Add flag to disable certificate verification

Lawouach · Lawouach · commit 8514c35760d0 · 2020-04-29T14:56:10.000+02:00
Closes #163 Signed-off-by: Sylvain Hellegouarch <sh@defuze.org>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,11 @@
 ### Added
 
 - Only apply rollbacks if experiment has progressed past the initial steady state hypothesis [#168](168)
+- Allow to not verify certificates when connecting to a HTTPS endpoint using [#163](163)
+  self-signed certificate.
+
+[168]: https://github.com/chaostoolkit/chaostoolkit-lib/issues/168
+[163]: https://github.com/chaostoolkit/chaostoolkit-lib/issues/163
 
 ### Changed
 
diff --git a/chaoslib/loader.py b/chaoslib/loader.py
@@ -69,8 +69,8 @@ def parse_experiment_from_http(response: requests.Response) -> Experiment:
         "only files with json, yaml or yml extensions are supported")
 
 
-def load_experiment(experiment_source: str,
-                    settings: Settings = None) -> Experiment:
+def load_experiment(experiment_source: str, settings: Settings = None,
+                    verify_tls: bool = True) -> Experiment:
     """
     Load an experiment from the given source.
 
@@ -90,6 +90,10 @@ def load_experiment(experiment_source: str,
         type: digest
         value: UIY
     ```
+
+    Set `verify_tls` to `False` if the source is a over a self-signed
+    certificate HTTP endpoint to instruct the loader to not verify the
+    certificates.
     """
     with controls(level="loader", context=experiment_source) as control:
         if os.path.exists(experiment_source):
@@ -117,7 +121,7 @@ def load_experiment(experiment_source: str,
                         auth["type"], auth["value"])
                     break
 
-        r = requests.get(experiment_source, headers=headers)
+        r = requests.get(experiment_source, headers=headers, verify=verify_tls)
         if r.status_code != 200:
             raise InvalidSource(
                 "Failed to fetch the experiment: {}".format(r.text))
diff --git a/tests/test_loader.py b/tests/test_loader.py
@@ -7,6 +7,7 @@
 from chaoslib.exceptions import InvalidSource, InvalidExperiment
 from chaoslib.loader import load_experiment, parse_experiment_from_file
 from chaoslib.types import Settings
+import requests
 
 from fixtures import experiments
 
@@ -121,3 +122,26 @@ def test_http_loads_fails_when_known_type():
         )
         with pytest.raises(InvalidExperiment):
             load_experiment('http://example.com/experiment.yaml')
+
+
+def test_https_no_verification():
+    with requests_mock.mock() as m:
+        m.get(
+            'https://example.com/experiment.yaml', status_code=200,
+            headers={"Content-Type": "text/css"},
+            text="body {}"
+        )
+        with pytest.raises(InvalidExperiment):
+            load_experiment(
+                'https://example.com/experiment.yaml', verify_tls=False)
+
+
+def test_https_with_verification():
+    with requests_mock.mock() as m:
+        m.get(
+            'https://example.com/experiment.yaml',
+            exc=requests.exceptions.SSLError
+        )
+        with pytest.raises(requests.exceptions.SSLError):
+            load_experiment(
+                'https://example.com/experiment.yaml', verify_tls=True)
