Add custom CA support for get_server_version

get_server_version fails when self-signed CA cert is used. This patch
adds:
* insecure option to ignore SSL certificate validation
* cacert to add ability to provide a custom SSL certificate

Change-Id: Ib1d34a5a6b595c53473ddd3acb182ab5a39cbba5
Related-Bug: 1744670

2 files changed, 50 insertions, 4 deletions

diff --git a/cinderclient/client.py b/cinderclient/client.py
index 2ae122c..e6a37c9 100644
--- a/cinderclient/client.py
+++ b/cinderclient/client.py
@@ -72,10 +72,14 @@ for svc in ('volume', 'volumev2', 'volumev3'):
     discover.add_catalog_discover_hack(svc, re.compile(r'/v[12]/\w+/?$'), '/')
 
 
-def get_server_version(url):
+def get_server_version(url, insecure=False, cacert=None):
     """Queries the server via the naked endpoint and gets version info.
 
     :param url: url of the cinder endpoint
+    :param insecure: Explicitly allow client to perform "insecure" TLS
+                     (https) requests
+    :param cacert: Specify a CA bundle file to use in verifying a TLS
+                            (https) server certificate
     :returns: APIVersion object for min and max version supported by
               the server
     """
@@ -106,7 +110,14 @@ def get_server_version(url):
             # leave as is without cropping.
             version_url = url
 
-        response = requests.get(version_url)
+        if insecure:
+            verify_cert = False
+        else:
+            if cacert:
+                verify_cert = cacert
+            else:
+                verify_cert = True
+        response = requests.get(version_url, verify=verify_cert)
         data = json.loads(response.text)
         versions = data['versions']
         for version in versions:
@@ -121,9 +132,9 @@ def get_server_version(url):
             api_versions.APIVersion(current_version))
 
 
-def get_highest_client_server_version(url):
+def get_highest_client_server_version(url, insecure=False, cacert=None):
     """Returns highest supported version by client and server as a string."""
-    min_server, max_server = get_server_version(url)
+    min_server, max_server = get_server_version(url, insecure, cacert)
     max_client = api_versions.APIVersion(api_versions.MAX_VERSION)
     return min(max_server, max_client).get_string()
 
diff --git a/cinderclient/tests/unit/test_client.py b/cinderclient/tests/unit/test_client.py
index 7fc6643..96348cd 100644
--- a/cinderclient/tests/unit/test_client.py
+++ b/cinderclient/tests/unit/test_client.py
@@ -361,6 +361,41 @@ class GetAPIVersionTestCase(utils.TestCase):
         self.assertEqual(max_version, api_versions.APIVersion('3.16'))
 
     @mock.patch('cinderclient.client.requests.get')
+    def test_get_server_version_insecure(self, mock_request):
+        mock_response = utils.TestResponse({
+            "status_code": 200,
+            "text": json.dumps(fakes.fake_request_get_no_v3())
+        })
+
+        mock_request.return_value = mock_response
+
+        url = (
+            "https://192.168.122.127:8776/v3/e5526285ebd741b1819393f772f11fc3")
+        expected_url = "https://192.168.122.127:8776/"
+
+        cinderclient.client.get_server_version(url, True)
+
+        mock_request.assert_called_once_with(expected_url, verify=False)
+
+    @mock.patch('cinderclient.client.requests.get')
+    def test_get_server_version_cacert(self, mock_request):
+        mock_response = utils.TestResponse({
+            "status_code": 200,
+            "text": json.dumps(fakes.fake_request_get_no_v3())
+        })
+
+        mock_request.return_value = mock_response
+
+        url = (
+            "https://192.168.122.127:8776/v3/e5526285ebd741b1819393f772f11fc3")
+        expected_url = "https://192.168.122.127:8776/"
+
+        cacert = '/path/to/cert'
+        cinderclient.client.get_server_version(url, cacert=cacert)
+
+        mock_request.assert_called_once_with(expected_url, verify=cacert)
+
+    @mock.patch('cinderclient.client.requests.get')
     @ddt.data('3.12', '3.40')
     def test_get_highest_client_server_version(self, version, mock_request):