Pass CA file when verifying keystone session upon trust creation

cloudbase · Jul 29, 2024 · ef3233c · ef3233c
1 parent 812a0a7
commit ef3233c
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/coriolis/keystone.py b/coriolis/keystone.py
@@ -46,6 +46,12 @@ def create_trust(ctxt):
     if ctxt.trust_id:
         return
 
+    cafile = CONF.keystone.cafile
+    if cafile and cafile != "":
+        verify = cafile
+    else:
+        verify = not CONF.keystone.allow_untrusted
+
     LOG.debug("Creating Keystone trust")
 
     trusts_auth_plugin = _get_trusts_auth_plugin()
@@ -57,7 +63,7 @@ def create_trust(ctxt):
         project_name=ctxt.project_name,
         project_domain_name=ctxt.project_domain_name)
     session = ks_session.Session(
-        auth=auth, verify=not CONF.keystone.allow_untrusted)
+        auth=auth, verify=verify)
 
     try:
         trustee_user_id = trusts_auth_plugin.get_user_id(session)