Respect SSL settings in placement API

Make the placement API client respect the OPENSTACK_SSL_NO_VERIFY and OPENSTACK_SSL_CACERT configuration options, so that it can work properly in TLS-everywhere deployments. Change-Id: Id0bb085bdf411eef240c3d50da56016c0a1d075c (cherry picked from commit 14212342cf)
2024-04-19 15:36:08 +02:00 · 2024-04-19 15:36:08 +02:00 · dcaf0cc51f
parent 3fce540179
commit dcaf0cc51f
1 changed files with 10 additions and 1 deletions
--- a/openstack_dashboard/api/placement.py
+++ b/openstack_dashboard/api/placement.py
@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from django.conf import settings
 from keystoneauth1 import adapter
 from keystoneauth1 import identity
 from keystoneauth1 import session
@ -41,7 +42,15 @@ def make_adapter(request):
        project_name=request.user.project_name,
        project_domain_name=request.user.domain_id,
    )
-    return Adapter(session.Session(auth=auth), api_version="placement 1.6")
+    verify = True
+    if settings.OPENSTACK_SSL_NO_VERIFY:
+        verify = False
+    elif settings.OPENSTACK_SSL_CACERT:
+        verify = settings.OPENSTACK_SSL_CACERT
+    return Adapter(
+        session.Session(auth=auth, verify=verify),
+        api_version="placement 1.6",
+    )


 def _get_json(request, path):