Honor REQUESTS_CA_BUNDLE env var #586

Merged
merged 3 commits into from Jan 9, 2014

Conversation

Projects
None yet
2 participants
Member

jamesls commented Jan 9, 2014

This allows a user to specify a different cert bundle via an
env var. This uses the new verify arg added to get_endpoint
in botocore.

Previously it was creating an Endpoint object and then setting the
verify attribute, but the REQUESTS_CA_BUNDLE lookup happens before
an Endpoint object is created, so we would override the value
from the env var. By using the verify arg in get_endpoint we
can avoid this.

Note that this depends on boto/botocore#203 and will
fail the tests until this is merged in.

jamesls added some commits Jan 9, 2014

Honor REQUESTS_CA_BUNDLE env var
This allows a user to specify a different cert bundle via an
env var.  This uses the new verify arg added to get_endpoint
in botocore.

Previously it was creating an Endpoint object and then setting the
verify attribute, but the REQUESTS_CA_BUNDLE lookup happens before
an Endpoint object is created, so we would override the value
from the env var.  By using the verify arg in get_endpoint we
can avoid this.
Member

jamesls commented Jan 9, 2014

Ok, the PR should pass now that the PR from botocore is merged in.

However, given we're now in the aws cli territory, should this just be called AWS_CA_BUNDLE, and we could possibly do the env var lookup here and explicitly pass a value to botocore?

I can see why botocore would honor this value, but perhaps in the CLI we need something more specific.

Contributor

garnaat commented Jan 9, 2014

I would favor using AWS_CA_BUNDLE. I think that will make more sense in customer-facing documentation explaining this.

Member

jamesls commented Jan 9, 2014

Ok, I'll update this PR to do an env var lookup for AWS_CA_BUNDLE.

Member

jamesls commented Jan 9, 2014

Ok, code updated to check for, and use, AWS_CA_BUNDLE.

Contributor

garnaat commented Jan 9, 2014

LGTM

@jamesls jamesls merged commit f2db71d into aws:develop Jan 9, 2014

@jamesls jamesls deleted the jamesls:cacert-envar branch Jun 23, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment