Heat integration tests failing against https endpoints

Provide ca_file option to pass the ca certificate to verify https
connection. Also pass verify parameter to the test cases which
directly call requests library methods.

Change-Id: I4a81047136d6a64b151180e95c254edea8165349
Closes-Bug: #1553898
diff --git a/common/clients.py b/common/clients.py
index 85bfea5..acbf239 100644
--- a/common/clients.py
+++ b/common/clients.py
@@ -79,6 +79,8 @@
             raise ValueError(_('Incorrectly specified auth_url config: no '
                                'version found.'))
 
+        self.insecure = self.conf.disable_ssl_certificate_validation
+        self.ca_file = self.conf.ca_file
         self.identity_client = self._get_identity_client()
         self.orchestration_client = self._get_orchestration_client()
         self.compute_client = self._get_compute_client()
@@ -121,13 +123,15 @@
                 'project_domain_name': domain,
                 'user_domain_name': domain})
         auth = password.Password(**kwargs)
-        return KeystoneWrapperClient(
-            auth,
-            not self.conf.disable_ssl_certificate_validation)
+        if self.insecure:
+            verify_cert = False
+        else:
+            verify_cert = self.ca_file or True
+
+        return KeystoneWrapperClient(auth, verify_cert)
 
     def _get_compute_client(self):
 
-        dscv = self.conf.disable_ssl_certificate_validation
         region = self.conf.region
 
         client_args = (
@@ -146,11 +150,11 @@
             endpoint_type='publicURL',
             region_name=region,
             no_cache=True,
-            insecure=dscv,
+            insecure=self.insecure,
+            cacert=self.ca_file,
             http_log_debug=True)
 
     def _get_network_client(self):
-        dscv = self.conf.disable_ssl_certificate_validation
 
         return neutron_client.Client(
             username=self.conf.username,
@@ -159,12 +163,12 @@
             endpoint_type='publicURL',
             # neutronclient can not use v3 url
             auth_url=self.v2_auth_url,
-            insecure=dscv)
+            insecure=self.insecure,
+            ca_cert=self.ca_file)
 
     def _get_volume_client(self):
         region = self.conf.region
         endpoint_type = 'publicURL'
-        dscv = self.conf.disable_ssl_certificate_validation
         return cinder_client.Client(
             self.CINDERCLIENT_VERSION,
             self.conf.username,
@@ -174,11 +178,11 @@
             self.v2_auth_url,
             region_name=region,
             endpoint_type=endpoint_type,
-            insecure=dscv,
+            insecure=self.insecure,
+            cacert=self.ca_file,
             http_log_debug=True)
 
     def _get_object_client(self):
-        dscv = self.conf.disable_ssl_certificate_validation
         args = {
             'auth_version': self.auth_version,
             'tenant_name': self.conf.tenant_name,
@@ -186,12 +190,12 @@
             'key': self.conf.password,
             'authurl': self.conf.auth_url,
             'os_options': {'endpoint_type': 'publicURL'},
-            'insecure': dscv,
+            'insecure': self.insecure,
+            'cacert': self.ca_file,
         }
         return swift_client.Connection(**args)
 
     def _get_metering_client(self):
-        dscv = self.conf.disable_ssl_certificate_validation
         domain = self.conf.domain_name
         try:
             endpoint = self.identity_client.get_endpoint_url('metering',
@@ -204,7 +208,8 @@
                 'password': self.conf.password,
                 'tenant_name': self.conf.tenant_name,
                 'auth_url': self.conf.auth_url,
-                'insecure': dscv,
+                'insecure': self.insecure,
+                'cacert': self.ca_file,
                 'region_name': self.conf.region,
                 'endpoint_type': 'publicURL',
                 'service_type': 'metering',
diff --git a/common/config.py b/common/config.py
index 6d35600..f8ae075 100644
--- a/common/config.py
+++ b/common/config.py
@@ -60,6 +60,10 @@
     cfg.BoolOpt('disable_ssl_certificate_validation',
                 default=False,
                 help="Set to True if using self-signed SSL certificates."),
+    cfg.StrOpt('ca_file',
+               default=None,
+               help="CA certificate to pass for servers that have "
+                    "https endpoint."),
     cfg.IntOpt('build_interval',
                default=4,
                help="Time in seconds between build status checks."),
diff --git a/common/test.py b/common/test.py
index 4eaa2b7..42fa43c 100644
--- a/common/test.py
+++ b/common/test.py
@@ -92,6 +92,10 @@
         self.metering_client = self.manager.metering_client
         self.useFixture(fixtures.FakeLogger(format=_LOG_FORMAT))
         self.updated_time = {}
+        if self.conf.disable_ssl_certificate_validation:
+            self.verify_cert = False
+        else:
+            self.verify_cert = self.conf.ca_file or True
 
     def get_remote_client(self, server_or_ip, username, private_key=None):
         if isinstance(server_or_ip, six.string_types):
diff --git a/functional/test_notifications.py b/functional/test_notifications.py
index 3b8e003..924ef0c 100644
--- a/functional/test_notifications.py
+++ b/functional/test_notifications.py
@@ -179,12 +179,12 @@
                                 callbacks=[handler.process_message],
                                 auto_declare=False):
 
-            requests.post(scale_up_url)
+            requests.post(scale_up_url, verify=self.verify_cert)
             test.call_until_true(20, 0, self.consume_events, handler, 2)
             notifications += handler.notifications
 
             handler.clear()
-            requests.post(scale_down_url)
+            requests.post(scale_down_url, verify=self.verify_cert)
             test.call_until_true(20, 0, self.consume_events, handler, 2)
             notifications += handler.notifications
 
diff --git a/functional/test_software_config.py b/functional/test_software_config.py
index 20d38d8..860d688 100644
--- a/functional/test_software_config.py
+++ b/functional/test_software_config.py
@@ -149,7 +149,8 @@
             iv = dict((i['name'], i['value']) for i in dep['inputs'])
             sigurl = iv.get('deploy_signal_id')
             requests.post(sigurl, data='{}',
-                          headers={'content-type': None})
+                          headers={'content-type': None},
+                          verify=self.verify_cert)
 
 
 class ZaqarSignalTransportTest(functional_base.FunctionalTestsBase):
diff --git a/scenario/test_autoscaling_lb.py b/scenario/test_autoscaling_lb.py
index e3de091..f5b292e 100644
--- a/scenario/test_autoscaling_lb.py
+++ b/scenario/test_autoscaling_lb.py
@@ -39,7 +39,7 @@
         for count in range(retries):
             time.sleep(1)
             try:
-                r = requests.get(url)
+                r = requests.get(url, verify=self.verify_cert)
             except requests.exceptions.ConnectionError:
                 # The LB may not be up yet, let's retry
                 continue