Default OSCreds cacert attribute to False.

The default of True causes more problems than False when
dealing with unsecure and secure (HTTPS) API calls.
This was issue was found while testing against the new OPNFV
CI test pod running Pike.

JIRA: SNAPS-80

Change-Id: I819b4f64fa637bb7ce53c58a7a1164600ff6a3b9
Signed-off-by: spisarski <s.pisarski@cablelabs.com>

diff --git a/snaps/openstack/os_credentials.py b/snaps/openstack/os_credentials.py
index 17f65e6..4c681ac 100644 (file)
--- a/snaps/openstack/os_credentials.py
+++ b/snaps/openstack/os_credentials.py
@@ -97,12 +97,15 @@ class OSCreds:
         else:
             self.interface = kwargs['interface']
 
-        self.cacert = kwargs.get('cacert', True)
-        if isinstance(kwargs.get('cacert'), str):
-            if file_utils.file_exists(kwargs['cacert']):
-                self.cacert = kwargs['cacert']
+        self.cacert = False
+        if kwargs.get('cacert') is not None:
+            if isinstance(kwargs.get('cacert'), str):
+                if file_utils.file_exists(kwargs['cacert']):
+                    self.cacert = kwargs['cacert']
+                else:
+                    self.cacert = str2bool(kwargs['cacert'])
             else:
-                self.cacert = str2bool(self.cacert)
+                self.cacert = kwargs['cacert']
 
         if isinstance(kwargs.get('proxy_settings'), ProxySettings):
             self.proxy_settings = kwargs.get('proxy_settings')

diff --git a/snaps/openstack/tests/conf/os_credentials_tests.py b/snaps/openstack/tests/conf/os_credentials_tests.py
index a4cfa61..cde8161 100644 (file)
--- a/snaps/openstack/tests/conf/os_credentials_tests.py
+++ b/snaps/openstack/tests/conf/os_credentials_tests.py
@@ -160,7 +160,7 @@ class OSCredsUnitTests(unittest.TestCase):
         self.assertEqual('default', os_creds.user_domain_id)
         self.assertEqual('default', os_creds.project_domain_id)
         self.assertEqual('admin', os_creds.interface)
-        self.assertTrue(os_creds.cacert)
+        self.assertFalse(os_creds.cacert)
         self.assertIsNone(os_creds.proxy_settings)
 
     def test_minimal_kwargs(self):
@@ -178,7 +178,7 @@ class OSCredsUnitTests(unittest.TestCase):
         self.assertEqual('default', os_creds.user_domain_id)
         self.assertEqual('default', os_creds.project_domain_id)
         self.assertEqual('admin', os_creds.interface)
-        self.assertTrue(os_creds.cacert)
+        self.assertFalse(os_creds.cacert)
         self.assertIsNone(os_creds.proxy_settings)
 
     def test_all_kwargs_versions_str(self):
@@ -186,7 +186,8 @@ class OSCredsUnitTests(unittest.TestCase):
             **{'username': 'foo', 'password': 'bar',
                'auth_url': 'http://foo.bar:5000/v2', 'project_name': 'hello',
                'identity_api_version': '5', 'image_api_version': '6',
-               'compute_api_version': '7', 'heat_api_version': '8.0'})
+               'compute_api_version': '7', 'heat_api_version': '8.0',
+               'cacert': 'true'})
         self.assertEqual('foo', os_creds.username)
         self.assertEqual('bar', os_creds.password)
         self.assertEqual('http://foo.bar:5000/v2', os_creds.auth_url)
@@ -206,7 +207,8 @@ class OSCredsUnitTests(unittest.TestCase):
             **{'username': 'foo', 'password': 'bar',
                'auth_url': 'http://foo.bar:5000/v2', 'project_name': 'hello',
                'identity_api_version': 5, 'image_api_version': 6,
-               'compute_api_version': 7, 'heat_api_version': 8.0})
+               'compute_api_version': 7, 'heat_api_version': 8.0,
+               'cacert': True})
         self.assertEqual('foo', os_creds.username)
         self.assertEqual('bar', os_creds.password)
         self.assertEqual('http://foo.bar:5000/v2', os_creds.auth_url)
@@ -237,7 +239,7 @@ class OSCredsUnitTests(unittest.TestCase):
         self.assertEqual('default', os_creds.user_domain_id)
         self.assertEqual('default', os_creds.project_domain_id)
         self.assertEqual('admin', os_creds.interface)
-        self.assertTrue(os_creds.cacert)
+        self.assertFalse(os_creds.cacert)
         self.assertEqual('foo', os_creds.proxy_settings.host)
         self.assertEqual(1234, os_creds.proxy_settings.port)
         self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd)
@@ -259,7 +261,7 @@ class OSCredsUnitTests(unittest.TestCase):
         self.assertEqual('default', os_creds.user_domain_id)
         self.assertEqual('default', os_creds.project_domain_id)
         self.assertEqual('admin', os_creds.interface)
-        self.assertTrue(os_creds.cacert)
+        self.assertFalse(os_creds.cacert)
         self.assertEqual('foo', os_creds.proxy_settings.host)
         self.assertEqual(1234, os_creds.proxy_settings.port)
         self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd)
@@ -279,7 +281,7 @@ class OSCredsUnitTests(unittest.TestCase):
         self.assertEqual('default', os_creds.user_domain_id)
         self.assertEqual('default', os_creds.project_domain_id)
         self.assertEqual('admin', os_creds.interface)
-        self.assertTrue(os_creds.cacert)
+        self.assertFalse(os_creds.cacert)
         self.assertEqual('foo', os_creds.proxy_settings.host)
         self.assertEqual(1234, os_creds.proxy_settings.port)
         self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd)
@@ -300,7 +302,7 @@ class OSCredsUnitTests(unittest.TestCase):
         self.assertEqual('default', os_creds.user_domain_id)
         self.assertEqual('default', os_creds.project_domain_id)
         self.assertEqual('admin', os_creds.interface)
-        self.assertTrue(os_creds.cacert)
+        self.assertFalse(os_creds.cacert)
         self.assertEqual('foo', os_creds.proxy_settings.host)
         self.assertEqual(1234, os_creds.proxy_settings.port)
         self.assertIsNone(os_creds.proxy_settings.ssh_proxy_cmd)

diff --git a/snaps/openstack/tests/openstack_tests.py b/snaps/openstack/tests/openstack_tests.py
index 9cf2028..855beb5 100644 (file)
--- a/snaps/openstack/tests/openstack_tests.py
+++ b/snaps/openstack/tests/openstack_tests.py
@@ -73,12 +73,11 @@ def get_credentials(os_env_file=None, proxy_settings_str=None,
             proxy_settings = ProxySettings(host=tokens[0], port=tokens[1],
                                            ssh_proxy_cmd=ssh_proxy_cmd)
 
+        https_cacert = None
         if config.get('OS_CACERT'):
             https_cacert = config.get('OS_CACERT')
         elif config.get('OS_INSECURE'):
             https_cacert = False
-        else:
-            https_cacert = True
 
         interface = 'admin'
         if config.get('OS_INTERFACE'):