Skip to content

Commit

Permalink
[TLS] Disable cert validation when in GetAdminServiceclient()
Browse files Browse the repository at this point in the history
This is an intermediate step which disables cert validation for
openstack admin client in GetAdminServiceClient(). When KeystoneAPI
got enabled for internal TLS and has references to the CA bundle
this will be updated.

Jira: OSP-19151
  • Loading branch information
stuggi committed Nov 7, 2023
1 parent a1a0e54 commit 2ca0631
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions api/v1beta1/keystoneapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package v1beta1
import (
"context"
"fmt"
"net/url"
"time"

"github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
Expand Down Expand Up @@ -80,6 +81,18 @@ func GetAdminServiceClient(
return nil, ctrl.Result{}, err
}

parsedAuthURL, err := url.Parse(authURL)
if err != nil {
return nil, ctrl.Result{}, err
}

tlsConfig := &openstack.TLSConfig{}
if parsedAuthURL.Scheme == "https" {
// TODO: (mschuppert) for now just set to insecure, when keystone got
// enabled for internal tls, get the CA secret name from the keystoneAPI
tlsConfig.Insecure = true
}

// get the password of the admin user from Spec.Secret
// using PasswordSelectors.Admin
authPassword, ctrlResult, err := secret.GetDataFromSecret(
Expand All @@ -104,6 +117,7 @@ func GetAdminServiceClient(
TenantName: keystoneAPI.Spec.AdminProject,
DomainName: "Default",
Region: keystoneAPI.Spec.Region,
TLS: tlsConfig,
})
if err != nil {
return nil, ctrl.Result{}, err
Expand Down

0 comments on commit 2ca0631

Please sign in to comment.