Avoid verifying SSL on local connections
Since these will almost always connect to an IP rather than a "real" hostname, don't verify the SSL cert (if applicable). Also allow the overriding of SSL verification via an environment variable. As a consequence, to reduce spam, SSL warnings are disabled for urllib3. Instead, we warn in the "Using cluster" output whenever verification is disabled.
This commit is contained in:
parent
7bf91b1003
commit
45542bfd67
|
@ -26,6 +26,7 @@ import math
|
||||||
import time
|
import time
|
||||||
import requests
|
import requests
|
||||||
import click
|
import click
|
||||||
|
from urllib3 import disable_warnings
|
||||||
|
|
||||||
def format_bytes(size_bytes):
|
def format_bytes(size_bytes):
|
||||||
byte_unit_matrix = {
|
byte_unit_matrix = {
|
||||||
|
@ -125,13 +126,15 @@ def call_api(config, operation, request_uri, headers={}, params=None, data=None,
|
||||||
headers['X-Api-Key'] = config['api_key']
|
headers['X-Api-Key'] = config['api_key']
|
||||||
|
|
||||||
# Determine the request type and hit the API
|
# Determine the request type and hit the API
|
||||||
|
disable_warnings()
|
||||||
try:
|
try:
|
||||||
if operation == 'get':
|
if operation == 'get':
|
||||||
response = requests.get(
|
response = requests.get(
|
||||||
uri,
|
uri,
|
||||||
headers=headers,
|
headers=headers,
|
||||||
params=params,
|
params=params,
|
||||||
data=data
|
data=data,
|
||||||
|
verify=config['verify_ssl']
|
||||||
)
|
)
|
||||||
if operation == 'post':
|
if operation == 'post':
|
||||||
response = requests.post(
|
response = requests.post(
|
||||||
|
@ -139,7 +142,8 @@ def call_api(config, operation, request_uri, headers={}, params=None, data=None,
|
||||||
headers=headers,
|
headers=headers,
|
||||||
params=params,
|
params=params,
|
||||||
data=data,
|
data=data,
|
||||||
files=files
|
files=files,
|
||||||
|
verify=config['verify_ssl']
|
||||||
)
|
)
|
||||||
if operation == 'put':
|
if operation == 'put':
|
||||||
response = requests.put(
|
response = requests.put(
|
||||||
|
@ -147,21 +151,24 @@ def call_api(config, operation, request_uri, headers={}, params=None, data=None,
|
||||||
headers=headers,
|
headers=headers,
|
||||||
params=params,
|
params=params,
|
||||||
data=data,
|
data=data,
|
||||||
files=files
|
files=files,
|
||||||
|
verify=config['verify_ssl']
|
||||||
)
|
)
|
||||||
if operation == 'patch':
|
if operation == 'patch':
|
||||||
response = requests.patch(
|
response = requests.patch(
|
||||||
uri,
|
uri,
|
||||||
headers=headers,
|
headers=headers,
|
||||||
params=params,
|
params=params,
|
||||||
data=data
|
data=data,
|
||||||
|
verify=config['verify_ssl']
|
||||||
)
|
)
|
||||||
if operation == 'delete':
|
if operation == 'delete':
|
||||||
response = requests.delete(
|
response = requests.delete(
|
||||||
uri,
|
uri,
|
||||||
headers=headers,
|
headers=headers,
|
||||||
params=params,
|
params=params,
|
||||||
data=data
|
data=data,
|
||||||
|
verify=config['verify_ssl']
|
||||||
)
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
message = 'Failed to connect to the API: {}'.format(e)
|
message = 'Failed to connect to the API: {}'.format(e)
|
||||||
|
|
|
@ -106,6 +106,10 @@ def get_config(store_data, cluster=None):
|
||||||
config['api_scheme'] = scheme
|
config['api_scheme'] = scheme
|
||||||
config['api_key'] = api_key
|
config['api_key'] = api_key
|
||||||
config['api_prefix'] = prefix
|
config['api_prefix'] = prefix
|
||||||
|
if cluster == 'local':
|
||||||
|
config['verify_ssl'] = False
|
||||||
|
else:
|
||||||
|
config['verify_ssl'] = bool(strtobool(os.environ.get('PVC_CLIENT_VERIFY_SSL', 'True')))
|
||||||
|
|
||||||
return config
|
return config
|
||||||
|
|
||||||
|
@ -3626,11 +3630,16 @@ def cli(_cluster, _debug, _quiet):
|
||||||
config['debug'] = _debug
|
config['debug'] = _debug
|
||||||
|
|
||||||
if not _quiet:
|
if not _quiet:
|
||||||
|
if config['api_scheme'] == 'https' and not config['verify_ssl']:
|
||||||
|
ssl_unverified_msg=' (unverified)'
|
||||||
|
else:
|
||||||
|
ssl_unverified_msg=''
|
||||||
click.echo(
|
click.echo(
|
||||||
'Using cluster "{}" - Host: "{}" Scheme: "{}" Prefix: "{}"'.format(
|
'Using cluster "{}" - Host: "{}" Scheme: "{}{}" Prefix: "{}"'.format(
|
||||||
config['cluster'],
|
config['cluster'],
|
||||||
config['api_host'],
|
config['api_host'],
|
||||||
config['api_scheme'],
|
config['api_scheme'],
|
||||||
|
ssl_unverified_msg,
|
||||||
config['api_prefix']
|
config['api_prefix']
|
||||||
),
|
),
|
||||||
err=True
|
err=True
|
||||||
|
|
Loading…
Reference in New Issue