Support insecure SSL when talking to services

The certificates may not be known to Trove when doing requests
to the different services so support insecure requests. This
can be configured via the new config options

- nova_api_insecure
- cinder_api_insecure
- neutron_api_insecure
- swift_api_insecure

All new config parameters default to 'False' so nothing changes
if not explicitly configured.

This is useful if the services use SSL adn Trove wants to talk to theses
services without configuring the different certs.

Change-Id: Ib59abd1500baad132e5c9f53895fd1eca18ac4d7
Closes-Bug: #1535895

trove/common/cfg.py

@@ -70,21 +70,29 @@ common_opts = [
                help="The version of the compute service client."),
     cfg.StrOpt('glance_client_version', default='2',
                help="The version of the image service client."),
+    cfg.BoolOpt('nova_api_insecure', default=False,
+                help="Allow to perform insecure SSL requests to nova."),
     cfg.URIOpt('neutron_url', help='URL without the tenant segment.'),
     cfg.StrOpt('neutron_service_type', default='network',
                help='Service type to use when searching catalog.'),
     cfg.StrOpt('neutron_endpoint_type', default='publicURL',
                help='Service endpoint type to use when searching catalog.'),
+    cfg.BoolOpt('neutron_api_insecure', default=False,
+                help="Allow to perform insecure SSL requests to neutron."),
     cfg.URIOpt('cinder_url', help='URL without the tenant segment.'),
     cfg.StrOpt('cinder_service_type', default='volumev2',
                help='Service type to use when searching catalog.'),
     cfg.StrOpt('cinder_endpoint_type', default='publicURL',
                help='Service endpoint type to use when searching catalog.'),
+    cfg.BoolOpt('cinder_api_insecure', default=False,
+                help="Allow to perform insecure SSL requests to cinder."),
     cfg.URIOpt('swift_url', help='URL ending in ``AUTH_``.'),
     cfg.StrOpt('swift_service_type', default='object-store',
                help='Service type to use when searching catalog.'),
     cfg.StrOpt('swift_endpoint_type', default='publicURL',
                help='Service endpoint type to use when searching catalog.'),
+    cfg.BoolOpt('swift_api_insecure', default=False,
+                help="Allow to perform insecure SSL requests to swift."),
     cfg.URIOpt('glance_url', help='URL ending in ``AUTH_``.'),
     cfg.StrOpt('glance_service_type', default='image',
                help='Service type to use when searching catalog.'),

trove/common/remote.py

@@ -101,7 +101,8 @@ def nova_client(context, region_name=None):
                     project_id=context.tenant,
                     project_domain_name=context.project_domain_name,
                     auth_url=CONF.trove_auth_url,
-                    auth_token=context.auth_token)
+                    auth_token=context.auth_token,
+                    insecure=CONF.nova_api_insecure)
     client.client.auth_token = context.auth_token
     client.client.endpoint_override = url
     return client
@@ -129,7 +130,8 @@ def cinder_client(context, region_name=None):
 
     client = CinderClient.Client(context.user, context.auth_token,
                                  project_id=context.tenant,
-                                 auth_url=CONF.trove_auth_url)
+                                 auth_url=CONF.trove_auth_url,
+                                 insecure=CONF.cinder_api_insecure)
     client.client.auth_token = context.auth_token
     client.client.management_url = url
     return client
@@ -149,7 +151,8 @@ def swift_client(context, region_name=None):
     client = Connection(preauthurl=url,
                         preauthtoken=context.auth_token,
                         tenant_name=context.tenant,
-                        snet=CONF.backup_use_snet)
+                        snet=CONF.backup_use_snet,
+                        insecure=CONF.swift_api_insecure)
     return client
 
 
@@ -164,7 +167,8 @@ def neutron_client(context, region_name=None):
                            endpoint_type=CONF.neutron_endpoint_type)
 
     client = NeutronClient.Client(token=context.auth_token,
-                                  endpoint_url=url)
+                                  endpoint_url=url,
+                                  insecure=CONF.neutron_api_insecure)
     return client
 
 

trove/common/single_tenant_remote.py

@@ -66,7 +66,8 @@ def nova_client_trove_admin(context, region_name=None, compute_url=None):
                         CONF.nova_proxy_admin_tenant_name,
                         auth_url=CONF.trove_auth_url,
                         service_type=CONF.nova_compute_service_type,
-                        region_name=region_name or CONF.os_region_name)
+                        region_name=region_name or CONF.os_region_name,
+                        insecure=CONF.nova_api_insecure)
 
     if compute_url and CONF.nova_proxy_admin_tenant_id:
         client.client.endpoint_override = "%s/%s/" % (
@@ -88,7 +89,8 @@ def cinder_client_trove_admin(context=None):
                                  project_id=CONF.nova_proxy_admin_tenant_name,
                                  auth_url=CONF.trove_auth_url,
                                  service_type=CONF.cinder_service_type,
-                                 region_name=CONF.os_region_name)
+                                 region_name=CONF.os_region_name,
+                                 insecure=CONF.cinder_api_insecure)
 
     if CONF.cinder_url and CONF.nova_proxy_admin_tenant_id:
         client.client.management_url = "%s/%s/" % (
@@ -110,7 +112,8 @@ def neutron_client_trove_admin(context=None):
         tenant_name=CONF.nova_proxy_admin_tenant_name,
         auth_url=CONF.trove_auth_url,
         service_type=CONF.neutron_service_type,
-        region_name=CONF.os_region_name)
+        region_name=CONF.os_region_name,
+        insecure=CONF.neutron_api_insecure)
 
     if CONF.neutron_url:
         client.management_url = CONF.neutron_url