Merge "Re-use swift_store_cacert for Keystone session"

author: Zuul <zuul@review.opendev.org> 2020-03-26 05:11:47 +0000
committer: Gerrit Code Review <review@openstack.org> 2020-03-26 05:11:47 +0000
commit: 934759d721356466b3455300423a384a97d00deb (patch)
tree: d079e78cfc3037c2475d14f6dc218963c0b5c5ec /glance_store/_drivers
parent: de7445cb7301d3eb944b5e0709a4e0308255cae9 (diff)
parent: ee2a3d3032408ff3d12beafd6ae84d75b33f479f (diff)
download: glance_store-934759d721356466b3455300423a384a97d00deb.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/glance_store/_drivers/swift/store.py b/glance_store/_drivers/swift/store.py
index d7a324e..7c1d9e6 100644
--- a/glance_store/_drivers/swift/store.py
+++ b/glance_store/_drivers/swift/store.py
@@ -806,6 +806,10 @@ class BaseStore(driver.Store):
         self.insecure = glance_conf.swift_store_auth_insecure
         self.ssl_compression = glance_conf.swift_store_ssl_compression
         self.cacert = glance_conf.swift_store_cacert
+        if self.insecure:
+            self.ks_verify = False
+        else:
+            self.ks_verify = self.cacert or True
         if swiftclient is None:
             msg = _("Missing dependency python_swiftclient.")
             raise exceptions.BadStoreConfiguration(store_name="swift",
@@ -1454,7 +1458,7 @@ class SingleTenantStore(BaseStore):
             project_domain_id=self.project_domain_id,
             project_domain_name=self.project_domain_name)
 
-        sess = ks_session.Session(auth=password, verify=not self.insecure)
+        sess = ks_session.Session(auth=password, verify=self.ks_verify)
         return ks_client.Client(session=sess)
 
     def get_manager(self, store_location, context=None, allow_reauth=False):
@@ -1596,7 +1600,7 @@ class MultiTenantStore(BaseStore):
                                            token=context.auth_token,
                                            project_id=context.tenant)
         trustor_sess = ks_session.Session(auth=trustor_auth,
-                                          verify=not self.insecure)
+                                          verify=self.ks_verify)
         trustor_client = ks_client.Client(session=trustor_sess)
         auth_ref = trustor_client.session.auth.get_auth_ref(trustor_sess)
         roles = [t['name'] for t in auth_ref['roles']]
@@ -1613,7 +1617,7 @@ class MultiTenantStore(BaseStore):
             project_domain_id=project_domain_id,
             project_domain_name=project_domain_name)
         trustee_sess = ks_session.Session(auth=password,
-                                          verify=not self.insecure)
+                                          verify=self.ks_verify)
         trustee_client = ks_client.Client(session=trustee_sess)
 
         # request glance user id - we will use it as trustee user
@@ -1640,7 +1644,7 @@ class MultiTenantStore(BaseStore):
         # now we can authenticate against KS
         # as trustee of user who provided token
         client_sess = ks_session.Session(auth=client_password,
-                                         verify=not self.insecure)
+                                         verify=self.ks_verify)
         return ks_client.Client(session=client_sess)
 
     def get_manager(self, store_location, context=None, allow_reauth=False):
author	Zuul <zuul@review.opendev.org>	2020-03-26 05:11:47 +0000
committer	Gerrit Code Review <review@openstack.org>	2020-03-26 05:11:47 +0000
commit	934759d721356466b3455300423a384a97d00deb (patch)
tree	d079e78cfc3037c2475d14f6dc218963c0b5c5ec /glance_store/_drivers
parent	de7445cb7301d3eb944b5e0709a4e0308255cae9 (diff)
parent	ee2a3d3032408ff3d12beafd6ae84d75b33f479f (diff)
download	glance_store-934759d721356466b3455300423a384a97d00deb.tar.gz