feat: make use of ssl context for keycloack security

neomatamune · neomatamune · commit da8879a0b2c0 · 2024-12-03T10:29:26.000+01:00
diff --git a/CosmoTech_Acceleration_Library/__init__.py b/CosmoTech_Acceleration_Library/__init__.py
@@ -1,4 +1,4 @@
 # Copyright (c) Cosmo Tech corporation.
 # Licensed under the MIT license.
 
-__version__ = '0.8.6'
+__version__ = '0.8.7'
diff --git a/cosmotech/coal/cosmotech_api/connection.py b/cosmotech/coal/cosmotech_api/connection.py
@@ -6,6 +6,7 @@
 # specifically authorized by written means by Cosmo Tech.
 import os
 import pathlib
+import ssl
 
 import cosmotech_api
 
@@ -39,10 +40,12 @@ def get_api_client() -> (cosmotech_api.ApiClient, str):
                                    client_id=os.environ.get("IDP_CLIENT_ID"),
                                    realm_name=os.environ.get("IDP_TENANT_ID"),
                                    client_secret_key=os.environ.get("IDP_CLIENT_SECRET"))
-        if (ca_cert_path := os.environ.get("IDP_CA_CERT")) and pathlib.Path(os.environ.get("IDP_CA_CERT")).is_file():
+        if (ca_cert_path := os.environ.get("IDP_CA_CERT")) and pathlib.Path(os.environ.get("IDP_CA_CERT")).exists():
             LOGGER.info("Found Certificate Authority override for IDP connection, using it.")
-            keycloack_parameters["cert"] = ca_cert_path
-
+            if pathlib.Path(ca_cert_path).is_file():
+                keycloack_parameters["verify"] = ssl.create_default_context(cafile=ca_cert_path)
+            else:
+                keycloack_parameters["verify"] = ssl.create_default_context(capath=ca_cert_path)
         keycloak_openid = KeycloakOpenID(**keycloack_parameters)
 
         access_token = keycloak_openid.token(grant_type="client_credentials")
