Merge pull request #294 from wayfair/feature_internal_cert_configuration

Gauvain Pocentek · web-flow · commit 0e70dd9bfaa8 · 2017-08-05T07:44:16.000+02:00
Support SSL verification via internal CA bundle
diff --git a/docs/cli.rst b/docs/cli.rst
@@ -61,9 +61,10 @@ parameters. You can override the values in each GitLab server section.
      - Possible values
      - Description
    * - ``ssl_verify``
-     - ``True`` or ``False``
-     - Verify the SSL certificate. Set to ``False`` if your SSL certificate is
-       auto-signed.
+     - ``True``, ``False``, or a ``str``
+     - Verify the SSL certificate. Set to ``False`` to disable verification,
+       though this will create warnings. Any other value is interpreted as path
+       to a CA_BUNDLE file or directory with certificates of trusted CAs.
    * - ``timeout``
      - Integer
      - Number of seconds to wait for an answer before failing.
diff --git a/gitlab/config.py b/gitlab/config.py
@@ -61,11 +61,28 @@ def __init__(self, gitlab_id=None, config_files=None):
         self.ssl_verify = True
         try:
             self.ssl_verify = self._config.getboolean('global', 'ssl_verify')
+        except ValueError:
+            # Value Error means the option exists but isn't a boolean.
+            # Get as a string instead as it should then be a local path to a
+            # CA bundle.
+            try:
+                self.ssl_verify = self._config.get('global', 'ssl_verify')
+            except Exception:
+                pass
         except Exception:
             pass
         try:
             self.ssl_verify = self._config.getboolean(self.gitlab_id,
                                                       'ssl_verify')
+        except ValueError:
+            # Value Error means the option exists but isn't a boolean.
+            # Get as a string instead as it should then be a local path to a
+            # CA bundle.
+            try:
+                self.ssl_verify = self._config.get(self.gitlab_id,
+                                                   'ssl_verify')
+            except Exception:
+                pass
         except Exception:
             pass
 
diff --git a/gitlab/tests/test_config.py b/gitlab/tests/test_config.py
@@ -40,6 +40,11 @@
 private_token = GHIJKL
 ssl_verify = false
 timeout = 10
+
+[three]
+url = https://three.url
+private_token = MNOPQR
+ssl_verify = /path/to/CA/bundle.crt
 """
 
 no_default_config = u"""[global]
@@ -109,3 +114,13 @@ def test_valid_data(self, m_open):
         self.assertEqual("GHIJKL", cp.token)
         self.assertEqual(10, cp.timeout)
         self.assertEqual(False, cp.ssl_verify)
+
+        fd = six.StringIO(valid_config)
+        fd.close = mock.Mock(return_value=None)
+        m_open.return_value = fd
+        cp = config.GitlabConfigParser(gitlab_id="three")
+        self.assertEqual("three", cp.gitlab_id)
+        self.assertEqual("https://three.url", cp.url)
+        self.assertEqual("MNOPQR", cp.token)
+        self.assertEqual(2, cp.timeout)
+        self.assertEqual("/path/to/CA/bundle.crt", cp.ssl_verify)
