From 362cbf7f9ef6f2d65b0446b8fe265518e382cb81 Mon Sep 17 00:00:00 2001
From: Jakub Bednar <jakub.bednar@gmail.com>
Date: Mon, 10 Aug 2020 10:08:56 +0200
Subject: [PATCH] feat: skip of verifying SSL certificate could be configured
 via config file or environment properties

---
 CHANGELOG.md                              |  3 +-
 README.rst                                |  3 ++
 influxdb_client/client/influxdb_client.py | 38 ++++++++++++++++++++---
 tests/config-disabled-ssl.ini             | 11 +++++++
 tests/test_InfluxDBClient.py              | 24 +++++++++++++-
 5 files changed, 72 insertions(+), 7 deletions(-)
 create mode 100644 tests/config-disabled-ssl.ini

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d02592f..29207c13 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,8 @@
 ## 1.10.0 [unreleased]
 
 ### Features
-1. [#136](https://github.com/influxdata/influxdb-client-python/pull/136): Allows users to skip of verifying SSL certificate 
+1. [#136](https://github.com/influxdata/influxdb-client-python/pull/136): Allows users to skip of verifying SSL certificate
+1. [#143](https://github.com/influxdata/influxdb-client-python/pull/143): Skip of verifying SSL certificate could be configured via config file or environment properties  
 
 ## 1.9.0 [2020-07-17]
 
diff --git a/README.rst b/README.rst
index 6630c4ac..7f414500 100644
--- a/README.rst
+++ b/README.rst
@@ -169,6 +169,7 @@ The following options are supported:
 - ``org`` - default destination organization for writes and queries
 - ``token`` - the token to use for the authorization
 - ``timeout`` - socket timeout in ms (default value is 10000)
+- ``verify_ssl`` - set this to false to skip verifying SSL certificate when calling API from https server
 
 .. code-block:: python
 
@@ -181,6 +182,7 @@ The following options are supported:
     org=my-org
     token=my-token
     timeout=6000
+    verify_ssl=False
 
 Via Environment Properties
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -192,6 +194,7 @@ Supported properties are:
 - ``INFLUXDB_V2_ORG`` - default destination organization for writes and queries
 - ``INFLUXDB_V2_TOKEN`` - the token to use for the authorization
 - ``INFLUXDB_V2_TIMEOUT`` - socket timeout in ms (default value is 10000)
+- ``INFLUXDB_V2_VERIFY_SSL`` - set this to false to skip verifying SSL certificate when calling API from https server
 
 .. code-block:: python
 
diff --git a/influxdb_client/client/influxdb_client.py b/influxdb_client/client/influxdb_client.py
index 08a37bc7..af2c8177 100644
--- a/influxdb_client/client/influxdb_client.py
+++ b/influxdb_client/client/influxdb_client.py
@@ -60,7 +60,16 @@ def __init__(self, url, token, debug=None, timeout=10000, enable_gzip=False, org
 
     @classmethod
     def from_config_file(cls, config_file: str = "config.ini", debug=None, enable_gzip=False):
-        """Configure client via '*.ini' file in segment 'influx2'."""
+        """
+        Configure client via '*.ini' file in segment 'influx2'.
+
+        Supported options:
+            - url
+            - org
+            - token
+            - timeout,
+            - verify_ssl
+        """
         config = configparser.ConfigParser()
         config.read(config_file)
 
@@ -77,6 +86,10 @@ def from_config_file(cls, config_file: str = "config.ini", debug=None, enable_gz
         if config.has_option('influx2', 'org'):
             org = config['influx2']['org']
 
+        verify_ssl = True
+        if config.has_option('influx2', 'verify_ssl'):
+            verify_ssl = config['influx2']['verify_ssl']
+
         default_tags = None
 
         if config.has_section('tags'):
@@ -84,17 +97,28 @@ def from_config_file(cls, config_file: str = "config.ini", debug=None, enable_gz
 
         if timeout:
             return cls(url, token, debug=debug, timeout=int(timeout), org=org, default_tags=default_tags,
-                       enable_gzip=enable_gzip)
+                       enable_gzip=enable_gzip, verify_ssl=_to_bool(verify_ssl))
 
-        return cls(url, token, debug=debug, org=org, default_tags=default_tags, enable_gzip=enable_gzip)
+        return cls(url, token, debug=debug, org=org, default_tags=default_tags, enable_gzip=enable_gzip,
+                   verify_ssl=_to_bool(verify_ssl))
 
