Skip to content
This repository was archived by the owner on May 9, 2020. It is now read-only.

Commit 28d9501

Browse files
committed
Base SSL verification on ssl_verify_mode option in knife.rb
1 parent 337d321 commit 28d9501

File tree

1 file changed

+11
-9
lines changed

1 file changed

+11
-9
lines changed

chef/api.py

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -56,9 +56,7 @@ class ChefAPI(object):
5656
env_value_re = re.compile(r'ENV\[(.+)\]')
5757
ruby_string_re = re.compile(r'^\s*(["\'])(.*?)\1\s*$')
5858

59-
verify_ssl = True
60-
61-
def __init__(self, url, key, client, version='0.10.8', headers={}):
59+
def __init__(self, url, key, client, version='0.10.8', headers={}, ssl_verify=True):
6260
self.url = url.rstrip('/')
6361
self.parsed_url = six.moves.urllib.parse.urlparse(self.url)
6462
if not isinstance(key, Key):
@@ -71,6 +69,7 @@ def __init__(self, url, key, client, version='0.10.8', headers={}):
7169
self.headers = dict((k.lower(), v) for k, v in six.iteritems(headers))
7270
self.version_parsed = pkg_resources.parse_version(self.version)
7371
self.platform = self.parsed_url.hostname == 'api.opscode.com'
72+
self.ssl_verify = ssl_verify
7473
if not api_stack_value():
7574
self.set_default()
7675

@@ -85,6 +84,7 @@ def from_config_file(cls, path):
8584
log.debug('Unable to read config file "%s"', path)
8685
return
8786
url = key_path = client_name = None
87+
ssl_verify = True
8888
for line in open(path):
8989
if not line.strip() or line.startswith('#'):
9090
continue # Skip blanks and comments
@@ -95,6 +95,10 @@ def from_config_file(cls, path):
9595
md = cls.ruby_string_re.search(value)
9696
if md:
9797
value = md.group(2)
98+
elif key == 'ssl_verify_mode':
99+
log.debug('Found ssl_verify_mode: %r', value)
100+
ssl_verify = (value.strip() != ':verify_none')
101+
log.debug('ssl_verify = %s', ssl_verify)
98102
else:
99103
# Not a string, don't even try
100104
log.debug('Value for {0} does not look like a string: {1}'.format(key, value))
@@ -125,6 +129,7 @@ def _ruby_value(match):
125129
if not os.path.isabs(key_path):
126130
# Relative paths are relative to the config file
127131
key_path = os.path.abspath(os.path.join(os.path.dirname(path), key_path))
132+
128133
if not (url and client_name and key_path):
129134
# No URL, no chance this was valid, try running Ruby
130135
log.debug('No Chef server config found, trying Ruby parse')
@@ -153,7 +158,7 @@ def _ruby_value(match):
153158
return
154159
if not client_name:
155160
client_name = socket.getfqdn()
156-
return cls(url, key_path, client_name)
161+
return cls(url, key_path, client_name, ssl_verify=ssl_verify)
157162

158163
@staticmethod
159164
def get_global():
@@ -180,7 +185,7 @@ def __exit__(self, type, value, traceback):
180185
del api_stack_value()[-1]
181186

182187
def _request(self, method, url, data, headers):
183-
request = requests.api.request(method, url, headers=headers, data=data, verify=self.verify_ssl)
188+
request = requests.api.request(method, url, headers=headers, data=data, verify=self.ssl_verify)
184189
return request
185190

186191
def request(self, method, path, headers={}, data=None):
@@ -219,7 +224,7 @@ def __getitem__(self, path):
219224
return self.api_request('GET', path)
220225

221226

222-
def autoconfigure(base_path=None, verify_ssl=True):
227+
def autoconfigure(base_path=None):
223228
"""Try to find a knife or chef-client config file to load parameters from,
224229
starting from either the given base path or the current working directory.
225230
@@ -238,19 +243,16 @@ def autoconfigure(base_path=None, verify_ssl=True):
238243
config_path = os.path.join(path, '.chef', 'knife.rb')
239244
api = ChefAPI.from_config_file(config_path)
240245
if api is not None:
241-
api.verify_ssl = verify_ssl
242246
return api
243247

244248
# The walk didn't work, try ~/.chef/knife.rb
245249
config_path = os.path.expanduser(os.path.join('~', '.chef', 'knife.rb'))
246250
api = ChefAPI.from_config_file(config_path)
247251
if api is not None:
248-
api.verify_ssl = verify_ssl
249252
return api
250253

251254
# Nothing in the home dir, try /etc/chef/client.rb
252255
config_path = os.path.join(os.path.sep, 'etc', 'chef', 'client.rb')
253256
api = ChefAPI.from_config_file(config_path)
254257
if api is not None:
255-
api.verify_ssl = verify_ssl
256258
return api

0 commit comments

Comments
 (0)