Google Git
Sign in
apache / openwhisk-client-python / e0b20da896feb2b88ac017e1a52c3f61b1780d5f^! / .
commite0b20da896feb2b88ac017e1a52c3f61b1780d5f[log] [tgz]
authorRodric Rabbah <rabbah@us.ibm.com>Sat Jun 25 17:43:56 2016 -0400
committerRodric Rabbah <rabbah@us.ibm.com>Wed Jun 29 17:00:48 2016 -0400
tree4ec5f7ae8409dc05d84d209b615361d42a409e1b
parente72afc04d34ddcd05575ec46f7192c1977217504 [diff]
Add -i/-s for allowing/disallowing untrusted certificates when connecting over HTTPS.

Fix comment. Remove status from rule schema conformance test.

Add test for wskadmin create with explicit uuid:key.

diff --git a/tools/cli/wsk b/tools/cli/wsk
index 00ddca8..2b0117c 100755
--- a/tools/cli/wsk
+++ b/tools/cli/wsk

@@ -40,7 +40,8 @@
 from wskpackage import Package
 from wsknamespace import Namespace
 from wsksdk import Sdk
-from wskutil import addAuthenticatedCommand, apiBase, chooseFromArray, resolveNamespace, request, responseError
+from wskutil import addAuthenticatedCommand, apiBase, chooseFromArray, httpRequestProps, resolveNamespace, request, responseError
+
 
 def main():
     userpropsLocation = os.getenv('WSK_CONFIG_FILE', '%s/.wskprops' % os.path.expanduser('~'))
@@ -54,6 +55,7 @@
     exitCode = 0
     try:
         args = parseArgs(userprops)
+        httpRequestProps['secure'] = not args.insecure
         apihost = resolveOverrides(whiskprops['CLI_API_HOST'], userprops.get('APIHOST'), args.apihostOverride)
         apiversion = resolveOverrides('v1', userprops.get('APIVERSION'), args.apiversionOverride)
 
@@ -100,7 +102,8 @@
 
     parser.add_argument('--apihost', help='whisk API host', dest='apihostOverride', metavar='hostname')
     parser.add_argument('--apiversion', help='whisk API version', dest='apiversionOverride', metavar='version')
-    parser.add_argument('-i', '--insecure', help='reserved command option', action='store_true')
+    parser.add_argument('-i', '--insecure', help='allow untrusted SSL certificates', action='store_true', default=True)
+    parser.add_argument('-s', '--secure', help='disallow untrusted SSL certificates', action='store_false', dest='insecure')
 
     Action().getCommands(subparsers, props)
     Activation().getCommands(subparsers, props)

diff --git a/tools/cli/wskutil.py b/tools/cli/wskutil.py
index ff7b961..d4c26a4 100644
--- a/tools/cli/wskutil.py
+++ b/tools/cli/wskutil.py

@@ -23,6 +23,9 @@
 import collections
 from urlparse import urlparse
 
+# global configurations, can control whether to allow untrusted certificates on HTTPS connections
+httpRequestProps = { 'secure': True }
+
 def supportsColor():
     if (sys.platform != 'win32' or 'ANSICON' in os.environ) and sys.stdout.isatty():
         return True
@@ -55,10 +58,10 @@
     if url.scheme == 'http':
         conn = httplib.HTTPConnection(url.netloc)
     else:
-        if hasattr(ssl, '_create_unverified_context'):
-            conn = httplib.HTTPSConnection(url.netloc if https_proxy is None else https_proxy, context=ssl._create_unverified_context())
-        else:
+        if httpRequestProps['secure'] or not hasattr(ssl, '_create_unverified_context'):
             conn = httplib.HTTPSConnection(url.netloc if https_proxy is None else https_proxy)
+        else:
+            conn = httplib.HTTPSConnection(url.netloc if https_proxy is None else https_proxy, context=ssl._create_unverified_context())
         if https_proxy:
             conn.set_tunnel(url.netloc)