diff --git a/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py b/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py index b6f87d2..2851635 100644 --- a/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py +++ b/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py @@ -102,18 +102,15 @@ def _build_auth_details(self): kskeyfile=cfg.CONF.keystone_authtoken.keyfile kscafile=cfg.CONF.keystone_authtoken.cafile - self._use_ks_certs=False - if cfg.CONF.keystone_authtoken.auth_protocol == _DEFAULT_SECURE_SERVER_CONNECT: - certs = [] - if kscafile: - certs.append(kscafile) - if kscertfile: - certs.append(kscertfile) - if kskeyfile: - certs.append(kskeyfile) - if certs: - self._kscertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_KS_CERT_BUNDLE,certs) - self._use_ks_certs=True + self._use_ks_certs = False + if (cfg.CONF.keystone_authtoken.auth_protocol == + _DEFAULT_SECURE_SERVER_CONNECT and kscafile): + certs = [kscafile] + if kscertfile and kskeyfile: + certs = [kscertfile, kskeyfile, kscafile] + self._kscertbundle = cfgmutils.getCertKeyCaBundle( + _DEFAULT_KS_CERT_BUNDLE,certs) + self._use_ks_certs = True #API Server SSL support self._apiusessl=cfg.CONF.APISERVER.use_ssl @@ -127,18 +124,14 @@ def _build_auth_details(self): else: self._apiserverconnect=_DEFAULT_SERVER_CONNECT - self._use_api_certs=False - if self._apiusessl: - certs = [] - if apicafile: - certs.append(apicafile) - if apicertfile: - certs.append(apicertfile) - if apikeyfile: - certs.append(apikeyfile) - if certs: - self._apicertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_API_CERT_BUNDLE,certs) - self._use_api_certs=True + self._use_api_certs = False + if self._apiusessl and apicafile: + certs = [apicafile] + if apicertfile and apikeyfile: + certs = [apicertfile, apikeyfile, apicafile] + self._apicertbundle = cfgmutils.getCertKeyCaBundle( + _DEFAULT_API_CERT_BUNDLE,certs) + self._use_api_certs = True def _request_api_server(self, url, data=None, headers=None):