From ba2b24b8241b523834f99e838b8c12b8a8f9deca Mon Sep 17 00:00:00 2001
From: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Date: Thu, 18 Jul 2024 10:46:09 +0000
Subject: [PATCH] Add cafile option to the keystone section

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
---
 coriolis/keystone.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/coriolis/keystone.py b/coriolis/keystone.py
index c0a6749bf..995a2e7c8 100644
--- a/coriolis/keystone.py
+++ b/coriolis/keystone.py
@@ -15,6 +15,10 @@
                default=None,
                help='Default auth URL to be used when not specified in the'
                ' migration\'s connection info.'),
+    cfg.StrOpt('cafile',
+               default=None,
+               help='The CA file used to validate openstack service'
+               ' API endpoints.'),
     cfg.IntOpt('identity_api_version',
                min=2, max=3,
                default=2,
@@ -127,6 +131,10 @@ def create_keystone_session(ctxt, connection_info={}):
             "password": password,
         }
 
+    cafile = CONF.keystone.cafile
+    if cafile and cafile != "":
+        verify = cafile
+
     if not auth:
         project_name = connection_info.get("project_name", ctxt.project_name)