Merge pull request #107 from mbohlool/master

Support insecure-skip-tls-verify config flag

Author: mbohlool

kubernetes/config/kube_config.py

@@ -189,12 +189,14 @@ def _load_cluster_info(self):
                 self.key_file = FileOrData(
                     self._user, 'client-key',
                     file_base_path=self._config_base_path).as_file()
+        if 'insecure-skip-tls-verify' in self._cluster:
+            self.verify_ssl = not self._cluster['insecure-skip-tls-verify']
 
     def _set_config(self):
         if 'token' in self.__dict__:
             self._client_configuration.api_key['authorization'] = self.token
         # copy these keys directly from self to configuration object
-        keys = ['host', 'ssl_ca_cert', 'cert_file', 'key_file']
+        keys = ['host', 'ssl_ca_cert', 'cert_file', 'key_file', 'verify_ssl']
         for key in keys:
             if key in self.__dict__:
                 setattr(self._client_configuration, key, getattr(self, key))

kubernetes/config/kube_config_test.py

@@ -235,13 +235,17 @@ def __eq__(self, other):
             if k not in other.__dict__:
                 return
             if k in self.FILE_KEYS:
-                try:
-                    with open(v) as f1, open(other.__dict__[k]) as f2:
-                        if f1.read() != f2.read():
+                if v and other.__dict__[k]:
+                    try:
+                        with open(v) as f1, open(other.__dict__[k]) as f2:
+                            if f1.read() != f2.read():
+                                return
+                    except IOError:
+                        # fall back to only compare filenames in case we are
+                        # testing the passing of filenames to the config
+                        if other.__dict__[k] != v:
                             return
-                except IOError:
-                    # fall back to only compare filenames in case we are
-                    # testing the passing of filenames to the config
+                else:
                     if other.__dict__[k] != v:
                         return
             else:
@@ -301,6 +305,13 @@ class TestKubeConfigLoader(BaseTestCase):
                     "user": "ssl"
                 }
             },
+            {
+                "name": "no_ssl_verification",
+                "context": {
+                    "cluster": "no_ssl_verification",
+                    "user": "ssl"
+                }
+            },
             {
                 "name": "ssl-no_file",
                 "context": {
@@ -344,6 +355,13 @@ class TestKubeConfigLoader(BaseTestCase):
                     "certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64,
                 }
             },
+            {
+                "name": "no_ssl_verification",
+                "cluster": {
+                    "server": TEST_SSL_HOST,
+                    "insecure-skip-tls-verify": "true",
+                }
+            },
         ],
         "users": [
             {
@@ -487,6 +505,22 @@ def test_ssl(self):
             client_configuration=actual).load_and_set()
         self.assertEqual(expected, actual)
 
+    def test_ssl_no_verification(self):
+        expected = FakeConfig(
+            host=TEST_SSL_HOST,
+            token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64,
+            cert_file=self._create_temp_file(TEST_CLIENT_CERT),
+            key_file=self._create_temp_file(TEST_CLIENT_KEY),
+            verify_ssl=False,
+            ssl_ca_cert=None,
+        )
+        actual = FakeConfig()
+        KubeConfigLoader(
+            config_dict=self.TEST_KUBE_CONFIG,
+            active_context="no_ssl_verification",
+            client_configuration=actual).load_and_set()
+        self.assertEqual(expected, actual)
+
     def test_list_contexts(self):
         loader = KubeConfigLoader(
             config_dict=self.TEST_KUBE_CONFIG,