From 9240fef1b29fefd125a3e5c0066fe9a89519437c Mon Sep 17 00:00:00 2001
From: Eric Brown <browne@vmware.com>
Date: Mon, 4 May 2015 18:42:48 -0700
Subject: [PATCH] VMware: insecure option should be exposed

Commit Ida730db66b154a4d445f7a91bccb9ca5b5a26f5e introduced
certificate verification but did not expose the option to turn
on/off verification using the insecure boolean of oslo.vmware.

DocImpact

Change-Id: I834c9fb407c8790dab14db0308f7e7f1d551669e
Closes-Bug: #1451633
---
 cinder/tests/unit/test_vmware_vmdk.py |  4 +++-
 cinder/volume/drivers/vmware/vmdk.py  | 13 +++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/cinder/tests/unit/test_vmware_vmdk.py b/cinder/tests/unit/test_vmware_vmdk.py
index 761525a34..eb1f68b07 100644
--- a/cinder/tests/unit/test_vmware_vmdk.py
+++ b/cinder/tests/unit/test_vmware_vmdk.py
@@ -165,6 +165,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
         self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS
         self._config.vmware_tmp_dir = self.TMP_DIR
         self._config.vmware_ca_file = self.CA_FILE
+        self._config.vmware_insecure = False
         self._db = mock.Mock()
         self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config,
                                                 db=self._db)
@@ -2851,7 +2852,8 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase):
             self._config.vmware_task_poll_interval,
             wsdl_loc=self._config.safe_get('vmware_wsdl_location'),
             pbm_wsdl_loc=None,
-            cacert=self._config.vmware_ca_file)
+            cacert=self._config.vmware_ca_file,
+            insecure=self._config.vmware_insecure)
 
 
 class ImageDiskTypeTest(test.TestCase):
diff --git a/cinder/volume/drivers/vmware/vmdk.py b/cinder/volume/drivers/vmware/vmdk.py
index af7600dab..fbed40ac9 100644
--- a/cinder/volume/drivers/vmware/vmdk.py
+++ b/cinder/volume/drivers/vmware/vmdk.py
@@ -109,7 +109,14 @@ vmdk_opts = [
                     'backup and restore.'),
     cfg.StrOpt('vmware_ca_file',
                default=None,
-               help='CA bundle file to verify vCenter server certificate.')
+               help='CA bundle file to use in verifying the vCenter server '
+                    'certificate.'),
+    cfg.BoolOpt('vmware_insecure',
+                default=False,
+                help='If true, the vCenter server certificate is not '
+                     'verified. If false, then the default CA truststore is '
+                     'used for verification. This option is ignored if '
+                     '"vmware_ca_file" is set.'),
 ]
 
 CONF = cfg.CONF
@@ -1888,12 +1895,14 @@ class VMwareVcVmdkDriver(VMwareEsxVmdkDriver):
             wsdl_loc = self.configuration.safe_get('vmware_wsdl_location')
             pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None
             ca_file = self.configuration.vmware_ca_file
+            insecure = self.configuration.vmware_insecure
             self._session = api.VMwareAPISession(ip, username,
                                                  password, api_retry_count,
                                                  task_poll_interval,
                                                  wsdl_loc=wsdl_loc,
                                                  pbm_wsdl_loc=pbm_wsdl,
-                                                 cacert=ca_file)
+                                                 cacert=ca_file,
+                                                 insecure=insecure)
         return self._session
 
     def _get_vc_version(self):
-- 
2.45.2