Add possibility to disable TLS verify in Docker processor (#79)

* Bump idna from 3.4 to 3.7 Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.4...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * fix (#73) * --- (#74) updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add possibility to disable TLS verify in Docker processor. * Fix Python getaddresses changes --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Hui Zheng <[email protected]>
GoogleCloudPlatform · Sep 19, 2024 · b37d6ee · b37d6ee
1 parent 51422dd
commit b37d6ee
Show file tree

Hide file tree

Showing 8 changed files with 67 additions and 15 deletions.
diff --git a/_vendor/python_docker/registry.py b/_vendor/python_docker/registry.py
@@ -13,20 +13,27 @@
 
 class Registry:
 
+    tls_verify = True
+
     def __init__(
         self,
         hostname: str = "https://registry-1.docker.io",
         username: str = None,
         password: str = None,
+        verify: bool = True,
     ):
         self.hostname = hostname
         self.username = username
         self.password = password
+        if not verify:
+            self.tls_verify = False
         self.detect_authentication()
         self.session = requests.Session()
+        if not verify:
+            self.session.verify = False
 
     def detect_authentication(self):
-        response = requests.get(f"{self.hostname}/v2/")
+        response = requests.get(f"{self.hostname}/v2/", verify=self.tls_verify)
         if "www-authenticate" in response.headers:
             auth_scheme, parameters = response.headers[
                 "www-authenticate"].split(" ", 1)
@@ -77,7 +84,9 @@ def token_authenticate(self, image: str = None, action: str = None):
             base_url += "?" + "&".join(
                 f"{key}={value}" for key, value in query.items())
 
-        response = requests.get(base_url, headers=headers)
+        response = requests.get(base_url,
+                                headers=headers,
+                                verify=self.tls_verify)
         if response.status_code != 200:
             raise ValueError(f"token authentication failed for {base_url}")
 

diff --git a/docs/build/docs/modules.md b/docs/build/docs/modules.md
@@ -688,12 +688,18 @@
         * [`DockerProcessor`](processors.md#processors.docker.DockerProcessor)
 
 
+            * [`DockerProcessor.destination_tls_verify`](processors.md#processors.docker.DockerProcessor.destination_tls_verify)
+
+
             * [`DockerProcessor.get_default_config_key()`](processors.md#processors.docker.DockerProcessor.get_default_config_key)
 
 
             * [`DockerProcessor.process()`](processors.md#processors.docker.DockerProcessor.process)
 
 
+            * [`DockerProcessor.source_tls_verify`](processors.md#processors.docker.DockerProcessor.source_tls_verify)
+
+
             * [`DockerProcessor.wait_for_operation_done()`](processors.md#processors.docker.DockerProcessor.wait_for_operation_done)
 
 

diff --git a/docs/build/docs/processors.md b/docs/build/docs/processors.md
@@ -341,11 +341,21 @@ Perform actions on Docker registries.
     * **destination_tag** (*str**, **optional*) – Tag to pull/push, defaults to latest.
 
 
+    * **tls_verify** (*bool**, **optional*) – Set false to disable TLS verify at source registry.
+
+
+    * **destination_tls_verify** (*bool**, **optional*) – Set false to disable TLS verify at destination registry.
+
+
+
+#### destination_tls_verify(_ = Tru_ )
 
 #### get_default_config_key()
 
 #### process(output_var='docker')
 
+#### source_tls_verify(_ = Tru_ )
+
 #### wait_for_operation_done(ar_service, operation_name)
 ## processors.download module
 

diff --git a/output/mail.py b/output/mail.py
@@ -93,7 +93,12 @@ def _fetch_ms_access_token(self, client_id, client_secret, tenant_id):
 
     def expand_recipients(self, mail, config):
         """Expands group recipients using the Directory API"""
-        to_emails = email.utils.getaddresses([mail['mail_to']])
+        to_emails = []
+        try:
+            to_emails = email.utils.getaddresses([mail['mail_to']],
+                                                 strict=False)
+        except TypeError:
+            to_emails = email.utils.getaddresses([mail['mail_to']])
         self.logger.debug('Starting expansion of group recipients...',
                           extra={'to': to_emails})
 
@@ -243,7 +248,12 @@ def send_via_smtp(self, transport, mail, embedded_images, config):
                     (file_name, len(content)))
                 message.attach(image)
 
