[airflow] branch main updated: In `DockerOperator`, adding an attribute `tls_verify` to choose whether to validate certificate (#30309) (#30310)

Fri, 14 Apr 2023 03:18:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

eladkal pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new c1a685f752 In `DockerOperator`, adding an attribute `tls_verify` to 
choose whether to validate certificate (#30309) (#30310)
c1a685f752 is described below

commit c1a685f752703eeb01f9369612af8c88c24cca09
Author: oboki <[email protected]>
AuthorDate: Fri Apr 14 19:17:42 2023 +0900

    In `DockerOperator`, adding an attribute `tls_verify` to choose whether to 
validate certificate (#30309) (#30310)
    
    * add `tls_verify` to choose whether to validate certificate (#30309)
    
    ---------
    
    Co-authored-by: Hussein Awala <[email protected]>
---
 airflow/providers/docker/hooks/docker.py        | 4 +++-
 airflow/providers/docker/operators/docker.py    | 4 ++++
 tests/providers/docker/operators/test_docker.py | 2 ++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/airflow/providers/docker/hooks/docker.py 
b/airflow/providers/docker/hooks/docker.py
index d22d28c398..d67846e9ec 100644
--- a/airflow/providers/docker/hooks/docker.py
+++ b/airflow/providers/docker/hooks/docker.py
@@ -87,6 +87,7 @@ class DockerHook(BaseHook):
         ca_cert: str | None = None,
         client_cert: str | None = None,
         client_key: str | None = None,
+        verify: bool = True,
         assert_hostname: str | bool | None = None,
         ssl_version: str | None = None,
     ) -> TLSConfig | bool:
@@ -96,6 +97,7 @@ class DockerHook(BaseHook):
         :param ca_cert: Path to a PEM-encoded CA (Certificate Authority) 
certificate file.
         :param client_cert: Path to PEM-encoded certificate file.
         :param client_key: Path to PEM-encoded key file.
+        :param verify: Set ``True`` to verify the validity of the provided 
certificate.
         :param assert_hostname: Hostname to match against the docker server 
certificate
             or ``False`` to disable the check.
         :param ssl_version: Version of SSL to use when communicating with 
docker daemon.
@@ -106,7 +108,7 @@ class DockerHook(BaseHook):
             return TLSConfig(
                 ca_cert=ca_cert,
                 client_cert=(client_cert, client_key),
-                verify=True,
+                verify=verify,
                 ssl_version=ssl_version,
                 assert_hostname=assert_hostname,
             )
diff --git a/airflow/providers/docker/operators/docker.py 
b/airflow/providers/docker/operators/docker.py
index 634662b1d4..a626375e21 100644
--- a/airflow/providers/docker/operators/docker.py
+++ b/airflow/providers/docker/operators/docker.py
@@ -112,6 +112,7 @@ class DockerOperator(BaseOperator):
     :param tls_client_cert: Path to the PEM-encoded certificate
         used to authenticate docker client.
     :param tls_client_key: Path to the PEM-encoded key used to authenticate 
docker client.
+    :param tls_verify: Set ``True`` to verify the validity of the provided 
certificate.
     :param tls_hostname: Hostname to match against
         the docker server certificate or False to disable the check.
     :param tls_ssl_version: Version of SSL to use when communicating with 
docker daemon.
@@ -186,6 +187,7 @@ class DockerOperator(BaseOperator):
         tls_ca_cert: str | None = None,
         tls_client_cert: str | None = None,
         tls_client_key: str | None = None,
+        tls_verify: bool = True,
         tls_hostname: str | bool | None = None,
         tls_ssl_version: str | None = None,
         mount_tmp_dir: bool = True,
@@ -248,6 +250,7 @@ class DockerOperator(BaseOperator):
         self.tls_ca_cert = tls_ca_cert
         self.tls_client_cert = tls_client_cert
         self.tls_client_key = tls_client_key
+        self.tls_verify = tls_verify
         self.tls_hostname = tls_hostname
         self.tls_ssl_version = tls_ssl_version
         self.mount_tmp_dir = mount_tmp_dir
@@ -282,6 +285,7 @@ class DockerOperator(BaseOperator):
             ca_cert=self.tls_ca_cert,
             client_cert=self.tls_client_cert,
             client_key=self.tls_client_key,
+            verify=self.tls_verify,
             assert_hostname=self.tls_hostname,
             ssl_version=self.tls_ssl_version,
         )
diff --git a/tests/providers/docker/operators/test_docker.py 
b/tests/providers/docker/operators/test_docker.py
index 8ab48a3e67..d1ff2acbaf 100644
--- a/tests/providers/docker/operators/test_docker.py
+++ b/tests/providers/docker/operators/test_docker.py
@@ -51,6 +51,7 @@ TEMPDIR_MOCK_RETURN_VALUE = "/mkdtemp"
                 "tls_ca_cert": "foo",
                 "tls_client_cert": "bar",
                 "tls_client_key": "spam",
+                "tls_verify": True,
                 "tls_hostname": "egg",
                 "tls_ssl_version": "super-secure",
             },
@@ -65,6 +66,7 @@ def test_hook_usage(docker_hook_patcher, docker_conn_id, 
tls_params: dict):
         "ca_cert": tls_params.get("tls_ca_cert"),
         "client_cert": tls_params.get("tls_client_cert"),
         "client_key": tls_params.get("tls_client_key"),
+        "verify": tls_params.get("tls_verify", True),
         "assert_hostname": tls_params.get("tls_hostname"),
         "ssl_version": tls_params.get("tls_ssl_version"),
     }

Reply via email to