Add -i/-s for allowing/disallowing untrusted certificates when connecting over HTTPS.
Fix comment. Remove status from rule schema conformance test.
Add test for wskadmin create with explicit uuid:key.
diff --git a/tools/cli/wsk b/tools/cli/wsk
index 00ddca8..2b0117c 100755
--- a/tools/cli/wsk
+++ b/tools/cli/wsk
@@ -40,7 +40,8 @@
from wskpackage import Package
from wsknamespace import Namespace
from wsksdk import Sdk
-from wskutil import addAuthenticatedCommand, apiBase, chooseFromArray, resolveNamespace, request, responseError
+from wskutil import addAuthenticatedCommand, apiBase, chooseFromArray, httpRequestProps, resolveNamespace, request, responseError
+
def main():
userpropsLocation = os.getenv('WSK_CONFIG_FILE', '%s/.wskprops' % os.path.expanduser('~'))
@@ -54,6 +55,7 @@
exitCode = 0
try:
args = parseArgs(userprops)
+ httpRequestProps['secure'] = not args.insecure
apihost = resolveOverrides(whiskprops['CLI_API_HOST'], userprops.get('APIHOST'), args.apihostOverride)
apiversion = resolveOverrides('v1', userprops.get('APIVERSION'), args.apiversionOverride)
@@ -100,7 +102,8 @@
parser.add_argument('--apihost', help='whisk API host', dest='apihostOverride', metavar='hostname')
parser.add_argument('--apiversion', help='whisk API version', dest='apiversionOverride', metavar='version')
- parser.add_argument('-i', '--insecure', help='reserved command option', action='store_true')
+ parser.add_argument('-i', '--insecure', help='allow untrusted SSL certificates', action='store_true', default=True)
+ parser.add_argument('-s', '--secure', help='disallow untrusted SSL certificates', action='store_false', dest='insecure')
Action().getCommands(subparsers, props)
Activation().getCommands(subparsers, props)
diff --git a/tools/cli/wskutil.py b/tools/cli/wskutil.py
index ff7b961..d4c26a4 100644
--- a/tools/cli/wskutil.py
+++ b/tools/cli/wskutil.py
@@ -23,6 +23,9 @@
import collections
from urlparse import urlparse
+# global configurations, can control whether to allow untrusted certificates on HTTPS connections
+httpRequestProps = { 'secure': True }
+
def supportsColor():
if (sys.platform != 'win32' or 'ANSICON' in os.environ) and sys.stdout.isatty():
return True
@@ -55,10 +58,10 @@
if url.scheme == 'http':
conn = httplib.HTTPConnection(url.netloc)
else:
- if hasattr(ssl, '_create_unverified_context'):
- conn = httplib.HTTPSConnection(url.netloc if https_proxy is None else https_proxy, context=ssl._create_unverified_context())
- else:
+ if httpRequestProps['secure'] or not hasattr(ssl, '_create_unverified_context'):
conn = httplib.HTTPSConnection(url.netloc if https_proxy is None else https_proxy)
+ else:
+ conn = httplib.HTTPSConnection(url.netloc if https_proxy is None else https_proxy, context=ssl._create_unverified_context())
if https_proxy:
conn.set_tunnel(url.netloc)