[EmbeddedAnsible::ConfigurationScriptSource] Add verify_ssl

Adds backend support for `verify_ssl` that can be translated to the
associated `GitRepository` record.

app/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source.rb

@@ -50,8 +50,32 @@ def git_repository
     (super || (ensure_git_repository && super)).tap { |r| sync_git_repository(r) }
   end
 
+  def verify_ssl=(val)
+    @verify_ssl = case val
+                  when 0, false then OpenSSL::SSL::VERIFY_NONE
+                  when 1, true  then OpenSSL::SSL::VERIFY_PEER
+                  else
+                    OpenSSL::SSL::VERIFY_NONE
+                  end
+
+    if git_repository_id && git_repository.verify_ssl != @verify_ssl
+      @verify_ssl_changed = true
+    end
+  end
+
+  def verify_ssl
+    if @verify_ssl
+      @verify_ssl
+    elsif git_repository_id
+      git_repository.verify_ssl
+    else
+      @verify_ssl ||= OpenSSL::SSL::VERIFY_NONE
+    end
+  end
+
   private def ensure_git_repository
     transaction do
+      # puts attrs_for_sync_git_repository.inspect
       repo = GitRepository.create!(attrs_for_sync_git_repository)
       if new_record?
         self.git_repository_id = repo.id
@@ -63,7 +87,7 @@ def git_repository
   end
 
   private def sync_git_repository(git_repository = nil)
-    return unless name_changed? || scm_url_changed? || authentication_id_changed?
+    return unless name_changed? || scm_url_changed? || authentication_id_changed? || @verify_ssl_changed
 
     git_repository ||= self.git_repository
     git_repository.attributes = attrs_for_sync_git_repository
@@ -74,7 +98,7 @@ def git_repository
       :name              => name,
       :url               => scm_url,
       :authentication_id => authentication_id,
-      :verify_ssl        => OpenSSL::SSL::VERIFY_NONE
+      :verify_ssl        => verify_ssl
     }
   end
 

spec/models/manageiq/providers/embedded_ansible/automation_manager/configuration_script_source_spec.rb

@@ -157,6 +157,51 @@ def files_in_repository(git_repo_dir)
       end
     end
 
+    describe "#verify_ssl" do
+      it "defaults to OpenSSL::SSL::VERIFY_NONE" do
+        expect(subject.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE)
+      end
+
+      it "can be updated to OpenSSL::SSL::VERIFY_PEER" do
+        subject.verify_ssl = OpenSSL::SSL::VERIFY_PEER
+        expect(subject.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER)
+      end
+
+      context "with a created record" do
+        subject             { described_class.last }
+        let(:create_params) { params.merge(:verify_ssl => OpenSSL::SSL::VERIFY_PEER) }
+
+        before do
+          allow(Notification).to receive(:create!)
+
+          described_class.create_in_provider(manager.id, create_params)
+        end
+
+        it "pulls from the created record" do
+          expect(subject.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER)
+        end
+
+        it "pushes updates from the ConfigurationScriptSource to the GitRepository" do
+          subject.update(:verify_ssl => OpenSSL::SSL::VERIFY_NONE)
+
+          expect(described_class.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE)
+          expect(GitRepository.last.verify_ssl).to   eq(OpenSSL::SSL::VERIFY_NONE)
+        end
+
+        it "converts true/false values instead of integers" do
+          subject.update(:verify_ssl => false)
+
+          expect(described_class.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_NONE)
+          expect(GitRepository.last.verify_ssl).to   eq(OpenSSL::SSL::VERIFY_NONE)
+
+          subject.update(:verify_ssl => true)
+
+          expect(described_class.last.verify_ssl).to eq(OpenSSL::SSL::VERIFY_PEER)
+          expect(GitRepository.last.verify_ssl).to   eq(OpenSSL::SSL::VERIFY_PEER)
+        end
+      end
+    end
+
     describe "#playbooks_in_git_repository" do
       def playbooks_for(repo)
         repo.configuration_script_payloads.pluck(:name)