[openstackclient-cli] Use certificate when TLS-e is configured

When the Openstack auth-url is based on https, the openstack CLI commands should include `--os-cacert <path-to-cert-file>`, which can be extracted from the tobiko configuration. Change-Id: Ib62bd52ac2dfe1296bc9dfedb6450c2213bc2c7c
2024-01-23 17:40:18 +01:00 · 2024-01-23 17:40:18 +01:00 · d1ed7ca901
parent cf666804ef
commit d1ed7ca901
1 changed files with 5 additions and 0 deletions
--- a/tobiko/openstack/openstackclient/_client.py
+++ b/tobiko/openstack/openstackclient/_client.py
@ -19,12 +19,14 @@ import json

 from oslo_log import log

+from tobiko import config
 from tobiko.openstack import keystone
 from tobiko.openstack.openstackclient import _exception
 from tobiko.shell import sh
 import tobiko.tripleo


+CONF = config.CONF
 LOG = log.getLogger(__name__)


@ -66,6 +68,9 @@ def _param_list(*args, **kwargs):
        tmp_auth['os-project-domain-id'] = credentials.project_domain_id
        if credentials.api_version == 3:
            tmp_auth['os-identity-api-version'] = credentials.api_version
+        if 'https://' in credentials.auth_url and not credentials.cacert:
+            tmp_auth['os-cacert'] = \
+                CONF.tobiko.tripleo.undercloud_cacert_file
        for key, val in tmp_auth.items():
            if val:
                kwargs[key] = val