Yes, it works. Thank you! пт, 26 нояб. 2021 г. в 20:59, Matthias Dellweg <[email protected]>:
> Can you please verify that this change solves your problem: > https://github.com/pulp/pulp-cli/pull/434 > > Thank you! > > On Fri, Nov 26, 2021 at 6:09 PM Konstantin M. Khankin > <[email protected]> wrote: > > > > Hello! > > > > Today I got unpleasantly surprised about the inability to change the > list of CA certificates pulp-cli uses to verify SSL connections. Pulp-cli > uses the requests library, so I expected to be able to just specify > REQUESTS_CA_BUNDLE envvar and be happy. However, this did not work. So I > added some print_tb() here and there and saw this: > > > > ... > > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/python/content.py", > line 88, in upload > > artifact_href = PulpArtifactContext(pulp_ctx).upload(file, > chunk_size) > > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/core/context.py", line > 43, in upload > > result = self.list(limit=1, offset=0, parameters={"sha256": > sha256_digest}) > > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/common/context.py", > line 436, in list > > result: Dict[str, Any] = self.pulp_ctx.call(self.LIST_ID, > parameters=payload) > > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/common/context.py", > line 134, in call > > result = self.api.call(operation_id, *args, **kwargs) > > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/common/openapi.py", > line 263, in call > > response: requests.Response = self._session.send(request) > > File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", > line 657, in send > > r = adapter.send(request, **kwargs) > > File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", > line 420, in send > > self.cert_verify(conn, request.url, verify, cert) > > ... > > > > pulpcore/cli/common/openapi.py calls requests.Session.send(). This > works, but it means merge_environment_settings is not called, because it is > in request() (which later calls send()). This means envvar is not applied. > > > > I tried to abuse Python's dynamic typing and change the value of the > verify_ssl flag to what I'd put into the envvar, but click is smart enough > to catch this :( > > > > I found the FR to support custom CA certificates. It may be that this FR > is as easy as changing send() to request(), allowing users to use an > already existing mechanism from the requests library. > > > > Is there something which I missed? > > > > Thanks! > > > > -- > > Konstantin Khankin > > _______________________________________________ > > Pulp-list mailing list > > [email protected] > > https://listman.redhat.com/mailman/listinfo/pulp-list > > -- Ханкин Константин
_______________________________________________ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
