Add option '--no-cert-checks' for 'upload' sub command.

This option allow to bypass verification ssl certification while
establishing connection with Gerrit to upload review.

Change-Id: If2e15f5a273c18a700eb5093ca8a4d5a4cbf80cd
This commit is contained in:
Łukasz Gardoń 2017-08-08 10:18:11 +02:00
parent c94d6eb902
commit bed59cec5e
3 changed files with 20 additions and 7 deletions

View File

@ -20,6 +20,7 @@ import errno
import json import json
import os import os
import re import re
import ssl
import subprocess import subprocess
import sys import sys
try: try:
@ -604,7 +605,7 @@ class Remote(object):
connectionUrl = self._InsteadOf() connectionUrl = self._InsteadOf()
return _preconnect(connectionUrl) return _preconnect(connectionUrl)
def ReviewUrl(self, userEmail): def ReviewUrl(self, userEmail, validate_certs):
if self._review_url is None: if self._review_url is None:
if self.review is None: if self.review is None:
return None return None
@ -637,6 +638,10 @@ class Remote(object):
else: else:
try: try:
info_url = u + 'ssh_info' info_url = u + 'ssh_info'
if not validate_certs:
context = ssl._create_unverified_context()
info = urllib.request.urlopen(info_url, context=context).read()
else:
info = urllib.request.urlopen(info_url).read() info = urllib.request.urlopen(info_url).read()
if info == 'NOT_AVAILABLE' or '<' in info: if info == 'NOT_AVAILABLE' or '<' in info:
# If `info` contains '<', we assume the server gave us some sort # If `info` contains '<', we assume the server gave us some sort

View File

@ -178,14 +178,16 @@ class ReviewableBranch(object):
draft=False, draft=False,
private=False, private=False,
wip=False, wip=False,
dest_branch=None): dest_branch=None,
validate_certs=True):
self.project.UploadForReview(self.name, self.project.UploadForReview(self.name,
people, people,
auto_topic=auto_topic, auto_topic=auto_topic,
draft=draft, draft=draft,
private=private, private=private,
wip=wip, wip=wip,
dest_branch=dest_branch) dest_branch=dest_branch,
validate_certs=validate_certs)
def GetPublishedRefs(self): def GetPublishedRefs(self):
refs = {} refs = {}
@ -1113,7 +1115,8 @@ class Project(object):
draft=False, draft=False,
private=False, private=False,
wip=False, wip=False,
dest_branch=None): dest_branch=None,
validate_certs=True):
"""Uploads the named branch for code review. """Uploads the named branch for code review.
""" """
if branch is None: if branch is None:
@ -1138,7 +1141,7 @@ class Project(object):
branch.remote.projectname = self.name branch.remote.projectname = self.name
branch.remote.Save() branch.remote.Save()
url = branch.remote.ReviewUrl(self.UserEmail) url = branch.remote.ReviewUrl(self.UserEmail, validate_certs)
if url is None: if url is None:
raise UploadError('review not configured') raise UploadError('review not configured')
cmd = ['push'] cmd = ['push']

View File

@ -181,6 +181,9 @@ Gerrit Code Review: http://code.google.com/p/gerrit/
# Never run upload hooks, but upload anyway (AKA bypass hooks). # Never run upload hooks, but upload anyway (AKA bypass hooks).
# - no-verify=True, verify=True: # - no-verify=True, verify=True:
# Invalid # Invalid
p.add_option('--no-cert-checks',
dest='validate_certs', action='store_false', default=True,
help='Disable verifying ssl certs (unsafe).')
p.add_option('--no-verify', p.add_option('--no-verify',
dest='bypass_hooks', action='store_true', dest='bypass_hooks', action='store_true',
help='Do not run the upload hook.') help='Do not run the upload hook.')
@ -389,7 +392,9 @@ Gerrit Code Review: http://code.google.com/p/gerrit/
draft=opt.draft, draft=opt.draft,
private=opt.private, private=opt.private,
wip=opt.wip, wip=opt.wip,
dest_branch=destination) dest_branch=destination,
validate_certs=opt.validate_certs)
branch.uploaded = True branch.uploaded = True
except UploadError as e: except UploadError as e:
branch.error = e branch.error = e