We're being too strict - there is a third possibility, which is that a
user will have defined the OS_* environment variables and expect them to
pass through.
The rest of ansible uses validate_certs, so make that the main
documented parameter. However, leave verify as an alias since that's the
passthrough value to the underlying libraries.
There is an old PR that shows a great use case for having a different
set of states for the server module. Before the other modules start
being in real use, pull this out so that we don't get ourselves into a
pickle.
It turns out that this can actually already be handled by the existing
auth plugin framework and does not need its own parameter. Remove before
it sees usage and causes confusion.
Incoming cloud config for OpenStack is complex due to plugins and
deployer choices. Rather than having the logic spread all over the
OpenStack modules, centralize it in the module_utils code.
Taking a page out of the ec2 config, make sure that all of the
OpenStack modules handle the inbound auth config in the same way.
The one outlier is keystone wrt auth_url.
The provisioning module knows more about how nova deals with IP
addresses now. Ensure that the inventory module is similarly as smart
by separating out the logic into the openstack/module_utils.
Taking a page out of the ec2 config, make sure that all of the
OpenStack modules handle the inbound auth config in the same way.
The one outlier is keystone wrt auth_url.
