added GRIFFON_VERIFY_SSL env var

RedHatProductSecurity · Jan 14, 2024 · 6064505 · 6064505
1 parent c66152f
commit 6064505
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Added
+* GRIFFON_VERIFY_SSL environment variable
 
 ## [0.4.1] - 2024-01-12
 ### Fixed

diff --git a/docs/user_guide.md b/docs/user_guide.md
@@ -87,6 +87,11 @@ export OSIDB_USERNAME="<your username>"
 export OSIDB_PASSWORD="<your password>"
 ```
 
+To disable verifying ssl certificates: 
+```commandline
+export GRIFFON_VERIFY_SSL="False"
+```
+
 ### Enable autocompletion
 Enable shell autocompletion by following these instructions for your specific shell.
 

diff --git a/griffon/__init__.py b/griffon/__init__.py
@@ -42,6 +42,7 @@
 GRIFFON_CONFIG_DIR = os.getenv("GRIFFON_API_URL", "~/.griffon")
 GRIFFON_RC_FILE = "~/.griffonrc"
 GRIFFON_DEFAULT_LOG_FILE = os.getenv("GRIFFON_DEFAULT_LOG_FILE", "~/.griffon/history.log")
+GRIFFON_VERIFY_SSL = os.getenv("GRIFFON_VERIFY_SSL", "True").lower() in ("true", "1", "t")
 
 logger = logging.getLogger("griffon")
 
@@ -138,6 +139,7 @@ def create_session():
         try:
             return component_registry_bindings.new_session(
                 component_registry_server_uri=CORGI_SERVER_URL,
+                verify_ssl=GRIFFON_VERIFY_SSL,
             )
         except:  # noqa
             console.log(f"{CORGI_SERVER_URL} is not accessible.")
@@ -204,7 +206,11 @@ def create_session():
             if OSIDB_AUTH_METHOD == "credentials":
                 credentials["username"] = OSIDB_USERNAME
                 credentials["password"] = OSIDB_PASSWORD
-            return osidb_bindings.new_session(osidb_server_uri=OSIDB_SERVER_URL, **credentials)
+            return osidb_bindings.new_session(
+                osidb_server_uri=OSIDB_SERVER_URL,
+                verify_ssl=GRIFFON_VERIFY_SSL,
+                **credentials,
+            )
         except:  # noqa
             console.log(f"{OSIDB_SERVER_URL} is not accessible (or krb ticket has expired).")
             exit(1)
@@ -307,6 +313,7 @@ def create_session():
         try:
             return component_registry_bindings.new_session(
                 component_registry_server_uri=COMMUNITY_COMPONENTS_SERVER_URL,
+                verify_ssl=GRIFFON_VERIFY_SSL,
             )
         except:  # noqa
             console.log(f"{COMMUNITY_COMPONENTS_SERVER_URL } is not accessible.")