commit 0008876b72a20365ba9ae96a51d9f61634b07203
author Justin Berstler <bjustin-ibm@users.noreply.github.com> Fri Dec 02 21:17:26 2016 +0000
committer GitHub <noreply@github.com> Fri Dec 02 21:17:26 2016 +0000
tree af255667fad595659e3e3e8a7d518d1f425feaa5
parent 27e2f490f39c9ec1b5cbf03a2ab62a0a03029368

Optionally disable SSL cert checking (#78)

This behavior is controlled by an environment variable named LOCAL_DEV. When this is set to "True", then SSL checking is disabled. The default set in the Dockerfile (for added safety) is "False".

Dockerfile

diff --git a/Dockerfile b/Dockerfile
index de2d500..5c6e434 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,10 @@
 RUN pip install gevent==1.1.2 flask==0.11.1 confluent-kafka==0.9.2 \
         requests==2.10.0 cloudant==2.1.0 psutil==5.0.0
 
+# while I expect these will be overridden during deployment, we might as well
+# set reasonable defaults
 ENV PORT 5000
+ENV LOCAL_DEV False
 
 RUN mkdir -p /KafkaFeedProvider
 ADD provider/*.py /KafkaFeedProvider/

provider/app.py

diff --git a/provider/app.py b/provider/app.py
index 1715108..3b106dd 100644
--- a/provider/app.py
+++ b/provider/app.py
@@ -68,7 +68,7 @@
         response.status_code = 409
     else:
         logging.info("[{}] Ensuring user has access rights to post a trigger".format(triggerFQN))
-        trigger_get_response = requests.get(body["triggerURL"])
+        trigger_get_response = requests.get(body["triggerURL"], verify=check_ssl)
         trigger_get_status_code = trigger_get_response.status_code
         logging.info("[{}] Repsonse status code from trigger authorization {}".format(triggerFQN,
                                                                                       trigger_get_status_code))
@@ -193,6 +193,11 @@
         fh.setFormatter(formatter)
         logger.addHandler(fh)
 
+    local_dev = os.getenv('LOCAL_DEV', 'False')
+    logging.debug('LOCAL_DEV is {} {}'.format(local_dev, type(local_dev)))
+    check_ssl = (local_dev == 'False')
+    logging.debug('check_ssl is {} {}'.format(check_ssl, type(check_ssl)))
+
     database.migrate()
 
     TheDoctor(consumers).start()

provider/consumer.py

diff --git a/provider/consumer.py b/provider/consumer.py
index cf79a22..96df8b7 100644
--- a/provider/consumer.py
+++ b/provider/consumer.py
@@ -14,6 +14,7 @@
 
 import json
 import logging
+import os
 import requests
 import time
 
@@ -24,6 +25,8 @@
 from datetime import datetime
 from threading import Thread, Lock
 
+local_dev = os.getenv('LOCAL_DEV', 'False')
+check_ssl = (local_dev == 'False')
 
 class Consumer:
     class State:
@@ -300,7 +303,7 @@
 
             while retry:
                 try:
-                    response = requests.post(self.triggerURL, json=payload, timeout=10.0)
+                    response = requests.post(self.triggerURL, json=payload, timeout=10.0, verify=check_ssl)
                     status_code = response.status_code
                     logging.info("[{}] Repsonse status code {}".format(self.trigger, status_code))