     @classmethod
     def from_env_properties(cls, debug=None, enable_gzip=False):
-        """Configure client via environment properties."""
+        """
+        Configure client via environment properties.
+
+        Supported environment properties:
+            - INFLUXDB_V2_URL
+            - INFLUXDB_V2_ORG
+            - INFLUXDB_V2_TOKEN
+            - INFLUXDB_V2_TIMEOUT
+            - INFLUXDB_V2_VERIFY_SSL
+        """
         url = os.getenv('INFLUXDB_V2_URL', "http://localhost:9999")
         token = os.getenv('INFLUXDB_V2_TOKEN', "my-token")
         timeout = os.getenv('INFLUXDB_V2_TIMEOUT', "10000")
         org = os.getenv('INFLUXDB_V2_ORG', "my-org")
+        verify_ssl = os.getenv('INFLUXDB_V2_VERIFY_SSL', "True")
 
         default_tags = dict()
 
@@ -103,7 +127,7 @@ def from_env_properties(cls, debug=None, enable_gzip=False):
                 default_tags[key[16:].lower()] = value
 
         return cls(url, token, debug=debug, timeout=int(timeout), org=org, default_tags=default_tags,
-                   enable_gzip=enable_gzip)
+                   enable_gzip=enable_gzip, verify_ssl=_to_bool(verify_ssl))
 
     def write_api(self, write_options=WriteOptions(), point_settings=PointSettings()) -> WriteApi:
         """
@@ -247,3 +271,7 @@ def update_request_body(self, path: str, body):
                     return gzip.compress(bytes(_body, "utf-8"))
 
         return _body
+
+
+def _to_bool(verify_ssl):
+    return str(verify_ssl).lower() in ("yes", "true")
diff --git a/tests/config-disabled-ssl.ini b/tests/config-disabled-ssl.ini
new file mode 100644
index 00000000..72215b66
--- /dev/null
+++ b/tests/config-disabled-ssl.ini
@@ -0,0 +1,11 @@
+[influx2]
+url=http://localhost:9999
+org=my-org
+token=my-token
+timeout=6000
+verify_ssl=False
+
+[tags]
+id = 132-987-655
+customer = California Miner
+data_center = ${env.data_center}
\ No newline at end of file
diff --git a/tests/test_InfluxDBClient.py b/tests/test_InfluxDBClient.py
index 6efef670..fbe9c0b9 100644
--- a/tests/test_InfluxDBClient.py
+++ b/tests/test_InfluxDBClient.py
@@ -1,5 +1,6 @@
 import http.server
 import json
+import os
 import threading
 import unittest
 
@@ -26,7 +27,6 @@ def test_TrailingSlashInUrl(self):
     def test_ConnectToSelfSignedServer(self):
         import http.server
         import ssl
-        import os
 
         # Disable unverified HTTPS requests
         import urllib3
@@ -49,6 +49,28 @@ def test_ConnectToSelfSignedServer(self):
         self.assertEqual(health.status, "pass")
         self.assertEqual(health.name, "influxdb")
 
+    def test_init_from_file_ssl_default(self):
+        self.client = InfluxDBClient.from_config_file(f'{os.path.dirname(__file__)}/config.ini')
+
+        self.assertTrue(self.client.api_client.configuration.verify_ssl)
+
+    def test_init_from_file_ssl(self):
+        self.client = InfluxDBClient.from_config_file(f'{os.path.dirname(__file__)}/config-disabled-ssl.ini')
+
+        self.assertFalse(self.client.api_client.configuration.verify_ssl)
+
+    def test_init_from_env_ssl_default(self):
+        del os.environ["INFLUXDB_V2_VERIFY_SSL"]
+        self.client = InfluxDBClient.from_env_properties()
+
+        self.assertTrue(self.client.api_client.configuration.verify_ssl)
+
+    def test_init_from_env_ssl(self):
+        os.environ["INFLUXDB_V2_VERIFY_SSL"] = "False"
+        self.client = InfluxDBClient.from_env_properties()
+
+        self.assertFalse(self.client.api_client.configuration.verify_ssl)
+
 
 class ServerWithSelfSingedSSL(http.server.SimpleHTTPRequestHandler):
     def _set_headers(self):