diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-04-04 21:41:13 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-04-04 21:41:13 +0300 |
commit | 8ab3aeb385a1214a902d1853fb34f97b6458c225 (patch) | |
tree | 1f35d8437108a7242e413f8b2db53359be2351c6 | |
parent | ae06841082e3760f6000d9b804a5b85a6799ca0a (diff) | |
parent | 34350a2dcb75a338160984331fa03a473b93b3a4 (diff) | |
download | ick2-8ab3aeb385a1214a902d1853fb34f97b6458c225.tar.gz |
Merge: add/fix --verify-tls for API clients
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ick2/client.py | 9 | ||||
-rwxr-xr-x | icktool | 8 | ||||
-rwxr-xr-x | worker_manager | 11 |
4 files changed, 27 insertions, 4 deletions
@@ -20,6 +20,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. Version 0.33+git, not yet released ---------------------------------- +* `icktool --verify-tls` now works as intended. `worker-manager` now + has a `--verify-tls` option. For both programs, the default is + "verify". Use `--no-verify-tls` to turn it off. Version 0.33, released 2018-04-01 ---------------------------------- diff --git a/ick2/client.py b/ick2/client.py index 5468c7f..8bcf45b 100644 --- a/ick2/client.py +++ b/ick2/client.py @@ -35,10 +35,14 @@ class HttpAPI: def __init__(self): self._session = requests.Session() self._token = None + self._verify = None def set_session(self, session): self._session = session + def set_verify_tls(self, verify): # pragma: no cover + self._verify = verify + def set_token(self, token): self._token = token @@ -92,7 +96,7 @@ class HttpAPI: headers = {} headers.update(self._get_authorization_headers()) - r = func(url, headers=headers, verify=False, **kwargs) + r = func(url, headers=headers, verify=self._verify, **kwargs) if not r.ok: raise HttpError(r.status_code) return r @@ -108,6 +112,9 @@ class ControllerClient: def set_client_name(self, name): self._name = name + def set_verify_tls(self, verify): # pragma: no cover + self._api.set_verify_tls(verify) + def set_http_api(self, api): self._api = api @@ -77,7 +77,9 @@ class Icktool(cliapp.Application): self.settings.boolean( ['verify-tls'], - 'verify TLS certifcate signature? default is yes', + 'verify API provider TLS certificate ' + '(default is verify, use --no-verify-tls)', + default=True, ) self.settings.string( @@ -413,7 +415,7 @@ class API: def __init__(self): self._url = None self._token = None - self._verify = True + self._verify = None def set_url(self, url): self._url = url @@ -487,7 +489,7 @@ class BlobAPI: def __init__(self): self._url = None self._token = None - self._verify = True + self._verify = None def set_url(self, url): self._url = url diff --git a/worker_manager b/worker_manager index 748fdd6..fa92fa9 100755 --- a/worker_manager +++ b/worker_manager @@ -82,6 +82,13 @@ class WorkerManager(cliapp.Application): default='/var/lib/ick/systree', ) + self.settings.boolean( + ['verify-tls'], + 'verify API provider TLS certificate ' + '(default is verify, use --no-verify-tls)', + default=True, + ) + def process_args(self, args): try: self.main_program(args) @@ -101,6 +108,7 @@ class WorkerManager(cliapp.Application): tg = TokenGenerator() tg.set_key(self.settings['token-key']) api = ControllerAPI(name, url, tg) + api.set_verify_tls(self.settings['verify-tls']) worker = Worker(name, api, workspace, systree) logging.info('Worker manager %s starts, controller is %s', name, url) @@ -127,6 +135,9 @@ class ControllerAPI: self._cc.set_controller_url(url) self._blobs = None + def set_verify_tls(self, verify): + self._cc.set_verify_tls(verify) + def get_token(self): return self._token_generator.get_token() |