[SDKs] PySDK supports Red Hat system CA certs
Right now the Python SDK knows how to find and use the Debian system CA certs file (
/etc/ssl/certs/ca-certificates.crt) in places where libraries try to use old certs. This path doesn't exist on Red Hat, so the SDK can't verify the certs of Curoverse clusters. In all the places where we use the Debian CA certs, search for the Red Hat CA certs, and use them if available.
#1 Updated by Brett Smith over 6 years ago
6432-pysdk-more-ca-certs-wip is up for review.
I thought about whether it made any sense to write a test, and ultimately decided against it. The point of the function is to introspect and report on the current state of the system. The only way to ensure that the results are wholly correct is to do the same introspection and assert that the function returned the expected result.
I thought about writing a test like, "Check if we're on Debian or Red Hat, or one of its derivatives. If so, assert that the result does not equal httplib2.CA_CERTS. Otherwise, assert that it does equal httplib2.CA_CERTS." However, this seemed only marginally better than the above approach.
What we really care about is that we can verify the cert of the API server we're connecting to, like Curoverse Cloud clusters. That's ultimately a system deployment question rather than a code question, so QA needs to be handled at that level, I think.