@@ -56,9 +56,7 @@ class ChefAPI(object):
5656 env_value_re = re .compile (r'ENV\[(.+)\]' )
5757 ruby_string_re = re .compile (r'^\s*(["\'])(.*?)\1\s*$' )
5858
59- verify_ssl = True
60-
61- def __init__ (self , url , key , client , version = '0.10.8' , headers = {}):
59+ def __init__ (self , url , key , client , version = '0.10.8' , headers = {}, ssl_verify = True ):
6260 self .url = url .rstrip ('/' )
6361 self .parsed_url = six .moves .urllib .parse .urlparse (self .url )
6462 if not isinstance (key , Key ):
@@ -71,6 +69,7 @@ def __init__(self, url, key, client, version='0.10.8', headers={}):
7169 self .headers = dict ((k .lower (), v ) for k , v in six .iteritems (headers ))
7270 self .version_parsed = pkg_resources .parse_version (self .version )
7371 self .platform = self .parsed_url .hostname == 'api.opscode.com'
72+ self .ssl_verify = ssl_verify
7473 if not api_stack_value ():
7574 self .set_default ()
7675
@@ -85,6 +84,7 @@ def from_config_file(cls, path):
8584 log .debug ('Unable to read config file "%s"' , path )
8685 return
8786 url = key_path = client_name = None
87+ ssl_verify = True
8888 for line in open (path ):
8989 if not line .strip () or line .startswith ('#' ):
9090 continue # Skip blanks and comments
@@ -95,6 +95,10 @@ def from_config_file(cls, path):
9595 md = cls .ruby_string_re .search (value )
9696 if md :
9797 value = md .group (2 )
98+ elif key == 'ssl_verify_mode' :
99+ log .debug ('Found ssl_verify_mode: %r' , value )
100+ ssl_verify = (value .strip () != ':verify_none' )
101+ log .debug ('ssl_verify = %s' , ssl_verify )
98102 else :
99103 # Not a string, don't even try
100104 log .debug ('Value for {0} does not look like a string: {1}' .format (key , value ))
@@ -125,6 +129,7 @@ def _ruby_value(match):
125129 if not os .path .isabs (key_path ):
126130 # Relative paths are relative to the config file
127131 key_path = os .path .abspath (os .path .join (os .path .dirname (path ), key_path ))
132+
128133 if not (url and client_name and key_path ):
129134 # No URL, no chance this was valid, try running Ruby
130135 log .debug ('No Chef server config found, trying Ruby parse' )
@@ -153,7 +158,7 @@ def _ruby_value(match):
153158 return
154159 if not client_name :
155160 client_name = socket .getfqdn ()
156- return cls (url , key_path , client_name )
161+ return cls (url , key_path , client_name , ssl_verify = ssl_verify )
157162
158163 @staticmethod
159164 def get_global ():
@@ -180,7 +185,7 @@ def __exit__(self, type, value, traceback):
180185 del api_stack_value ()[- 1 ]
181186
182187 def _request (self , method , url , data , headers ):
183- request = requests .api .request (method , url , headers = headers , data = data , verify = self .verify_ssl )
188+ request = requests .api .request (method , url , headers = headers , data = data , verify = self .ssl_verify )
184189 return request
185190
186191 def request (self , method , path , headers = {}, data = None ):
@@ -219,7 +224,7 @@ def __getitem__(self, path):
219224 return self .api_request ('GET' , path )
220225
221226
222- def autoconfigure (base_path = None , verify_ssl = True ):
227+ def autoconfigure (base_path = None ):
223228 """Try to find a knife or chef-client config file to load parameters from,
224229 starting from either the given base path or the current working directory.
225230
@@ -238,19 +243,16 @@ def autoconfigure(base_path=None, verify_ssl=True):
238243 config_path = os .path .join (path , '.chef' , 'knife.rb' )
239244 api = ChefAPI .from_config_file (config_path )
240245 if api is not None :
241- api .verify_ssl = verify_ssl
242246 return api
243247
244248 # The walk didn't work, try ~/.chef/knife.rb
245249 config_path = os .path .expanduser (os .path .join ('~' , '.chef' , 'knife.rb' ))
246250 api = ChefAPI .from_config_file (config_path )
247251 if api is not None :
248- api .verify_ssl = verify_ssl
249252 return api
250253
251254 # Nothing in the home dir, try /etc/chef/client.rb
252255 config_path = os .path .join (os .path .sep , 'etc' , 'chef' , 'client.rb' )
253256 api = ChefAPI .from_config_file (config_path )
254257 if api is not None :
255- api .verify_ssl = verify_ssl
256258 return api
0 commit comments