Avoid verifying SSL on local connections

Since these will almost always connect to an IP rather than a "real" hostname, don't verify the SSL cert (if applicable). Also allow the overriding of SSL verification via an environment variable. As a consequence, to reduce spam, SSL warnings are disabled for urllib3. Instead, we warn in the "Using cluster" output whenever verification is disabled.
2020-08-27 13:23:24 -04:00
parent 7bf91b1003
commit 45542bfd67
2 changed files with 22 additions and 6 deletions
--- a/client-cli/pvc.py
+++ b/client-cli/pvc.py
@ -106,6 +106,10 @@ def get_config(store_data, cluster=None):
    config['api_scheme'] = scheme
    config['api_key'] = api_key
    config['api_prefix'] = prefix
+    if cluster == 'local':
+        config['verify_ssl'] = False
+    else:
+        config['verify_ssl'] = bool(strtobool(os.environ.get('PVC_CLIENT_VERIFY_SSL', 'True')))

    return config

@ -3626,11 +3630,16 @@ def cli(_cluster, _debug, _quiet):
        config['debug'] = _debug

        if not _quiet:
+            if config['api_scheme'] == 'https' and not config['verify_ssl']:
+                ssl_unverified_msg=' (unverified)'
+            else:
+                ssl_unverified_msg=''
            click.echo(
-                'Using cluster "{}" - Host: "{}"  Scheme: "{}"  Prefix: "{}"'.format(
+                'Using cluster "{}" - Host: "{}"  Scheme: "{}{}"  Prefix: "{}"'.format(
                    config['cluster'],
                    config['api_host'],
                    config['api_scheme'],
+                    ssl_unverified_msg,
                    config['api_prefix']
                ),
                err=True