[airflow] branch main updated: fix: change disable_verify_ssl behaviour (#25023)

potiuk Thu, 28 Jul 2022 10:46:54 -0700

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git



The following commit(s) were added to refs/heads/main by this push:
     new 2071519e74 fix: change disable_verify_ssl behaviour (#25023)
2071519e74 is described below

commit 2071519e7462cfc7613c50dc42acb4672dbca4a7
Author: wselfjes <[email protected]>
AuthorDate: Thu Jul 28 20:46:40 2022 +0300

    fix: change disable_verify_ssl behaviour (#25023)
    
    The problem is that verify_ssl is overwritten by the
    configuration from the kube_config or load_incluster_config file.
---
 airflow/kubernetes/kube_client.py | 11 +++++++----
 tests/kubernetes/test_client.py   | 13 +++++++++++++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/airflow/kubernetes/kube_client.py 
b/airflow/kubernetes/kube_client.py
index 7e6ba05119..c42ef6191f 100644
--- a/airflow/kubernetes/kube_client.py
+++ b/airflow/kubernetes/kube_client.py
@@ -30,7 +30,10 @@ try:
     has_kubernetes = True
 
     def _disable_verify_ssl() -> None:
-        configuration = Configuration()
+        if hasattr(Configuration, 'get_default_copy'):
+            configuration = Configuration.get_default_copy()
+        else:
+            configuration = Configuration()
         configuration.verify_ssl = False
         Configuration.set_default(configuration)
 
@@ -100,9 +103,6 @@ def get_kube_client(
     if conf.getboolean('kubernetes', 'enable_tcp_keepalive'):
         _enable_tcp_keepalive()
 
-    if not conf.getboolean('kubernetes', 'verify_ssl'):
-        _disable_verify_ssl()
-
     if in_cluster:
         config.load_incluster_config()
     else:
@@ -112,4 +112,7 @@ def get_kube_client(
             config_file = conf.get('kubernetes', 'config_file', fallback=None)
         config.load_kube_config(config_file=config_file, 
context=cluster_context)
 
+    if not conf.getboolean('kubernetes', 'verify_ssl'):
+        _disable_verify_ssl()
+
     return client.CoreV1Api()
diff --git a/tests/kubernetes/test_client.py b/tests/kubernetes/test_client.py
index ce040cf3ed..d144456c49 100644
--- a/tests/kubernetes/test_client.py
+++ b/tests/kubernetes/test_client.py
@@ -38,6 +38,19 @@ class TestClient(unittest.TestCase):
         assert config.load_incluster_config.not_called
         assert config.load_kube_config.called
 
+    @mock.patch('airflow.kubernetes.kube_client.config')
+    @mock.patch('airflow.kubernetes.kube_client.conf')
+    def test_load_config_disable_ssl(self, conf, config):
+        conf.getboolean.return_value = False
+        get_kube_client(in_cluster=False)
+        conf.getboolean.assert_called_with('kubernetes', 'verify_ssl')
+        # Support wide range of kube client libraries
+        if hasattr(Configuration, 'get_default_copy'):
+            configuration = Configuration.get_default_copy()
+        else:
+            configuration = Configuration()
+        self.assertFalse(configuration.verify_ssl)
+
     def test_enable_tcp_keepalive(self):
         socket_options = [
             (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1),

[airflow] branch main updated: fix: change disable_verify_ssl behaviour (#25023)

Reply via email to