From f79436d3a5e4cf279be0974e9633ad8994a017f7 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 6 Dec 2021 12:59:31 +0100
Subject: [PATCH] fence_openstack: add --ssl-insecure

---
 agents/openstack/fence_openstack.py     | 7 +++++--
 tests/data/metadata/fence_openstack.xml | 5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/agents/openstack/fence_openstack.py b/agents/openstack/fence_openstack.py
index c480596c1..c2d9df160 100755
--- a/agents/openstack/fence_openstack.py
+++ b/agents/openstack/fence_openstack.py
@@ -89,7 +89,7 @@ def set_power_status(conn, options):
 
 
 def nova_login(username, password, projectname, auth_url, user_domain_name,
-               project_domain_name, cacert, apitimeout):
+               project_domain_name, ssl_insecure, cacert, apitimeout):
     legacy_import = False
 
     try:
@@ -127,7 +127,7 @@ def nova_login(username, password, projectname, auth_url, user_domain_name,
             cacert=cacert,
         )
 
-    session = ksc_session.Session(auth=auth, verify=cacert, timeout=apitimeout)
+    session = ksc_session.Session(auth=auth, verify=False if ssl_insecure else cacert, timeout=apitimeout)
     nova = client.Client("2", session=session, timeout=apitimeout)
     apiversion = None
     try:
@@ -220,6 +220,7 @@ def main():
         "port",
         "no_port",
         "uuid",
+        "ssl_insecure",
         "cacert",
         "apitimeout",
     ]
@@ -268,6 +269,7 @@ def main():
         fail_usage("Failed: You have to set the Keystone service endpoint for authorization")
     user_domain_name = options["--user-domain-name"]
     project_domain_name = options["--project-domain-name"]
+    ssl_insecure = "--ssl-insecure" in options
     cacert = options["--cacert"]
     apitimeout = options["--apitimeout"]
     try:
@@ -278,6 +280,7 @@ def main():
             auth_url,
             user_domain_name,
             project_domain_name,
+            ssl_insecure,
             cacert,
             apitimeout,
         )
diff --git a/tests/data/metadata/fence_openstack.xml b/tests/data/metadata/fence_openstack.xml
index 84503bbe0..926d18c3d 100644
--- a/tests/data/metadata/fence_openstack.xml
+++ b/tests/data/metadata/fence_openstack.xml
@@ -43,6 +43,11 @@
 		<content type="string"  />
 		<shortdesc lang="en">UUID of the node to be fenced.</shortdesc>
 	</parameter>
+	<parameter name="ssl_insecure" unique="0" required="0">
+		<getopt mixed="--ssl-insecure" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Use SSL connection without verifying certificate</shortdesc>
+	</parameter>
 	<parameter name="username" unique="0" required="1" obsoletes="login">
 		<getopt mixed="-l, --username=[name]" />
 		<content type="string"  />