Skip to content

Add optional custom ca_file_path setting to pack config #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
danxg87 wants to merge 2 commits into from
Closed

Add optional custom ca_file_path setting to pack config #54

danxg87 wants to merge 2 commits into from

Conversation

@danxg87
Copy link
Contributor

@danxg87 danxg87 commented May 2, 2025

Our use case / deployment of Netbox uses internal CA certificates that are not recognized/available in the current Netbox pack.

Adding a pack config to specify the custom ca_file_path, which then is set for netbox requests, would allow us to very easily change/use specific CA certificates AND ssl_verify: true without things exploding as the requests lib uses the default venv's cert file.

@danxg87 danxg87 requested review from a team, abhi1693 and lampwins as code owners May 2, 2025 19:39
@danxg87 danxg87 requested review from Kami and removed request for a team May 2, 2025 19:39
@nzlosh
Copy link
Contributor

nzlosh commented May 3, 2025

The environment variable REQUESTS_CA_BUNDLE can be set in /etc/default/st2actionrunner so processing this in the action should not be necessary.

# cat /etc/default/st2actionrunner 
REQUESTS_CA_BUNDLE='/etc/ssl/certs'

# st2ctl restart

# st2 run core.local cmd='echo $REQUESTS_CA_BUNDLE'
.
id: 6815c9337980ea9d95bb1101
action.ref: core.local
context.user: st2admin
parameters: 
  cmd: echo $REQUESTS_CA_BUNDLE
status: succeeded
start_timestamp: Sat, 03 May 2025 07:43:47 UTC
end_timestamp: Sat, 03 May 2025 07:43:47 UTC
result: 
  failed: false
  return_code: 0
  stderr: ''
  stdout: /etc/ssl/certs
  succeeded: true

When REQUESTS_CA_BUNDLE is detected by the requests module, it automatically enable tls verification.

@danxg87
Copy link
Contributor Author

danxg87 commented May 7, 2025

The environment variable REQUESTS_CA_BUNDLE can be set in /etc/default/st2actionrunner so processing this in the action should not be necessary.

# cat /etc/default/st2actionrunner 
REQUESTS_CA_BUNDLE='/etc/ssl/certs'

# st2ctl restart

# st2 run core.local cmd='echo $REQUESTS_CA_BUNDLE'
.
id: 6815c9337980ea9d95bb1101
action.ref: core.local
context.user: st2admin
parameters: 
  cmd: echo $REQUESTS_CA_BUNDLE
status: succeeded
start_timestamp: Sat, 03 May 2025 07:43:47 UTC
end_timestamp: Sat, 03 May 2025 07:43:47 UTC
result: 
  failed: false
  return_code: 0
  stderr: ''
  stdout: /etc/ssl/certs
  succeeded: true

When REQUESTS_CA_BUNDLE is detected by the requests module, it automatically enable tls verification.

TIL! TYVM! Closing this out in that case.

@danxg87 danxg87 closed this May 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lampwins lampwins Awaiting requested review from lampwins lampwins is a code owner

@abhi1693 abhi1693 Awaiting requested review from abhi1693 abhi1693 is a code owner

@Kami Kami Awaiting requested review from Kami Kami is a code owner automatically assigned from StackStorm-Exchange/tsc

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danxg87 @nzlosh