From 43bd43c9349e3795f1cd830d0c478cc6f7fcf227 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Wed, 27 Nov 2024 12:19:49 +0100
Subject: [PATCH] feat: Support --verify_certificate option for private CA dev
 scenario

---
 lib/ucs.py                  | 6 ++++--
 user_import_udm_rest_api.py | 9 +++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/ucs.py b/lib/ucs.py
index f999c0c..c5bc271 100644
--- a/lib/ucs.py
+++ b/lib/ucs.py
@@ -13,7 +13,7 @@ from requests.auth import HTTPBasicAuth
 
 class Ucs:
 
-    def __init__(self, adm_username, adm_password, base_url, maildomain, options_object, ldap_base='dc=swp-ldap,dc=internal'):
+    def __init__(self, adm_username, adm_password, base_url, maildomain, options_object, ldap_base='dc=swp-ldap,dc=internal', verify_certificate=True):
         self.user = None
         self.user_updated = False
         self.adm_username = adm_username
@@ -23,6 +23,7 @@ class Ucs:
         self.user_base = 'cn=users,'+ldap_base
         self.group_base = 'cn=groups,'+ldap_base
         self.maildomain_base = 'cn=domain,cn=mail,'+ldap_base
+        self.verify_certificate = verify_certificate
         self.options_object = options_object
         self.timestamp = datetime.now().strftime('%Y-%m-%dT%Hh%Mm%SZ')
         self.create_count = { 'users': 0, 'maildomains': 0, 'groups': 0, 'oxcontexts': 0 }
@@ -117,7 +118,8 @@ class Ucs:
                          data=data,
                          params=query_param,
                          headers=http_headers,
-                         auth=HTTPBasicAuth(self.adm_username, self.adm_password)
+                         auth=HTTPBasicAuth(self.adm_username, self.adm_password),
+                         verify=self.verify_certificate
                          )
         if response.status_code not in allowed_responses:
             logging.error(f"1/2: Stopping due to response's http status {str(response.status_code)}")
diff --git a/user_import_udm_rest_api.py b/user_import_udm_rest_api.py
index b320e3a..c2f31c0 100755
--- a/user_import_udm_rest_api.py
+++ b/user_import_udm_rest_api.py
@@ -215,6 +215,14 @@ p.add(
     default="Administrator",
     help="User to authentication against the UDM REST API with.",
 )
+p.add(
+    "--verify_certificate",
+    env_var="VERIFY_CERTIFICATE",
+    default=True,
+    type=opt2bool,
+    help='Optional: DEV MODE ONLY - NEVER USE THIS IN PRODUCTION SCENARIO: Set to "False" to skip certificate check on the API calls.',
+)
+
 options = p.parse_args()
 
 new_user_password = options.set_default_password
@@ -268,6 +276,7 @@ ucs = Ucs(
     base_url=options.import_domain,
     maildomain=import_maildomain,
     options_object=options,
+    verify_certificate=options.verify_certificate
 )
 
 if not options.import_filename:
-- 
GitLab