[ARVADOS] created: 798218c8505a784877251e2424d39c8204895e20

git at public.curoverse.com git at public.curoverse.com
Thu Jun 25 19:36:56 EDT 2015


        at  798218c8505a784877251e2424d39c8204895e20 (commit)


commit 798218c8505a784877251e2424d39c8204895e20
Author: Brett Smith <brett at curoverse.com>
Date:   Thu Jun 25 19:36:52 2015 -0400

    6432: Python SDK can find and use CA certs on Red Hat.

diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py
index 8294df3..086487a 100644
--- a/sdk/python/arvados/api.py
+++ b/sdk/python/arvados/api.py
@@ -158,11 +158,7 @@ def api(version=None, cache=True, host=None, token=None, insecure=False, **kwarg
             'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' % (host,))
 
     if 'http' not in kwargs:
-        http_kwargs = {}
-        # Prefer system's CA certificates (if available) over httplib2's.
-        certs_path = '/etc/ssl/certs/ca-certificates.crt'
-        if os.path.exists(certs_path):
-            http_kwargs['ca_certs'] = certs_path
+        http_kwargs = {'ca_certs': util.ca_certs_path()}
         if cache:
             http_kwargs['cache'] = http_cache('discovery')
         if insecure:
diff --git a/sdk/python/arvados/events.py b/sdk/python/arvados/events.py
index 09f2a87..3036a25 100644
--- a/sdk/python/arvados/events.py
+++ b/sdk/python/arvados/events.py
@@ -15,11 +15,7 @@ _logger = logging.getLogger('arvados.events')
 
 class EventClient(WebSocketClient):
     def __init__(self, url, filters, on_event):
-        # Prefer system's CA certificates (if available)
-        ssl_options = {}
-        certs_path = '/etc/ssl/certs/ca-certificates.crt'
-        if os.path.exists(certs_path):
-            ssl_options['ca_certs'] = certs_path
+        ssl_options = {'ca_certs': arvados.util.ca_certs_path()}
         if config.flag_is_true('ARVADOS_API_HOST_INSECURE'):
             ssl_options['cert_reqs'] = ssl.CERT_NONE
         else:
diff --git a/sdk/python/arvados/util.py b/sdk/python/arvados/util.py
index 1316f22..aaf2094 100644
--- a/sdk/python/arvados/util.py
+++ b/sdk/python/arvados/util.py
@@ -1,5 +1,6 @@
 import fcntl
 import hashlib
+import httplib2
 import os
 import re
 import subprocess
@@ -371,3 +372,20 @@ def list_all(fn, num_retries=0, **kwargs):
         items_available = c['items_available']
         offset = c['offset'] + len(c['items'])
     return items
+
+def ca_certs_path(fallback=httplib2.CA_CERTS):
+    """Return the path of the best available CA certs source.
+
+    This function searches for various distribution sources of CA
+    certificates, and returns the first it finds.  If it doesn't find any,
+    it returns the value of `fallback` (httplib2's CA certs by default).
+    """
+    for ca_certs_path in [
+        # Debian:
+        '/etc/ssl/certs/ca-certificates.crt',
+        # Red Hat:
+        '/etc/pki/tls/certs/ca-bundle.crt',
+        ]:
+        if os.path.exists(ca_certs_path):
+            return ca_certs_path
+    return fallback

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list