Fix CA file for API client

If a custom CA file is configured via OPENSTACK_SSL_CACERT, currently communication with Keystone will fail, since the session is not created using this CA file. This change fixes the issue by passing the path to the CA file to the keystoneauth session constructor. Change-Id: Iad1bdea97ed649cc3c8f042dc5dd147b989dfd0e Closes-Bug: #1873736 (cherry picked from commit 59ee1d59a1)
2020-09-04 15:10:49 +01:00 · 2020-09-04 15:10:49 +01:00 · 2fdf12524b
parent 8218814976
commit 2fdf12524b
2 changed files with 7 additions and 1 deletions
--- a/masakaridashboard/api/api.py
+++ b/masakaridashboard/api/api.py
@ -39,7 +39,8 @@ def openstack_connection(request, version=None):
        token=request.user.token.id,
        project_name=request.user.project_name,
        project_id=request.user.tenant_id)
-    session = ks_session.Session(auth=auth)
+    cacert = getattr(settings, 'OPENSTACK_SSL_CACERT')
+    session = ks_session.Session(auth=auth, verify=cacert or True)
    conn = connection.Connection(session=session,
                                 ha_api_version=version)

--- a/releasenotes/notes/fix-cacert-023407ba61a4bb7a.yaml
+++ b/releasenotes/notes/fix-cacert-023407ba61a4bb7a.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes an issue where the dashboard fails to load if communication with the
+    API requires a custom CA certificate.