Merge pull request #2892 from mcano/disable_ssl

Matthew Fisher · Matthew Fisher · commit d52b7c2c8c37 · 2015-01-22T17:03:19.000-08:00
feat(client): add flag to disable SSL certificate verification
diff --git a/client/deis.py b/client/deis.py
@@ -390,6 +390,7 @@ def _dispatch(self, method, path, body=None, **kwargs):
         func = getattr(self._session, method.lower())
         controller = self._settings.get('controller')
         token = self._settings.get('token')
+        ssl_verify = self._settings.get('ssl_verify')
         if not token:
             raise EnvironmentError(
                 'Could not find token. Use `deis login` or `deis register` to get started.')
@@ -399,7 +400,7 @@ def _dispatch(self, method, path, body=None, **kwargs):
             'X-Deis-Version': __api_version__.rsplit('.', 1)[0],
             'Authorization': 'token {}'.format(token)
         }
-        response = func(url, data=body, headers=headers)
+        response = func(url, data=body, headers=headers, verify=ssl_verify)
         # check for version mismatch
         server_api_version = response.headers.get('X_DEIS_API_VERSION')
         if server_api_version is not None and server_api_version != __api_version__:
@@ -788,8 +789,11 @@ def auth_login(self, args):
             provide a username for the account.
           --password=<password>
             provide a password for the account.
+          --ssl-verify=false
+            disables SSL certificate verification for API requests
         """
         controller = args['<controller>']
+        ssl_verify = True
         if not urlparse.urlparse(controller).scheme:
             controller = "http://{}".format(controller)
         username = args.get('--username')
@@ -799,15 +803,20 @@ def auth_login(self, args):
         password = args.get('--password')
         if not password:
             password = getpass('password: ')
+        ssl_option = args.get('--ssl-verify')
+        if ssl_option == 'false':
+            ssl_verify = False
         url = urlparse.urljoin(controller, '/v1/auth/login/')
         payload = {'username': username, 'password': password}
         # post credentials to the login URL
-        response = self._session.post(url, data=payload, allow_redirects=False)
+        response = self._session.post(url, data=payload, allow_redirects=False,
+            verify=ssl_verify)
         if response.status_code == requests.codes.ok:
             # retrieve and save the API token for future requests
             self._settings['controller'] = controller
             self._settings['username'] = username
             self._settings['token'] = response.json()['token']
+            self._settings['ssl_verify'] = ssl_verify
             self._settings.save()
             self._logger.info("Logged in as {}".format(username))
             return username
@@ -820,9 +829,8 @@ def auth_logout(self, args):
 
         Usage: deis auth:logout
         """
-        self._settings['controller'] = None
-        self._settings['username'] = None
-        self._settings['token'] = None
+        for i in ['controller', 'username', 'token', 'ssl_verify']:
+            self._settings[i] = None
         self._settings.save()
         self._logger.info('Logged out')
 
