plugin/builder: TLS/SSL support (client side certs)
Add support for client side certificates via a new configuration
option: "ssl_cert", which should be a path to the certificate or
a comma separated list of paths to certificates.
Additionally, the "ssl_verify" option controls how the server
certificate is validated. This can either be a boolean ("True",
"False") or a path to a CA file.
NB: The url for the composer host must contain "https" for the
ssl/tls engine to kick in.
When used as a stand-alone koji API client, two new command
line options are provided, --cert and --ca. See their help
text for a description.
This commit is contained in:
Christian Kellner
parent
790462e967
commit
db82105eb0
1 changed files with 27 additions and 0 deletions
|
|
@ -220,6 +220,21 @@ class OSBuildImage(BaseTaskHandler):
|
||||||
self.koji_url = cfg["koji"]["url"]
|
self.koji_url = cfg["koji"]["url"]
|
||||||
self.client = Client(self.composer_url)
|
self.client = Client(self.composer_url)
|
||||||
|
|
||||||
|
composer = cfg["composer"]
|
||||||
|
|
||||||
|
if "ssl_cert" in composer:
|
||||||
|
data = cfg["composer"]["ssl_cert"]
|
||||||
|
cert = [s.strip() for s in data.split(',')]
|
||||||
|
self.client.http.cert = cert
|
||||||
|
|
||||||
|
if "ssl_verify" in composer:
|
||||||
|
try:
|
||||||
|
val = composer.getboolean("ssl_verify")
|
||||||
|
except ValueError:
|
||||||
|
val = composer["ssl_verify"]
|
||||||
|
|
||||||
|
self.client.http.verify = val
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def arches_for_config(buildconfig: Dict):
|
def arches_for_config(buildconfig: Dict):
|
||||||
archstr = buildconfig["arches"]
|
archstr = buildconfig["arches"]
|
||||||
|
|
@ -379,6 +394,10 @@ def main():
|
||||||
action="append", type=str, default=[])
|
action="append", type=str, default=[])
|
||||||
subpar.add_argument("--koji", metavar="URL", help='The koji url',
|
subpar.add_argument("--koji", metavar="URL", help='The koji url',
|
||||||
default=DEFAULT_KOJIHUB_URL)
|
default=DEFAULT_KOJIHUB_URL)
|
||||||
|
subpar.add_argument("--cert", metavar="cert", help='The client SSL certificates to use',
|
||||||
|
type=str, action="append", default=[])
|
||||||
|
subpar.add_argument("--ca", metavar="ca", help='The SSL certificate authority',
|
||||||
|
type=str)
|
||||||
subpar.set_defaults(cmd='compose')
|
subpar.set_defaults(cmd='compose')
|
||||||
|
|
||||||
subpar = sp.add_parser("status", help='status of a compose')
|
subpar = sp.add_parser("status", help='status of a compose')
|
||||||
|
|
@ -398,6 +417,14 @@ def main():
|
||||||
|
|
||||||
client = Client(args.url)
|
client = Client(args.url)
|
||||||
|
|
||||||
|
if args.cert:
|
||||||
|
print("Using client certificates")
|
||||||
|
client.http.cert = args.cert
|
||||||
|
client.http.verify = True
|
||||||
|
|
||||||
|
if args.ca:
|
||||||
|
client.http.verify = args.ca
|
||||||
|
|
||||||
if args.cmd == "compose":
|
if args.cmd == "compose":
|
||||||
return compose_cmd(client, args)
|
return compose_cmd(client, args)
|
||||||
if args.cmd == "status":
|
if args.cmd == "status":
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue