From 67ce2da59eb778aecc2b6682d919d05b32bfecd8 Mon Sep 17 00:00:00 2001 From: r_takaishi Date: Wed, 24 May 2017 14:21:16 +0900 Subject: [PATCH] add cacert config to specify custom CA certificate file --- builder/openstack/access_config.go | 16 ++++++++++++++++ website/source/docs/builders/openstack.html.md | 3 +++ 2 files changed, 19 insertions(+) diff --git a/builder/openstack/access_config.go b/builder/openstack/access_config.go index a1ab96b93..9af9b6959 100644 --- a/builder/openstack/access_config.go +++ b/builder/openstack/access_config.go @@ -9,6 +9,8 @@ import ( "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack" "github.com/hashicorp/packer/template/interpolate" + "io/ioutil" + "crypto/x509" ) // AccessConfig is for common configuration related to openstack access @@ -24,6 +26,7 @@ type AccessConfig struct { Insecure bool `mapstructure:"insecure"` Region string `mapstructure:"region"` EndpointType string `mapstructure:"endpoint_type"` + CACertFile string `mapstructure:"cacert"` ClientCertFile string `mapstructure:"cert"` ClientKeyFile string `mapstructure:"key"` @@ -55,6 +58,9 @@ func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error { if c.Username == "" { c.Username = os.Getenv("SDK_USERNAME") } + if c.CACertFile == "" { + c.CACertFile = os.Getenv("OS_CACERT") + } if c.ClientCertFile == "" { c.ClientCertFile = os.Getenv("OS_CERT") } @@ -95,6 +101,16 @@ func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error { tls_config := &tls.Config{} + if c.CACertFile != "" { + caCert, err := ioutil.ReadFile(c.CACertFile) + if err != nil { + return []error{err} + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + tls_config.RootCAs = caCertPool + } + // If we have insecure set, then create a custom HTTP client that // ignores SSL errors. if c.Insecure { diff --git a/website/source/docs/builders/openstack.html.md b/website/source/docs/builders/openstack.html.md index 14dfed447..f042921f5 100644 --- a/website/source/docs/builders/openstack.html.md +++ b/website/source/docs/builders/openstack.html.md @@ -76,6 +76,9 @@ builder. server in. If this isn't specified, the default enforced by your OpenStack cluster will be used. This may be required for some OpenStack clusters. +- `cacert` (string) - Custom CA certificate file path. + If ommited the OS_CACERT environment variable can be used. + - `config_drive` (boolean) - Whether or not nova should use ConfigDrive for cloud-init metadata.