[ARVADOS] updated: 416a99c2039e879cefc67dd0764b8544ef6c2d53
git at public.curoverse.com
git at public.curoverse.com
Fri Jun 26 11:42:26 EDT 2015
Summary of changes:
sdk/python/arvados/api.py | 6 +-----
sdk/python/arvados/events.py | 6 +-----
sdk/python/arvados/util.py | 18 ++++++++++++++++++
3 files changed, 20 insertions(+), 10 deletions(-)
via 416a99c2039e879cefc67dd0764b8544ef6c2d53 (commit)
via 9b910084faf3db6fa2071af604620e7d45d12a6c (commit)
from 665b0fbe5f57866f9d0183a08e713fe07e8db8de (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 416a99c2039e879cefc67dd0764b8544ef6c2d53
Merge: 665b0fb 9b91008
Author: Brett Smith <brett at curoverse.com>
Date: Fri Jun 26 11:42:10 2015 -0400
Merge branch '6432-pysdk-more-ca-certs-wip'
Closes #6432, #6434.
commit 9b910084faf3db6fa2071af604620e7d45d12a6c
Author: Brett Smith <brett at curoverse.com>
Date: Thu Jun 25 19:36:52 2015 -0400
6432: Python SDK can find and use CA certs on Red Hat.
diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py
index 8294df3..086487a 100644
--- a/sdk/python/arvados/api.py
+++ b/sdk/python/arvados/api.py
@@ -158,11 +158,7 @@ def api(version=None, cache=True, host=None, token=None, insecure=False, **kwarg
'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' % (host,))
if 'http' not in kwargs:
- http_kwargs = {}
- # Prefer system's CA certificates (if available) over httplib2's.
- certs_path = '/etc/ssl/certs/ca-certificates.crt'
- if os.path.exists(certs_path):
- http_kwargs['ca_certs'] = certs_path
+ http_kwargs = {'ca_certs': util.ca_certs_path()}
if cache:
http_kwargs['cache'] = http_cache('discovery')
if insecure:
diff --git a/sdk/python/arvados/events.py b/sdk/python/arvados/events.py
index 09f2a87..3036a25 100644
--- a/sdk/python/arvados/events.py
+++ b/sdk/python/arvados/events.py
@@ -15,11 +15,7 @@ _logger = logging.getLogger('arvados.events')
class EventClient(WebSocketClient):
def __init__(self, url, filters, on_event):
- # Prefer system's CA certificates (if available)
- ssl_options = {}
- certs_path = '/etc/ssl/certs/ca-certificates.crt'
- if os.path.exists(certs_path):
- ssl_options['ca_certs'] = certs_path
+ ssl_options = {'ca_certs': arvados.util.ca_certs_path()}
if config.flag_is_true('ARVADOS_API_HOST_INSECURE'):
ssl_options['cert_reqs'] = ssl.CERT_NONE
else:
diff --git a/sdk/python/arvados/util.py b/sdk/python/arvados/util.py
index 1316f22..aaf2094 100644
--- a/sdk/python/arvados/util.py
+++ b/sdk/python/arvados/util.py
@@ -1,5 +1,6 @@
import fcntl
import hashlib
+import httplib2
import os
import re
import subprocess
@@ -371,3 +372,20 @@ def list_all(fn, num_retries=0, **kwargs):
items_available = c['items_available']
offset = c['offset'] + len(c['items'])
return items
+
+def ca_certs_path(fallback=httplib2.CA_CERTS):
+ """Return the path of the best available CA certs source.
+
+ This function searches for various distribution sources of CA
+ certificates, and returns the first it finds. If it doesn't find any,
+ it returns the value of `fallback` (httplib2's CA certs by default).
+ """
+ for ca_certs_path in [
+ # Debian:
+ '/etc/ssl/certs/ca-certificates.crt',
+ # Red Hat:
+ '/etc/pki/tls/certs/ca-bundle.crt',
+ ]:
+ if os.path.exists(ca_certs_path):
+ return ca_certs_path
+ return fallback
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list