unable to use private CA certificate with contract server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Livepatch On-Prem |
Triaged
|
High
|
Unassigned |
Bug Description
When trying to run the get-resource-token action with an on-prem contract server using a certificate signed by a private CA, the action fails with this exception:
# ./actions/
Failed to retrieve resource token HTTPSConnection
I believe the issue lies in this piece of code:
def get_resource_
"""
Retrieve a resource token for the livepatch-onprem
resource.
"""
if proxies is not None:
headers = {'Authorization': 'Bearer {}'.format(
try:
req = rsession.get(
data = req.json()
return data
except requests.
return None
except KeyError:
return None
The python requests module in the charm context is using this CA cert file:
/var/lib/
Which does not contain any certificates imported via `/usr/local/
One option to fix this, would be to expose a config option to set the CA cert file to be used and add the `verify` argument to the `get` call e.g.:
req = rsession.get(
e.g. CA_BUNDLE = '/etc/ssl/
description: | updated |
Hi, thanks for the bug report. I've created a ticket to track this issue and we should be able to address it early next week.