Fix CA file for API client

If a custom CA file is configured via OPENSTACK_SSL_CACERT, currently communication with Keystone will fail, since the session is not created using this CA file. This change fixes the issue by passing the path to the CA file to the keystoneauth session constructor. Change-Id: Iad1bdea97ed649cc3c8f042dc5dd147b989dfd0e Closes-Bug: #1873736 (cherry picked from commit 59ee1d59a1)
2020-09-04 15:10:49 +01:00 · 2020-09-04 15:10:49 +01:00 · d4c4665d00
parent 9ab2779484
commit d4c4665d00
2 changed files with 7 additions and 1 deletions
--- a/masakaridashboard/api/api.py
+++ b/masakaridashboard/api/api.py
@ -39,7 +39,8 @@ def openstack_connection(request, version=None):
        token=request.user.token.id,
        project_name=request.user.project_name,
        project_id=request.user.tenant_id)
-    session = ks_session.Session(auth=auth)
+    cacert = getattr(settings, 'OPENSTACK_SSL_CACERT')
+    session = ks_session.Session(auth=auth, verify=cacert or True)
    conn = connection.Connection(session=session,
                                 ha_api_version=version)

--- a/releasenotes/notes/fix-cacert-023407ba61a4bb7a.yaml
+++ b/releasenotes/notes/fix-cacert-023407ba61a4bb7a.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes an issue where the dashboard fails to load if communication with the
+    API requires a custom CA certificate.