Avoid verifying SSL on local connections
Since these will almost always connect to an IP rather than a "real" hostname, don't verify the SSL cert (if applicable). Also allow the overriding of SSL verification via an environment variable. As a consequence, to reduce spam, SSL warnings are disabled for urllib3. Instead, we warn in the "Using cluster" output whenever verification is disabled.
This commit is contained in:
parent
7bf91b1003
commit
45542bfd67
|
@ -26,6 +26,7 @@ import math
|
|||
import time
|
||||
import requests
|
||||
import click
|
||||
from urllib3 import disable_warnings
|
||||
|
||||
def format_bytes(size_bytes):
|
||||
byte_unit_matrix = {
|
||||
|
@ -125,13 +126,15 @@ def call_api(config, operation, request_uri, headers={}, params=None, data=None,
|
|||
headers['X-Api-Key'] = config['api_key']
|
||||
|
||||
# Determine the request type and hit the API
|
||||
disable_warnings()
|
||||
try:
|
||||
if operation == 'get':
|
||||
response = requests.get(
|
||||
uri,
|
||||
headers=headers,
|
||||
params=params,
|
||||
data=data
|
||||
data=data,
|
||||
verify=config['verify_ssl']
|
||||
)
|
||||
if operation == 'post':
|
||||
response = requests.post(
|
||||
|
@ -139,7 +142,8 @@ def call_api(config, operation, request_uri, headers={}, params=None, data=None,
|
|||
headers=headers,
|
||||
params=params,
|
||||
data=data,
|
||||
files=files
|
||||
files=files,
|
||||
verify=config['verify_ssl']
|
||||
)
|
||||
if operation == 'put':
|
||||
response = requests.put(
|
||||
|
@ -147,21 +151,24 @@ def call_api(config, operation, request_uri, headers={}, params=None, data=None,
|
|||
headers=headers,
|
||||
params=params,
|
||||
data=data,
|
||||
files=files
|
||||
files=files,
|
||||
verify=config['verify_ssl']
|
||||
)
|
||||
if operation == 'patch':
|
||||
response = requests.patch(
|
||||
uri,
|
||||
headers=headers,
|
||||
params=params,
|
||||
data=data
|
||||
data=data,
|
||||
verify=config['verify_ssl']
|
||||
)
|
||||
if operation == 'delete':
|
||||
response = requests.delete(
|
||||
uri,
|
||||
headers=headers,
|
||||
params=params,
|
||||
data=data
|
||||
data=data,
|
||||
verify=config['verify_ssl']
|
||||
)
|
||||
except Exception as e:
|
||||
message = 'Failed to connect to the API: {}'.format(e)
|
||||
|
|
|
@ -106,6 +106,10 @@ def get_config(store_data, cluster=None):
|
|||
config['api_scheme'] = scheme
|
||||
config['api_key'] = api_key
|
||||
config['api_prefix'] = prefix
|
||||
if cluster == 'local':
|
||||
config['verify_ssl'] = False
|
||||
else:
|
||||
config['verify_ssl'] = bool(strtobool(os.environ.get('PVC_CLIENT_VERIFY_SSL', 'True')))
|
||||
|
||||
return config
|
||||
|
||||
|
@ -3626,11 +3630,16 @@ def cli(_cluster, _debug, _quiet):
|
|||
config['debug'] = _debug
|
||||
|
||||
if not _quiet:
|
||||
if config['api_scheme'] == 'https' and not config['verify_ssl']:
|
||||
ssl_unverified_msg=' (unverified)'
|
||||
else:
|
||||
ssl_unverified_msg=''
|
||||
click.echo(
|
||||
'Using cluster "{}" - Host: "{}" Scheme: "{}" Prefix: "{}"'.format(
|
||||
'Using cluster "{}" - Host: "{}" Scheme: "{}{}" Prefix: "{}"'.format(
|
||||
config['cluster'],
|
||||
config['api_host'],
|
||||
config['api_scheme'],
|
||||
ssl_unverified_msg,
|
||||
config['api_prefix']
|
||||
),
|
||||
err=True
|
||||
|
|
Loading…
Reference in New Issue