bugfix to handle verify from cloud.yaml (ca still doesn't work)

sbueringer · sbueringer · commit d2e921cd32c8 · 2019-08-26T21:51:17.000+02:00
diff --git a/pkg/cloud/services/provider/provider.go b/pkg/cloud/services/provider/provider.go
@@ -57,6 +57,10 @@ func NewClientFromCluster(ctrlClient client.Client, openStackCluster *infrav1.Op
 	return newClient(cloud, caCert)
 }
 
+// TODO(sbueringer) find out if this function does what we want
+// e.g. it had a bug where it didn't use the verify option of the
+// cloud parameter. Does it read the ca property from the paramenter?
+// how can a CA be set via secret? (an additional key?)
 func newClient(cloud clientconfig.Cloud, caCert []byte) (*gophercloud.ProviderClient, *clientconfig.ClientOpts, error) {
 	clientOpts := new(clientconfig.ClientOpts)
 	if cloud.AuthInfo != nil {
@@ -86,14 +90,16 @@ func newClient(cloud clientconfig.Cloud, caCert []byte) (*gophercloud.ProviderCl
 			config.RootCAs = caCertPool
 		}
 		config.InsecureSkipVerify = !*cloudFromYaml.Verify
+	} else {
+		config.InsecureSkipVerify = !*cloud.Verify
 	}
 
 	transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
 	provider.HTTPClient.Transport = transport
 
 	err = openstack.Authenticate(provider, *opts)
 	if err != nil {
-		return nil, nil, fmt.Errorf("providerClient authentication err: %v", err)
+		return nil, nil, fmt.Errorf("providerClient authentication err: %v, %+v", err, cloudFromYaml)
 	}
 	return provider, clientOpts, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,10 @@ func NewClientFromCluster(ctrlClient client.Client, openStackCluster *infrav1.Op`
`57`	`57`	`return newClient(cloud, caCert)`
`58`	`58`	`}`
`59`	`59`
	`60`	`+// TODO(sbueringer) find out if this function does what we want`
	`61`	`+// e.g. it had a bug where it didn't use the verify option of the`
	`62`	`+// cloud parameter. Does it read the ca property from the paramenter?`
	`63`	`+// how can a CA be set via secret? (an additional key?)`
`60`	`64`	`func newClient(cloud clientconfig.Cloud, caCert []byte) (gophercloud.ProviderClient, clientconfig.ClientOpts, error) {`
`61`	`65`	`clientOpts := new(clientconfig.ClientOpts)`
`62`	`66`	`if cloud.AuthInfo != nil {`
`@@ -86,14 +90,16 @@ func newClient(cloud clientconfig.Cloud, caCert []byte) (*gophercloud.ProviderCl`
`86`	`90`	`config.RootCAs = caCertPool`
`87`	`91`	`}`
`88`	`92`	`config.InsecureSkipVerify = !*cloudFromYaml.Verify`
	`93`	`+ } else {`
	`94`	`+ config.InsecureSkipVerify = !*cloud.Verify`
`89`	`95`	`}`
`90`	`96`
`91`	`97`	`transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}`
`92`	`98`	`provider.HTTPClient.Transport = transport`
`93`	`99`
`94`	`100`	`err = openstack.Authenticate(provider, *opts)`
`95`	`101`	`if err != nil {`
`96`		`- return nil, nil, fmt.Errorf("providerClient authentication err: %v", err)`
	`102`	`+ return nil, nil, fmt.Errorf("providerClient authentication err: %v, %+v", err, cloudFromYaml)`
`97`	`103`	`}`
`98`	`104`	`return provider, clientOpts, nil`
`99`	`105`	`}`