-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configuration setting to use system SSL certificates #249
Configuration setting to use system SSL certificates #249
Conversation
Had a look at that failing matrix test, but it's complaining about a line not altered in this PR, last change dated to 6 months ago. No idea why that would pop out now. https://github.com/flexcompute/Flow360/blob/develop/flow360/__init__.py#L7 |
782377f
to
f1e621f
Compare
f1e621f
to
61c14f8
Compare
return self._use_system_certs | ||
|
||
config_map = self.config.get(self.profile, {}) | ||
setting = config_map.get("usesystemcerts", False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this one to work requires usesystemcerts being available in config.toml file which is managed by flow360 CLI. You can add this option to the CLI so the user can set it only once: https://github.com/flexcompute/Flow360/blob/develop/flow360/cli/app.py
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the _test_...
are not run automatically in the pipeline. This is why I think this test will have no effect
@dominik-flex can you look at this PR? Do we need this or can we close it? |
@maciej-flexcompute I think we no longer need this. The solution for requests made with the Python |
This is an in-progress patch to support using the OS certificate store (e.g. Windows certificate store) for Flow360 requests, when given a configuration option to change this behavior. Not expected to alter existing default behavior. Further testing is required before taking the "draft" mark off this.
We have a customer who is experiencing SSL-related errors, likely related to an SSL intercepting proxy. The certificates for these are usually distributed to the OS certificate store, but will not be copied to the certipy default bundle. This may resolve such issues, by allowing the OS store which the organisation is managing to be used.
Any advice on testing approach would be welcome. The current unit tests don't make any real HTTP requests, which would be needed to test this functionality. Making those requests would require Internet connectivity where tests are run. In the draft tests I ran, there were issues connecting to the Flow360 API (even public endpoints), because the client is not designed to connect without an access key.