-        parsed_recipients = email.utils.getaddresses([mail['mail_to']])
+        parsed_recipients = []
+        try:
+            parsed_recipients = email.utils.getaddresses([mail['mail_to']],
+                                                         strict=False)
+        except TypeError:
+            parsed_recipients = email.utils.getaddresses([mail['mail_to']])
         recipients = []
         for r in parsed_recipients:
             recipients.append(r[1])
@@ -446,14 +456,20 @@ def output(self):
                 'No HMTL or text email body configured for email output!')
 
         for tpl in ['from', 'to', 'subject']:
-            mail_template = self.jinja_environment.from_string(
-                self.output_config[tpl])
-            mail['mail_%s' % tpl] = mail_template.render()
+            result = self._jinja_expand_string(self.output_config[tpl], tpl)
+            mail['mail_%s' % tpl] = result
 
         self.logger.debug('Canonicalizing email formats...')
         # Canonicalize the email formats
         for tpl in ['from', 'to']:
-            parsed_emails = email.utils.getaddresses([mail['mail_%s' % tpl]])
+            parsed_emails = []
+            try:
+                parsed_emails = email.utils.getaddresses(
+                    [mail['mail_%s' % tpl]], strict=False)
+            except TypeError:
+                parsed_emails = email.utils.getaddresses(
+                    [mail['mail_%s' % tpl]])
+
             if tpl == 'from' and len(parsed_emails) > 1:
                 raise MultipleSendersException(
                     'Multiple senders in from field!')

diff --git a/processors/budget.py b/processors/budget.py
@@ -87,4 +87,4 @@ def process(self, output_var={'projects': 'projects', 'budget': 'budget'}):
                     response.amount.specified_amount.currency_code,
             }
         }
-        return ret
+        return ret
diff --git a/processors/docker.py b/processors/docker.py
@@ -34,8 +34,13 @@ class DockerProcessor(Processor):
         destination_password (str, optional): Password for Docker registry. (For copy)
         destination_image (str): Image to pull/push
         destination_tag (str, optional): Tag to pull/push, defaults to latest.
+        tls_verify (bool, optional): Set false to disable TLS verify at source registry.
+        destination_tls_verify (bool, optional): Set false to disable TLS verify at destination registry.
     """
 
+    source_tls_verify = True
+    destination_tls_verify = True
+
     def get_default_config_key():
         return 'docker'
 
@@ -92,9 +97,18 @@ def process(self, output_var='docker'):
             credentials.refresh(auth_req)
             password = credentials.token
 
+        if 'tls_verify' in self.config:
+            self.source_tls_verify = self._jinja_expand_bool(
+                self.config['tls_verify'], 'tls_verify')
+
+        if 'destination_tls_verify' in self.config:
+            self.destination_tls_verify = self._jinja_expand_bool(
+                self.config['destination_tls_verify'], 'destination_tls_verify')
+
         source_registry = Registry(hostname=hostname,
                                    username=username,
-                                   password=password)
+                                   password=password,
+                                   verify=self.source_tls_verify)
         destination_registry = None
         destination_hostname = None
         if 'destination_hostname' not in self.config:
@@ -124,7 +138,8 @@ def process(self, output_var='docker'):
 
             destination_registry = Registry(hostname=destination_hostname,
                                             username=destination_username,
-                                            password=destination_password)
+                                            password=destination_password,
+                                            verify=self.destination_tls_verify)
 
         if mode == 'image.copy':
             destination_image = self._jinja_expand_string(

diff --git a/processors/slack.py b/processors/slack.py
@@ -190,8 +190,6 @@ def process(self, output_var='slack'):
                 if new_message:
                     processed.append(new_message)
 
-            print('PROCESSED', processed)
-
             # Prepend an initial prompt that can be instructions or such
             if 'prompt' in self.config:
                 prompt_added = False

diff --git a/test/configs/legacy/budget.yaml b/test/configs/legacy/budget.yaml
@@ -24,8 +24,6 @@ outputs:
         port: 587
         starttls: true
         # ssl: false
-      - type: sendgrid
-        apiKey: your-sendgrid-api-key
     from: [email protected]
     to: |
       {% for project in projects %}