Use custom TLS certificate if provided

Since `urllib3` uses `certifi` as the certificate provider [1], if the users enable TLS with a custom certificate, the `Service.do_get` method will not be able to verify the custom certificate. According to the documentation [1], we need to add `cert_reqs` and `ca_certs` to the `urllib3.PoolManager` when a custom certificate is used. [1] https://urllib3.readthedocs.io/en/latest/advanced-usage.html#custom-tls-certificates Story: #2011168 Task: #50514 Change-Id: I75857cf0d0d37254180aa3ae2305e16610c9fab4
2024-07-08 09:27:54 +08:00 · 2024-07-08 09:27:54 +08:00 · f30afbb1bc
commit f30afbb1bc
parent b6d2581444
1 changed files with 4 additions and 0 deletions
--- a/config_tempest/services/base.py
+++ b/config_tempest/services/base.py
@ -59,6 +59,10 @@ class Service(object):
            if self.disable_ssl_validation:
                urllib3.disable_warnings()
                http = urllib3.PoolManager(cert_reqs='CERT_NONE')
+            elif self.ca_certs is not None:
+                http = urllib3.PoolManager(
+                    cert_reqs='REQUIRED', ca_certs=self.ca_certs
+                )
            else:
                http = urllib3.PoolManager()
            r = http.request('GET', url, headers=self.headers)