Story #6432

[SDKs] PySDK supports Red Hat system CA certs

Added by Brett Smith over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Brett Smith
Category:
SDKs
Target version:
Start date:
06/26/2015
Due date:
% Done:

100%

Estimated time:
(Total: 0.50 h)
Story points:
-

Description

Right now the Python SDK knows how to find and use the Debian system CA certs file (/etc/ssl/certs/ca-certificates.crt) in places where libraries try to use old certs. This path doesn't exist on Red Hat, so the SDK can't verify the certs of Curoverse clusters. In all the places where we use the Debian CA certs, search for the Red Hat CA certs, and use them if available.


Subtasks

Task #6434: Review 6432-pysdk-more-ca-certs-wipResolvedWard Vandewege

Associated revisions

Revision 416a99c2
Added by Brett Smith over 6 years ago

Merge branch '6432-pysdk-more-ca-certs-wip'

Closes #6432, #6434.

History

#1 Updated by Brett Smith over 6 years ago

6432-pysdk-more-ca-certs-wip is up for review.

I thought about whether it made any sense to write a test, and ultimately decided against it. The point of the function is to introspect and report on the current state of the system. The only way to ensure that the results are wholly correct is to do the same introspection and assert that the function returned the expected result.

I thought about writing a test like, "Check if we're on Debian or Red Hat, or one of its derivatives. If so, assert that the result does not equal httplib2.CA_CERTS. Otherwise, assert that it does equal httplib2.CA_CERTS." However, this seemed only marginally better than the above approach.

What we really care about is that we can verify the cert of the API server we're connecting to, like Curoverse Cloud clusters. That's ultimately a system deployment question rather than a code question, so QA needs to be handled at that level, I think.

#2 Updated by Ward Vandewege over 6 years ago

reviewing 6432-pysdk-more-ca-certs-wip at 798218c8505a784877251e2424d39c8204895e20

Code looks good, tests pass, LGTM.

#3 Updated by Brett Smith over 6 years ago

  • Status changed from In Progress to Resolved

Applied in changeset arvados|commit:416a99c2039e879cefc67dd0764b8544ef6c2d53.

Also available in: Atom PDF