diff --git a/armada/cli/__init__.py b/armada/cli/__init__.py index ee00494a..3f0ab7aa 100644 --- a/armada/cli/__init__.py +++ b/armada/cli/__init__.py @@ -15,6 +15,10 @@ from oslo_config import cfg from oslo_log import log as logging + +from armada import conf +conf.set_app_default_configs() + CONF = cfg.CONF LOG = logging.getLogger(__name__) diff --git a/armada/conf/default.py b/armada/conf/default.py index d7316900..b48cd3c7 100644 --- a/armada/conf/default.py +++ b/armada/conf/default.py @@ -30,6 +30,13 @@ default_options = [ default='http://0.0.0.0/v3', help=utils.fmt('The default Keystone authentication url.')), + cfg.StrOpt( + 'certs', + default=None, + help=utils.fmt(""" +Absolute path to the certificate file to use for chart registries +""")), + cfg.StrOpt( 'kubernetes_config_path', default='/home/user/.kube/', diff --git a/armada/handlers/armada.py b/armada/handlers/armada.py index 57aadc57..abc27a22 100644 --- a/armada/handlers/armada.py +++ b/armada/handlers/armada.py @@ -15,6 +15,7 @@ import difflib import yaml +from oslo_config import cfg from oslo_log import log as logging from supermutes.dot import dotify @@ -32,7 +33,7 @@ from armada.utils import lint from armada import const LOG = logging.getLogger(__name__) - +CONF = cfg.CONF DEFAULT_TIMEOUT = 3600 @@ -144,7 +145,14 @@ class Armada(object): ch.get('chart')['source_dir'] = (location, subpath) elif ct_type == 'tar': LOG.info('Downloading tarball from: %s', location) - tarball_dir = source.get_tarball(location) + + if not CONF.certs: + LOG.warn( + 'Disabling server validation certs to extract charts') + tarball_dir = source.get_tarball(location, verify=False) + else: + tarball_dir = source.get_tarball(location, verify=CONF.cert) + ch.get('chart')['source_dir'] = (tarball_dir, subpath) elif ct_type == 'git': reference = ch.get('chart').get('source').get( diff --git a/armada/tests/unit/utils/test_source.py b/armada/tests/unit/utils/test_source.py index 43775372..e29b0e41 100644 --- a/armada/tests/unit/utils/test_source.py +++ b/armada/tests/unit/utils/test_source.py @@ -83,7 +83,7 @@ class GitTestCase(unittest.TestCase): source.download_tarball(url) mock_temp.mkstemp.assert_called_once() - mock_requests.get.assert_called_once_with(url) + mock_requests.get.assert_called_once_with(url, verify=False) mock_open.assert_called_once_with('/tmp/armada', 'wb') mock_open().write.assert_called_once_with( mock_requests.get(url).content) diff --git a/armada/utils/source.py b/armada/utils/source.py index 8e60c36b..d6ea2002 100644 --- a/armada/utils/source.py +++ b/armada/utils/source.py @@ -12,15 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -from os import path import os -import requests import shutil import tarfile import tempfile +from os import path -from git import Repo +import requests from git import Git +from git import Repo +from requests.packages import urllib3 from armada.exceptions import source_exceptions @@ -50,23 +51,28 @@ def git_clone(repo_url, ref='master'): return _tmp_dir -def get_tarball(tarball_url): - tarball_path = download_tarball(tarball_url) +def get_tarball(tarball_url, verify=False): + tarball_path = download_tarball(tarball_url, verify=verify) return extract_tarball(tarball_path) -def download_tarball(tarball_url): +def download_tarball(tarball_url, verify=False): ''' Downloads a tarball to /tmp and returns the path ''' try: + if not verify: + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + tarball_filename = tempfile.mkstemp(prefix='armada')[1] - response = requests.get(tarball_url) + response = requests.get(tarball_url, verify=verify) + with open(tarball_filename, 'wb') as f: f.write(response.content) + + return tarball_filename except Exception: raise source_exceptions.TarballDownloadException(tarball_url) - return tarball_filename def extract_tarball(tarball_path):