encrypt_secret: support self-signed certificates via --insecure argument
In case of a non production Zuul deployment this option is handy as usually such deployment are made with a self-signed certificate. Change-Id: I063357dba33161bdb721304d89e6051b768a60c8
This commit is contained in:
parent
71f60674b9
commit
9c2be21c0c
|
@ -22,6 +22,7 @@ import subprocess
|
||||||
import sys
|
import sys
|
||||||
import tempfile
|
import tempfile
|
||||||
import textwrap
|
import textwrap
|
||||||
|
import ssl
|
||||||
|
|
||||||
# we to import Request and urlopen differently for python 2 and 3
|
# we to import Request and urlopen differently for python 2 and 3
|
||||||
try:
|
try:
|
||||||
|
@ -67,6 +68,8 @@ def main():
|
||||||
help="A filename to which the encrypted value will be "
|
help="A filename to which the encrypted value will be "
|
||||||
"written. If not supplied, the value will be written "
|
"written. If not supplied, the value will be written "
|
||||||
"to standard output.")
|
"to standard output.")
|
||||||
|
parser.add_argument('--insecure', action='store_true', default=False,
|
||||||
|
help="Do not verify remote certificate")
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
# We should not use unencrypted connections for retrieving the public key.
|
# We should not use unencrypted connections for retrieving the public key.
|
||||||
|
@ -81,9 +84,16 @@ def main():
|
||||||
if url.scheme == 'file':
|
if url.scheme == 'file':
|
||||||
req = Request(args.url)
|
req = Request(args.url)
|
||||||
else:
|
else:
|
||||||
|
if args.insecure:
|
||||||
|
ssl_ctx = ssl.create_default_context()
|
||||||
|
ssl_ctx.check_hostname = False
|
||||||
|
ssl_ctx.verify_mode = ssl.CERT_NONE
|
||||||
|
else:
|
||||||
|
ssl_ctx = None
|
||||||
|
|
||||||
# Check if tenant is white label
|
# Check if tenant is white label
|
||||||
req = Request("%s/api/info" % (args.url.rstrip('/'),))
|
req = Request("%s/api/info" % (args.url.rstrip('/'),))
|
||||||
info = json.loads(urlopen(req).read().decode('utf8'))
|
info = json.loads(urlopen(req, context=ssl_ctx).read().decode('utf8'))
|
||||||
|
|
||||||
api_tenant = info.get('info', {}).get('tenant')
|
api_tenant = info.get('info', {}).get('tenant')
|
||||||
if not api_tenant and not args.tenant:
|
if not api_tenant and not args.tenant:
|
||||||
|
@ -96,7 +106,7 @@ def main():
|
||||||
else:
|
else:
|
||||||
req = Request("%s/api/tenant/%s/key/%s.pub" % (
|
req = Request("%s/api/tenant/%s/key/%s.pub" % (
|
||||||
args.url.rstrip('/'), args.tenant, args.project))
|
args.url.rstrip('/'), args.tenant, args.project))
|
||||||
pubkey = urlopen(req)
|
pubkey = urlopen(req, context=ssl_ctx)
|
||||||
|
|
||||||
if args.infile:
|
if args.infile:
|
||||||
with open(args.infile) as f:
|
with open(args.infile) as f:
|
||||||
|
|
Loading…
Reference in New Issue