Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support a setting to disable certificate verification #32

Closed
Kircheneer opened this issue Jun 17, 2022 · 4 comments · Fixed by #35
Closed

Support a setting to disable certificate verification #32

Kircheneer opened this issue Jun 17, 2022 · 4 comments · Fixed by #35
Labels
question Further information is requested

Comments

@Kircheneer
Copy link

Environment

  • Nautobot version: 1.3.3
  • secrets version: 1.2.0

Proposed Functionality

Implement a setting to allow for disabling of certificate verification. There used to be a workaround on the requests side to set the environment variable CURL_CA_BUNDLE to an empty value, but this is no longer possible as of requests version 2.28.0.

Use Case

In testing environments or during buildout of new environments there might be the need to disable certificate verification because self signed certificates are used.
@jathanism
Copy link
Contributor

@Kircheneer Thanks for the submission. Some questions:

  • Is this specific to a backend, or in general?
  • And if it is specific to a backend, can this be passed through with a kwarg a la verify_ssl=False to the calling client?

@jathanism jathanism added type: minor feature question Further information is requested and removed type: minor feature labels Jun 29, 2022
@Kircheneer
Copy link
Author

My question was mostly aiming for HC vault where you can pass verify=False to hvac.Client but I guess it could be something that's generally useful for all backends that can be deployed on-prem?

@glennmatthews glennmatthews mentioned this issue Jul 8, 2022
Closed
1 task
@nniehoff
Copy link
Contributor

This happens to be part of my PR #35 as using vault locally in a kubernetes cluster you might have a self signed cert so I added the verify capability to the hashicorp provider in general not just for kubernetes.

@glennmatthews
Copy link
Contributor

Implemented for Vault in #35 as the ca_cert configuration parameter.

@glennmatthews glennmatthews linked a pull request Jul 28, 2022 that will close this issue
Adding Kubernetes Authentication Method #35
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
No open projects
Nautobot Core ⚙️
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding Kubernetes Authentication Method nniehoff/nautobot-plugin-secrets-providers
4 participants
@jathanism @glennmatthews @Kircheneer @nniehoff