Merge pull request #340 from stuggi/default_to_insecure

[TLS] Disable cert validation when in GetAdminServiceclient()
openstack-k8s-operators · Nov 21, 2023 · ea58550 · ea58550
2 parents a1a0e54 + 2ca0631
commit ea58550
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/api/v1beta1/keystoneapi.go b/api/v1beta1/keystoneapi.go
@@ -18,6 +18,7 @@ package v1beta1
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"time"
 
 	"github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
@@ -80,6 +81,18 @@ func GetAdminServiceClient(
 		return nil, ctrl.Result{}, err
 	}
 
+	parsedAuthURL, err := url.Parse(authURL)
+	if err != nil {
+		return nil, ctrl.Result{}, err
+	}
+
+	tlsConfig := &openstack.TLSConfig{}
+	if parsedAuthURL.Scheme == "https" {
+		// TODO: (mschuppert) for now just set to insecure, when keystone got
+		// enabled for internal tls, get the CA secret name from the keystoneAPI
+		tlsConfig.Insecure = true
+	}
+
 	// get the password of the admin user from Spec.Secret
 	// using PasswordSelectors.Admin
 	authPassword, ctrlResult, err := secret.GetDataFromSecret(
@@ -104,6 +117,7 @@ func GetAdminServiceClient(
 			TenantName: keystoneAPI.Spec.AdminProject,
 			DomainName: "Default",
 			Region:     keystoneAPI.Spec.Region,
+			TLS:        tlsConfig,
 		})
 	if err != nil {
 		return nil, ctrl.Result{}, err