Add "ssl_ca_file" in config for self-signed certs

ggiamarchi · May 17, 2017 · 233f9e4 · 233f9e4
1 parent 2978da1
commit 233f9e4
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -98,6 +98,7 @@ This provider exposes quite a few provider-specific configuration options:
 * `openstack_image_url` - The image URL to hit. This is good for custom endpoints. If not provided, vagrant will try to get it from catalog endpoint.
 * `endpoint_type` - The endpoint type to use : publicURL, adminURL, internalURL. If not provided, vagrant will use publicURL by default.
 * `interface_type` - The endpoint type to use for identity v3: public, admin, internal. If not provided, vagrant will use public by default.
+* `ssl_ca_file` - The location of CA certificate file.
 * `ssl_verify_peer` - Verify peer certificate when connecting to endpoint. Defaults to true. Set to false to disable check (beware this is not secure!)
 
 ### VM Configuration

diff --git a/source/lib/vagrant-openstack-provider/client/rest_utils.rb b/source/lib/vagrant-openstack-provider/client/rest_utils.rb
@@ -7,21 +7,21 @@ def self.get(env, url, headers = {}, &block)
         config = env[:machine].provider_config
         RestClient::Request.execute(method: :get, url: url, headers: headers,
                                     timeout: config.http.read_timeout, open_timeout: config.http.open_timeout,
-                                    verify_ssl: config.ssl_verify_peer, &block)
+                                    ssl_ca_file: config.ssl_ca_file, verify_ssl: config.ssl_verify_peer, &block)
       end
 
       def self.post(env, url, payload, headers = {}, &block)
         config = env[:machine].provider_config
         RestClient::Request.execute(method: :post, url: url, payload: payload, headers: headers,
                                     timeout: config.http.read_timeout, open_timeout: config.http.open_timeout,
-                                    verify_ssl: config.ssl_verify_peer, &block)
+                                    ssl_ca_file: config.ssl_ca_file, verify_ssl: config.ssl_verify_peer, &block)
       end
 
       def self.delete(env, url, headers = {}, &block)
         config = env[:machine].provider_config
         RestClient::Request.execute(method: :delete, url: url, headers: headers,
                                     timeout: config.http.read_timeout, open_timeout: config.http.open_timeout,
-                                    verify_ssl: config.ssl_verify_peer, &block)
+                                    ssl_ca_file: config.ssl_ca_file, verify_ssl: config.ssl_verify_peer, &block)
       end
     end
   end

diff --git a/source/lib/vagrant-openstack-provider/config.rb b/source/lib/vagrant-openstack-provider/config.rb
@@ -243,6 +243,11 @@ class Config < Vagrant.plugin('2', :config)
       # @return [Boolean]
       attr_accessor :use_legacy_synced_folders
 
+      # Specify the certificate to use.
+      #
+      # @return [String]
+      attr_accessor :ssl_ca_file
+
       # Verify ssl peer certificate when connecting. Set to false (! unsecure) to disable
       #
       # @return [Boolean]
@@ -295,6 +300,7 @@ def initialize
         @meta_args_support = UNSET_VALUE
         @http = HttpConfig.new
         @use_legacy_synced_folders = UNSET_VALUE
+        @ssl_ca_file = UNSET_VALUE
         @ssl_verify_peer = UNSET_VALUE
       end
 
@@ -407,6 +413,7 @@ def finalize!
         @volumes = nil if @volumes.empty?
         @stacks = nil if @stacks.empty?
         @http.finalize!
+        @ssl_ca_file = nil if @ssl_ca_file == UNSET_VALUE
         @ssl_verify_peer = true if @ssl_verify_peer == UNSET_VALUE
       end
       # rubocop:enable Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity