From c917665af918af69dfda4b956c56662b392e1fa1 Mon Sep 17 00:00:00 2001
From: Endre Karlson <endre.karlson@hp.com>
Date: Thu, 4 Dec 2014 14:44:05 +0100
Subject: [PATCH] Add ca_certificate option for SSL'd api

Change-Id: I12eb9dbbb8bee24e50ae342ffbc7356d4583a973
---
 os_collect_config/cfn.py            |  4 +++-
 os_collect_config/tests/test_cfn.py | 13 +++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/os_collect_config/cfn.py b/os_collect_config/cfn.py
index 53bf1b6..4567659 100644
--- a/os_collect_config/cfn.py
+++ b/os_collect_config/cfn.py
@@ -35,6 +35,7 @@ opts = [
                default='/var/lib/heat-cfntools/cfn-metadata-server',
                help='Local file to read for metadata url if not explicitly '
                     ' specified'),
+    cfg.StrOpt('ca_certificate', help='CA Certificate path'),
     cfg.StrOpt('stack-name',
                help='Stack name to describe'),
     cfg.MultiStrOpt('path',
@@ -105,7 +106,8 @@ class Collector(object):
             params['Signature'] = signer.generate(credentials)
             try:
                 content = self._session.get(
-                    url, params=params, headers=headers)
+                    url, params=params, headers=headers,
+                    verify=CONF.cfn.ca_certificate)
                 content.raise_for_status()
             except self._requests_impl.exceptions.RequestException as e:
                 logger.warn(e)
diff --git a/os_collect_config/tests/test_cfn.py b/os_collect_config/tests/test_cfn.py
index 7daeb72..039bdd9 100644
--- a/os_collect_config/tests/test_cfn.py
+++ b/os_collect_config/tests/test_cfn.py
@@ -123,8 +123,9 @@ class FakeReqSession(object):
     def __init__(self, testcase, expected_netloc):
         self._test = testcase
         self._expected_netloc = expected_netloc
+        self.verify = False
 
-    def get(self, url, params, headers):
+    def get(self, url, params, headers, verify=None):
         self._test.addDetail('url', test_content.text_content(url))
         url = urlparse.urlparse(url)
         self._test.assertEqual(self._expected_netloc, url.netloc)
@@ -144,6 +145,8 @@ class FakeReqSession(object):
         detail = etree.SubElement(result, 'StackResourceDetail')
         metadata = etree.SubElement(detail, 'Metadata')
         metadata.text = json.dumps(self.SESSION_META_DATA)
+        if verify is not None:
+            self.verify = True
         return FakeResponse(etree.tostring(root))
 
 
@@ -186,7 +189,7 @@ class FakeFailRequests(object):
     exceptions = requests.exceptions
 
     class Session(object):
-        def get(self, url, params, headers):
+        def get(self, url, params, headers, verify=None):
             raise requests.exceptions.HTTPError(403, 'Forbidden')
 
 
@@ -220,6 +223,12 @@ class TestCfn(TestCfnBase):
 
         self.assertEqual('', self.log.output)
 
+    def test_collect_with_ca_cert(self):
+        cfn.CONF.cfn.ca_certificate = "foo"
+        collector = cfn.Collector(requests_impl=FakeRequests(self))
+        collector.collect()
+        self.assertTrue(collector._session.verify)
+
     def test_collect_cfn_fail(self):
         cfn_collect = cfn.Collector(requests_impl=FakeFailRequests)
         self.assertRaises(exc.CfnMetadataNotAvailable, cfn_collect.collect)