From ef3233c54a853cc70933ce069c9f21077e4252eb Mon Sep 17 00:00:00 2001
From: Daniel Vincze <dvincze@cloudbasesolutions.com>
Date: Mon, 29 Jul 2024 17:40:44 +0300
Subject: [PATCH] Pass CA file when verifying keystone session upon trust
 creation

---
 coriolis/keystone.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/coriolis/keystone.py b/coriolis/keystone.py
index 995a2e7c..ee0dfebe 100644
--- a/coriolis/keystone.py
+++ b/coriolis/keystone.py
@@ -46,6 +46,12 @@ def create_trust(ctxt):
     if ctxt.trust_id:
         return
 
+    cafile = CONF.keystone.cafile
+    if cafile and cafile != "":
+        verify = cafile
+    else:
+        verify = not CONF.keystone.allow_untrusted
+
     LOG.debug("Creating Keystone trust")
 
     trusts_auth_plugin = _get_trusts_auth_plugin()
@@ -57,7 +63,7 @@ def create_trust(ctxt):
         project_name=ctxt.project_name,
         project_domain_name=ctxt.project_domain_name)
     session = ks_session.Session(
-        auth=auth, verify=not CONF.keystone.allow_untrusted)
+        auth=auth, verify=verify)
 
     try:
         trustee_user_id = trusts_auth_plugin.get_user_id(session)