Skip to content

Add support for OS_INSECURE environment variable #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stephenfin merged 2 commits into from
Apr 9, 2026
Merged

Add support for OS_INSECURE environment variable #279

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1675998
Add support for OS_INSECURE environment variable
larsks Apr 9, 2026
5ce6042
Refactor TLS configuration for testability
larsks Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion openstack/clientconfig/requests.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"net/http"
"os"
"reflect"
"strconv"
"strings"

"github.com/gophercloud/gophercloud/v2"
Expand Down Expand Up @@ -808,9 +809,17 @@ func NewServiceClient(ctx context.Context, service string, opts *ClientOpts) (*g
}

// Define whether or not SSL API requests should be verified.
// First, check if the INSECURE environment variable is set.
var insecurePtr *bool
if v := env.Getenv(envPrefix + "INSECURE"); v != "" {
insecure, err := strconv.ParseBool(v)
if err != nil {
return nil, fmt.Errorf("failed to parse %sINSECURE: %w", envPrefix, err)
}
insecurePtr = &insecure
}
// Next, check if the cloud entry sets verify (inverted to insecure).
if cloud.Verify != nil {
// Here we take the boolean pointer negation.
insecure := !*cloud.Verify
insecurePtr = &insecure
}
Comment on lines 811 to 825
Copy link
Copy Markdown
Contributor

@stephenfin stephenfin Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this might backwards: normally env vars take priority over file-based (clouds.yaml) configuration. What does openstacksdk do here?

Copy link
Copy Markdown
Contributor Author

@larsks larsks Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was just following the existing logic in the code; e.g., the following that handles OS_CACERT:

	// Check if a custom CA cert was provided.
	// First, check if the CACERT environment variable is set.
	var caCertPath string
	if v := env.Getenv(envPrefix + "CACERT"); v != "" {
		caCertPath = v
	}
	// Next, check if the cloud entry sets a CA cert.
	if v := cloud.CACertFile; v != "" {
		caCertPath = v
	}

Copy link
Copy Markdown
Contributor

@stephenfin stephenfin Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, that's backwards from how I'd have expected this to work but at least it's consistent. Thanks for the context.

Expand Down