Fix SSL shenanigans with a hack to allow the user to specify the CA bundle file

This commit is contained in:
mike 2023-08-12 04:45:57 -07:00
parent 1a6dcdeb78
commit e665ba79d7
2 changed files with 27 additions and 2 deletions

View File

@ -4,6 +4,8 @@ import giteapy
import logging import logging
import sys import sys
import certifi
class Migrator: class Migrator:
@ -101,6 +103,15 @@ class Migrator:
self.__verify_ssl = b self.__verify_ssl = b
def set_ca_bundle(self, bundle_path: str):
self.__logger.info("Setting certificate bundle path")
# Hacky but oh well
self.__logger.info(f"Old path: {certifi.where()}")
certifi.core._CACERT_PATH = bundle_path
self.__logger.info(f"New path: {certifi.where()}")
def migrate_entire_org( def migrate_entire_org(
self, self,
interactive: bool = True, interactive: bool = True,
@ -118,6 +129,9 @@ class Migrator:
api_source: giteapy.OrganizationApi api_source: giteapy.OrganizationApi
api_destination: giteapy.OrganizationApi api_destination: giteapy.OrganizationApi
# Tattle on certify
self.__logger.info(f"Certifi is currently using CA bundle: {certifi.where()}")
# Grab all org repos # Grab all org repos
source_repos = self._fetch_all_org_repos(org=source_org) source_repos = self._fetch_all_org_repos(org=source_org)
self.__logger.info(f"Found {len(source_repos)} repos on source:") self.__logger.info(f"Found {len(source_repos)} repos on source:")

15
main.py
View File

@ -23,7 +23,7 @@ def main():
dest="source_port", dest="source_port",
required=False, required=False,
default=None, default=None,
help="Port of the source server" help="Port of the source server. Requests will use https (not ssh), so you probably don't want to change this."
) )
parser.add_argument( parser.add_argument(
"--source-token", "--source-token",
@ -57,7 +57,7 @@ def main():
dest="destination_port", dest="destination_port",
required=False, required=False,
default=None, default=None,
help="Port of the destination server" help="Port of the destination server. Requests will use https (not ssh), so you probably don't want to change this."
) )
parser.add_argument( parser.add_argument(
"--destination-token", "--dest-token", "--destination-token", "--dest-token",
@ -124,6 +124,13 @@ def main():
help="Don't verify SSL certificates", help="Don't verify SSL certificates",
) )
parser.add_argument(
"--ca-bundle",
dest="ca_bundle",
default=None,
help="Specify the location of your system-wide CA Bundle, in case python is not using it."
)
args = parser.parse_args() args = parser.parse_args()
mig = Migrator( mig = Migrator(
source_host=args.source_hostname, source_host=args.source_hostname,
@ -133,7 +140,11 @@ def main():
destination_port=args.destination_port, destination_port=args.destination_port,
destination_token=args.destination_token destination_token=args.destination_token
) )
mig.set_verify_ssl(args.verify_ssl) mig.set_verify_ssl(args.verify_ssl)
if args.ca_bundle:
mig.set_ca_bundle(args.ca_bundle)
mig.migrate_entire_org( mig.migrate_entire_org(
interactive=args.interactive, interactive=args.interactive,
source_org=args.source_org, source_org=args.source_org,