Allow to set 'ssl_verify' config for jira plugin

did/plugins/jira.py

@@ -9,6 +9,7 @@
     prefix = JIRA
     project = ORG
     url = https://issues.jboss.org/
+    ssl_verify = true
 
 Configuration example (basic authentication)::
 
@@ -22,8 +23,9 @@
     auth_username = username
     auth_password = password
 
-Notes:
 
+Notes:
+Use ``ssl_verify`` to enable/disable SSL verification (default: true)
 * ``auth_url`` parameter is optional. If not provided,
   ``url + "/step-auth-gss"`` will be used for authentication.
 * ``auth_type`` parameter is optional, default value is 'gss'.
@@ -37,7 +39,9 @@
 import urllib
 import urllib2
 import requests
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
 import dateutil.parser
+import distutils.util
 from requests_gssapi import HTTPSPNEGOAuth, DISABLED
 
 from did.utils import log, pretty, listed
@@ -53,19 +57,23 @@
 # Supported authentication types
 AUTH_TYPES = ["gss", "basic"]
 
+# Enable ssl verify
+SSL_VERIFY = True
+
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #  Issue Investigator
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 class Issue(object):
     """ Jira issue investigator """
 
-    def __init__(self, issue=None, prefix=None):
+    def __init__(self, issue=None, prefix=None, ssl_verify=SSL_VERIFY):
         """ Initialize issue """
         if issue is None:
             return
         self.issue = issue
         self.key = issue["key"]
+        self.ssl_verify = ssl_verify
         self.summary = issue["fields"]["summary"]
         self.comments = issue["fields"]["comment"]["comments"]
         matched = re.match(r"(\w+)-(\d+)", self.key)
@@ -219,6 +227,15 @@ def __init__(self, option, name=None, parent=None, user=None):
                 raise ReportError(
                     "`auth_password` is only valid for basic authentication"
                     + " (section [{0}])".format(option))
+        # SSL verification
+        if "ssl_verify" in config:
+            try:
+                self.ssl_verify = distutils.util.strtobool(config["ssl_verify"])
+            except Exception as e:
+                raise ReportError("Error when parse `ssl_verify`: %s" %str(e))
+        else:
+            self.ssl_verify = SSL_VERIFY
+
         # Make sure we have project set
         if "project" not in config:
             raise ReportError(
@@ -245,12 +262,15 @@ def session(self):
         if self._session is None:
             self._session = requests.Session()
             log.debug("Connecting to {0}".format(self.auth_url))
+            # Disable SSL warning when ssl_verify is False
+            if not self.ssl_verify:
+                requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
             if self.auth_type == 'basic':
                 basic_auth = (self.auth_username, self.auth_password)
-                response = self._session.get(self.auth_url, auth=basic_auth)
+                response = self._session.get(self.auth_url, auth=basic_auth, verify=self.ssl_verify)
             else:
                 gssapi_auth = HTTPSPNEGOAuth(mutual_authentication=DISABLED)
-                response = self._session.get(self.auth_url, auth=gssapi_auth)
+                response = self._session.get(self.auth_url, auth=gssapi_auth, verify=self.ssl_verify)
             try:
                 response.raise_for_status()
             except requests.exceptions.HTTPError as error:

examples/config

@@ -68,6 +68,7 @@ type = jira
 prefix = JIRA
 project = ORG
 url = https://issues.jboss.org/
+ssl_verify = true
 
 [sentry]
 type = sentry

tests/plugins/test_jira.py

@@ -38,6 +38,7 @@ def test_config_basic_auth():
                     auth_type = basic
                     auth_username = tom
                     auth_password = motak
+                    ssl_verify = 0
                     """)
     stats = JiraStats("jira")
 
@@ -64,6 +65,11 @@ def test_config_gss_and_password():
                       + "auth_type = gss\n"
                       + "auth_password = tom\n")
 
+def test_config_invaliad_ssl_verify():
+    """  Test ssl_verify with wrong bool value """
+    assert_conf_error(CONFIG + "\n"
+                      + "ssl_verify = ss\n")
+
 def assert_conf_error(config, expected_error=ReportError):
     """  Test given configuration and check that given error type is raised """
     did.base.Config(config)