bugfix - verify_ssl parameter

jlwalke2 · jlwalke2 · commit d4ee7329bae4 · 2020-01-24T16:30:45.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@ Unreleased
 ----------
  -
  
+v1.4.6 (2020-1-24)
+------------------
+**Bugfixes**
+ - Fixed an issue where the `REQUESTS_CA_BUNDLE` environment variable was taking precedence over the `verify_ssl` parameter.
+
 v1.4.5 (2019-12-5)
 ------------------
 **Changes**
diff --git a/src/sasctl/__init__.py b/src/sasctl/__init__.py
@@ -4,7 +4,7 @@
 # Copyright © 2019, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-__version__ = '1.4.5'
+__version__ = '1.4.6'
 __author__ = 'SAS'
 __credits__ = ['Yi Jian Ching, Lucas De Paula, James Kochuba, Peter Tobac, '
                'Chris Toth, Jon Walker']
diff --git a/src/sasctl/core.py b/src/sasctl/core.py
@@ -387,7 +387,6 @@ def username(self):
     def hostname(self):
         return self._settings.get('domain')
 
-
     def send(self, request, **kwargs):
         if self.message_log.isEnabledFor(logging.DEBUG):
             r = copy.deepcopy(request)
@@ -431,6 +430,7 @@ def request(self, method, url,
                 hooks=None, stream=None, verify=None, cert=None, json=None):
 
         url = self._build_url(url)
+        verify = verify or self.verify
 
         try:
             return super(Session, self).request(method, url, params, data,
diff --git a/tests/unit/test_session.py b/tests/unit/test_session.py
@@ -280,6 +280,10 @@ def test_ssl_context():
 
 
 def test_verify_ssl(missing_packages):
+    # Clear environment variables
+    os.environ.pop('SSLREQCERT', None)
+    os.environ.pop('REQUESTS_CA_BUNDLE', None)
+
     with mock.patch('sasctl.core.Session.get_token', return_value='token'):
         # Should verify SSL by default
         s = Session('hostname', 'username', 'password')
@@ -315,6 +319,35 @@ def test_verify_ssl(missing_packages):
             s = Session('127.0.0.1', 'username', 'password', verify_ssl=True)
             assert s.verify == True
 
+    # Clear environment variables
+    os.environ.pop('SSLREQCERT', None)
+    os.environ.pop('REQUESTS_CA_BUNDLE', None)
+
+    # Ensure correct verify_ssl values are passed to requests module
+    with mock.patch('requests.Session.request') as req:
+        req.return_value.status_code = 200
+        s = Session('127.0.0.1', 'username', 'password')
+
+        # Check value passed to verify= parameter
+        assert req.call_args[0][13] == True
+        assert s.verify == True
+
+    with mock.patch('requests.Session.request') as req:
+        req.return_value.status_code = 200
+        s = Session('127.0.0.1', 'username', 'password', verify_ssl=False)
+
+        # Check value passed to verify= parameter
+        assert req.call_args[0][13] == False
+        assert s.verify == False
+
+    with mock.patch('requests.Session.request') as req:
+        # Explicit verify_ssl= flag should take precedence over env vars
+        os.environ['REQUESTS_CA_BUNDLE'] = 'dummy.crt'
+        s = Session('127.0.0.1', 'username', 'password', verify_ssl=False)
+
+        # Check value passed to verify= parameter
+        assert req.call_args[0][13] == False
+        assert s.verify == False
 
 
 def test_kerberos():
