diff --git a/kubernetes/config/kube_config.py b/kubernetes/config/kube_config.py index af06288a3a..b33b9c9d70 100644 --- a/kubernetes/config/kube_config.py +++ b/kubernetes/config/kube_config.py @@ -189,12 +189,14 @@ def _load_cluster_info(self): self.key_file = FileOrData( self._user, 'client-key', file_base_path=self._config_base_path).as_file() + if 'insecure-skip-tls-verify' in self._cluster: + self.verify_ssl = not self._cluster['insecure-skip-tls-verify'] def _set_config(self): if 'token' in self.__dict__: self._client_configuration.api_key['authorization'] = self.token # copy these keys directly from self to configuration object - keys = ['host', 'ssl_ca_cert', 'cert_file', 'key_file'] + keys = ['host', 'ssl_ca_cert', 'cert_file', 'key_file', 'verify_ssl'] for key in keys: if key in self.__dict__: setattr(self._client_configuration, key, getattr(self, key)) diff --git a/kubernetes/config/kube_config_test.py b/kubernetes/config/kube_config_test.py index f05cb0973c..6496486418 100644 --- a/kubernetes/config/kube_config_test.py +++ b/kubernetes/config/kube_config_test.py @@ -235,13 +235,17 @@ def __eq__(self, other): if k not in other.__dict__: return if k in self.FILE_KEYS: - try: - with open(v) as f1, open(other.__dict__[k]) as f2: - if f1.read() != f2.read(): + if v and other.__dict__[k]: + try: + with open(v) as f1, open(other.__dict__[k]) as f2: + if f1.read() != f2.read(): + return + except IOError: + # fall back to only compare filenames in case we are + # testing the passing of filenames to the config + if other.__dict__[k] != v: return - except IOError: - # fall back to only compare filenames in case we are - # testing the passing of filenames to the config + else: if other.__dict__[k] != v: return else: @@ -301,6 +305,13 @@ class TestKubeConfigLoader(BaseTestCase): "user": "ssl" } }, + { + "name": "no_ssl_verification", + "context": { + "cluster": "no_ssl_verification", + "user": "ssl" + } + }, { "name": "ssl-no_file", "context": { @@ -344,6 +355,13 @@ class TestKubeConfigLoader(BaseTestCase): "certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64, } }, + { + "name": "no_ssl_verification", + "cluster": { + "server": TEST_SSL_HOST, + "insecure-skip-tls-verify": "true", + } + }, ], "users": [ { @@ -487,6 +505,22 @@ def test_ssl(self): client_configuration=actual).load_and_set() self.assertEqual(expected, actual) + def test_ssl_no_verification(self): + expected = FakeConfig( + host=TEST_SSL_HOST, + token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, + cert_file=self._create_temp_file(TEST_CLIENT_CERT), + key_file=self._create_temp_file(TEST_CLIENT_KEY), + verify_ssl=False, + ssl_ca_cert=None, + ) + actual = FakeConfig() + KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="no_ssl_verification", + client_configuration=actual).load_and_set() + self.assertEqual(expected, actual) + def test_list_contexts(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG,