kubernetes-client/python
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support insecure-skip-tls-verify config flag

Browse Source
This commit is contained in:
mbohlool 2017-01-24 14:47:20 -08:00
parent f10f4f32cd
commit 8fc978e49f
2 changed files with 43 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kubernetes/config/kube_config.py
View File

@ -189,12 +189,14 @@ class KubeConfigLoader(object):
self.key_file = FileOrData( self.key_file = FileOrData(
self._user, 'client-key', self._user, 'client-key',
file_base_path=self._config_base_path).as_file() file_base_path=self._config_base_path).as_file()
if 'insecure-skip-tls-verify' in self._cluster:
self.verify_ssl = not self._cluster['insecure-skip-tls-verify']
def _set_config(self): def _set_config(self):
if 'token' in self.__dict__: if 'token' in self.__dict__:
self._client_configuration.api_key['authorization'] = self.token self._client_configuration.api_key['authorization'] = self.token
# copy these keys directly from self to configuration object # copy these keys directly from self to configuration object
keys = ['host', 'ssl_ca_cert', 'cert_file', 'key_file'] keys = ['host', 'ssl_ca_cert', 'cert_file', 'key_file', 'verify_ssl']
for key in keys: for key in keys:
if key in self.__dict__: if key in self.__dict__:
setattr(self._client_configuration, key, getattr(self, key)) setattr(self._client_configuration, key, getattr(self, key))

46
kubernetes/config/kube_config_test.py
View File

@ -235,13 +235,17 @@ class FakeConfig:
if k not in other.__dict__: if k not in other.__dict__:
return return
if k in self.FILE_KEYS: if k in self.FILE_KEYS:
try: if v and other.__dict__[k]:
with open(v) as f1, open(other.__dict__[k]) as f2: try:
if f1.read() != f2.read(): with open(v) as f1, open(other.__dict__[k]) as f2:
if f1.read() != f2.read():
return
except IOError:
# fall back to only compare filenames in case we are
# testing the passing of filenames to the config
if other.__dict__[k] != v:
return return
except IOError: else:
# fall back to only compare filenames in case we are
# testing the passing of filenames to the config
if other.__dict__[k] != v: if other.__dict__[k] != v:
return return
else: else:
@ -301,6 +305,13 @@ class TestKubeConfigLoader(BaseTestCase):
"user": "ssl" "user": "ssl"
} }
}, },
{
"name": "no_ssl_verification",
"context": {
"cluster": "no_ssl_verification",
"user": "ssl"
}
},
{ {
"name": "ssl-no_file", "name": "ssl-no_file",
"context": { "context": {
@ -344,6 +355,13 @@ class TestKubeConfigLoader(BaseTestCase):
"certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64, "certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64,
} }
}, },
{
"name": "no_ssl_verification",
"cluster": {
"server": TEST_SSL_HOST,
"insecure-skip-tls-verify": "true",
}
},
], ],
"users": [ "users": [
{ {
@ -487,6 +505,22 @@ class TestKubeConfigLoader(BaseTestCase):
client_configuration=actual).load_and_set() client_configuration=actual).load_and_set()
self.assertEqual(expected, actual) self.assertEqual(expected, actual)
def test_ssl_no_verification(self):
expected = FakeConfig(
host=TEST_SSL_HOST,
token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64,
cert_file=self._create_temp_file(TEST_CLIENT_CERT),
key_file=self._create_temp_file(TEST_CLIENT_KEY),
verify_ssl=False,
ssl_ca_cert=None,
)
actual = FakeConfig()
KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="no_ssl_verification",
client_configuration=actual).load_and_set()
self.assertEqual(expected, actual)
def test_list_contexts(self): def test_list_contexts(self):
loader = KubeConfigLoader( loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG, config_dict=self.TEST_KUBE_CONFIG,