+        if _url.scheme == 'https':
+            _ssl_enabled = True
+        else:
+            _ssl_enabled = False
+
+        if _ssl_enabled and _ca_file:
+            self._conn = connector.ZVMConnector(_url.hostname, _url.port,
+                                                ssl_enabled=_ssl_enabled,
+                                                verify=_ca_file)
+        else:
+            self._conn = connector.ZVMConnector(_url.hostname, _url.port,
+                                                ssl_enabled=_ssl_enabled,
+                                                verify=False)
 
     def call(self, func_name, *args, **kwargs):
         results = self._conn.send_request(func_name, *args, **kwargs)
diff --git a/requirements.txt b/requirements.txt
index 061886f..ba91461 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,4 +9,4 @@ oslo.service>=1.10.0 # Apache-2.0
 oslo.utils>=3.20.0 # Apache-2.0
 six>=1.9.0
 
-zVMCloudConnector>=0.3.2  # Apache 2.0 License
+zVMCloudConnector>=0.3.3  # Apache 2.0 License