Expose pymongo's SSL cert options

Perhaps this should become a blueprint?

Completed: https://wiki.openstack.org/wiki/Security/Juno/Marconi

Yestoday, I just setup the ssl enabled Mongodb, and when configure the uri in marconi.conf with "?ssl=true", then Marconi can run smoothly

I don't think we need the password auth and cert options is Ok

I think it is important to expose these options from pymongo to improve SSL security:

ssl_cert_reqs - If not specified in pymongo client, defaults to "ssl.CERT_NONE" which is really insecure. We should default to ssl.CERT_REQUIRED if ssl=True, but I suppose allow it to be overridden for development environments.

ssl_ca_certs - Restrict to a specific CA so that valid cert can't be subsituted from a different CA that is out of your organization's control

ssl_certfile, ssl_keyfile - Enables authentication of the client, not just the server.

If we don't do this in Juno, we should definitely do it in K. I will make this low priority for J unless someone vehemently disagrees. It should be medium priority for K.

Fix proposed to branch: master
Review: https://review.openstack.org/100746

Reviewed: https://review.openstack.org/100746
Committed: https://git.openstack.org/cgit/openstack/marconi/commit/?id=f1c34373207b5d0dd0f3e75ec8a7765dca53bc3f
Submitter: Jenkins
Branch: master

commit f1c34373207b5d0dd0f3e75ec8a7765dca53bc3f
Author: pengfei wang <email address hidden>
Date: Tue Jun 17 16:22:29 2014 +0800

    Expose pymongo's SSL cert options

    Expose 'ssl_keyfile','ssl_certfile','ssl_cert_reqs' and
    'ssl_ca_certs' options for maximum security. By default, ssl
    is not enabled except that ssl parameter was included in the
    mongodb uri directly, and ssl_cert_reqs = CERT_REQUIRED which
    means user must provide the 'ssl_ca_certs' if ssl is enabled
    by adding the ssl parameter in the mongodb uri.

    Change-Id: I67cb5a9b2d76625de2932c854d0a696e9118ca6b
    Closes-Bug: #1328720