Add some info about ssl_verify

It shows that the value of ssl_verify can set with the path
to CA file, when want to enable SSL cert verification.

JITA:PDC-1719

README.markdown

@@ -33,7 +33,7 @@ Other possible keys are:
 
 * `ssl_verify`
 
-    If set to `false`, server certificate will not be validated. See [Python requests documentation](http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification) for other possible values.
+    If set to `false`, server certificate will not be validated. See [Python requests documentation](http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification) for other possible values. It can set the value of 'ssl_verify' with the path to CA file, when want to imported IT certificate authority and enable SSL cert verification.
 
 * `develop`
 

bin/pdc_client

@@ -169,11 +169,11 @@ if __name__ == "__main__":
                 data[key] = ''
 
     try:
-        ssl_verify = options.ca_cert or not options.insecure
+        ca_cert_or_insecure = options.ca_cert or options.insecure
         if options.insecure:
             requests.packages.urllib3.disable_warnings(
                 requests.packages.urllib3.exceptions.InsecureRequestWarning)
-        client = PDCClient(options.server, ssl_verify=ssl_verify)
+        client = PDCClient(options.server, ca_cert_or_insecure=ca_cert_or_insecure)
         if options.comment:
             client.set_comment(options.comment)
     except BeanBagException as e:

pdc_client/__init__.py

@@ -97,7 +97,7 @@ class PDCClient(object):
     connections. The authentication token is automatically retrieved (if
     needed).
     """
-    def __init__(self, server, token=None, develop=False, ssl_verify=None, page_size=None):
+    def __init__(self, server, token=None, develop=False, ca_cert_or_insecure=None, page_size=None):
         """Create new client instance.
 
         Once the class is instantiated, use it as you would use a regular
@@ -106,6 +106,7 @@ class to perform requests.
 
         :param server:     server API url or server name from configuration
         :paramtype server: string
+        :param ca_cert_or_insecure: it's from command line，value with the/path/to/CA/file or True/None.
         """
         self.page_size = page_size
         if not server:
@@ -120,12 +121,27 @@ class to perform requests.
             except KeyError:
                 print("'%s' must be specified in configuration file." % CONFIG_URL_KEY_NAME)
                 sys.exit(1)
-            ssl_verify = config.get(CONFIG_SSL_VERIFY_KEY_NAME) if ssl_verify is None else ssl_verify
-            insecure = config.get(CONFIG_INSECURE_KEY_NAME)
-            if insecure is not None:
-                sys.stderr.write("Warning: '%s' option is deprecated; please use '%s' instead\n" % (
-                    CONFIG_INSECURE_KEY_NAME, CONFIG_SSL_VERIFY_KEY_NAME))
-                ssl_verify = not insecure
+            if ca_cert_or_insecure is None:
+                # In client command, it's priority to use the optional parameters form command line,
+                # and then use the optional parameters which gotten from the config file.
+                ssl_verify = config.get(CONFIG_SSL_VERIFY_KEY_NAME)
+                insecure = config.get(CONFIG_INSECURE_KEY_NAME)
+                if ssl_verify == insecure:
+                    # Give a warning if ssl_verify == insecure in config file
+                    print("In config file, the values of ssl_verify and insecure can't be the same")
+                    sys.exit(1)
+                if insecure is not None:
+                    sys.stderr.write("Warning: '%s' option is deprecated; please use '%s' instead\n" % (
+                        CONFIG_INSECURE_KEY_NAME, CONFIG_SSL_VERIFY_KEY_NAME))
+                    if insecure:
+                        ssl_verify = not insecure
+                    else:
+                        # The value of ssl_verify is the path to CA file or not insecure.
+                        ssl_verify = ssl_verify or not insecure
+            elif ca_cert_or_insecure is True:
+                ssl_verify = False
+            else:
+                ssl_verify = ca_cert_or_insecure
             develop = config.get(CONFIG_DEVELOP_KEY_NAME, develop)
             token = config.get(CONFIG_TOKEN_KEY_NAME, token)
 

pdc_client/runner.py

@@ -151,12 +151,12 @@ def setup(self):
 
     def run(self, args=None):
         self.args = self.parser.parse_args(args=args)
-        ssl_verify = self.args.ca_cert or not self.args.insecure
+        ca_cert_or_insecure = self.args.ca_cert or self.args.insecure
         if self.args.insecure:
             requests.packages.urllib3.disable_warnings(
                 requests.packages.urllib3.exceptions.InsecureRequestWarning)
         self.client = pdc_client.PDCClient(self.args.server, page_size=self.args.page_size,
-                                           ssl_verify=ssl_verify)
+                                           ca_cert_or_insecure=ca_cert_or_insecure)
         try:
             self.args.func(self.args)
         except beanbag.BeanBagException as exc: