From 2ca06317fed3d31fd938016bee64a3df3e6c1f03 Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Tue, 7 Nov 2023 17:28:41 +0100
Subject: [PATCH] [TLS] Disable cert validation when in GetAdminServiceclient()

This is an intermediate step which disables cert validation for
openstack admin client in GetAdminServiceClient(). When KeystoneAPI
got enabled for internal TLS and has references to the CA bundle
this will be updated.

Jira: OSP-19151
---
 api/v1beta1/keystoneapi.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/api/v1beta1/keystoneapi.go b/api/v1beta1/keystoneapi.go
index 3c3b29c5..5cc37854 100644
--- a/api/v1beta1/keystoneapi.go
+++ b/api/v1beta1/keystoneapi.go
@@ -18,6 +18,7 @@ package v1beta1
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"time"
 
 	"github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
@@ -80,6 +81,18 @@ func GetAdminServiceClient(
 		return nil, ctrl.Result{}, err
 	}
 
+	parsedAuthURL, err := url.Parse(authURL)
+	if err != nil {
+		return nil, ctrl.Result{}, err
+	}
+
+	tlsConfig := &openstack.TLSConfig{}
+	if parsedAuthURL.Scheme == "https" {
+		// TODO: (mschuppert) for now just set to insecure, when keystone got
+		// enabled for internal tls, get the CA secret name from the keystoneAPI
+		tlsConfig.Insecure = true
+	}
+
 	// get the password of the admin user from Spec.Secret
 	// using PasswordSelectors.Admin
 	authPassword, ctrlResult, err := secret.GetDataFromSecret(
@@ -104,6 +117,7 @@ func GetAdminServiceClient(
 			TenantName: keystoneAPI.Spec.AdminProject,
 			DomainName: "Default",
 			Region:     keystoneAPI.Spec.Region,
+			TLS:        tlsConfig,
 		})
 	if err != nil {
 		return nil, ctrl.Result{}, err