Allow to pass --insecure options into VMs
currently Heat tests have troubles running when self-signed SSL CA is
used on public Heat API and standard upstream images (Cirros, Ubuntu)
are used as those lack trust to those CA - example is DevStack
with tls-proxy service enabled.
A workaround is to set [clients_heat]insecure=True, but that is
not really a production-ready setting, and does not work for CFN-style
signaling, only for WaitConditions.
Instead, this patch adds an extra config option
`vm_to_heat_api_insecure` (defaults to False), and when enabled tests will
pass the correct option to the curl or cfn-signal commands running from
instance's user data via new parameters that test templates are now
accepting.
Change-Id: I94a82caf1fcb6999151ff1e6fbbe1e2ba211bbb9
diff --git a/heat_tempest_plugin/config.py b/heat_tempest_plugin/config.py
index c30981c..d572340 100644
--- a/heat_tempest_plugin/config.py
+++ b/heat_tempest_plugin/config.py
@@ -162,6 +162,11 @@
cfg.StrOpt('credential_secret_id',
help="Barbican secret id which storing cloud credential in "
"remote site."),
+ cfg.BoolOpt('vm_to_heat_api_insecure',
+ default=False,
+ help="Set this to True if VM images used for tests "
+ "can not verify a (self-signed) SSL certificate "
+ "of public Heat endpoint."),
]
heat_features_group = cfg.OptGroup(