Verify tls option (#71)

* add possibility in config to deactivate certificate verification (both GN and GS)

Author: mki-c2c

README.md

@@ -107,6 +107,10 @@ The logics for credentials is by decreasing order of importance:
 4. Then constant login/password keys are read
 5. If still either "login" or "password" is not defined, the credentials are considered invalid and anonymous acces is used for the instance without authentication
 
+__Nota__:
+
+At each level where login/password are specified, one can add the option `verify: false` to deactivate verification of HTTPS certificates. By default the HTTPS certificate must be valid, which is equivalent to `verify: true`
+
 
 #### Example
 
@@ -122,6 +126,7 @@ sources:
     - name: "b"
       login: "B"
       password: "${PASSWORD_B}"
+      verify: false
     - name: "c"
       login: "C"
 ```

backend/maelstro/config/config.py

@@ -116,6 +116,7 @@ def get_access_info(
                     {
                         "auth": Credentials(gn.get("login"), gn.get("password")),
                         "url": gn["api_url"],
+                        "verifytls": gn.get("verify", True),
                     }
                     for gn in self.config["sources"]["geonetwork_instances"]
                     if gn["name"] == instance_id
@@ -125,6 +126,7 @@ def get_access_info(
                     {
                         "auth": Credentials(gs.get("login"), gs.get("password")),
                         "url": gs["url"],
+                        "verifytls": gs.get("verify", True),
                     }
                     for gs in self.config["sources"]["geoserver_instances"]
                     if gs["url"] == instance_id
@@ -155,6 +157,7 @@ def get_access_info(
             info = {
                 "auth": Credentials(instance.get("login"), instance.get("password")),
                 "url": instance[url_key],
+                "verifytls": instance.get("verify", True),
             }
 
         if (info["auth"].login is None) or (info["auth"].password is None):

backend/maelstro/core/georchestra.py

@@ -17,7 +17,7 @@ def __init__(self, log_handler: LogCollectionHandler) -> None:
 
     def get_gn_service(self, instance_name: str, is_source: bool) -> GnApi:
         gn_info = self.get_service_info(instance_name, is_source, True)
-        return GnApi(gn_info["url"], gn_info["auth"])
+        return GnApi(gn_info["url"], gn_info["auth"], gn_info["verifytls"])
 
     def get_gs_service(self, instance_name: str, is_source: bool) -> RestService:
         gs_info = self.get_service_info(instance_name, is_source, False)

backend/tests/test_config.py

@@ -112,18 +112,22 @@ def test_get_info():
     assert conf.get_access_info(True, True, "GeonetworkMaster") == {
         "auth": Credentials("demo", "demo"),
         "url": "https://demo.georchestra.org/geonetwork/srv/api",
+        "verifytls": True,
     }
     assert conf.get_access_info(True, False, "https://mastergs.rennesmetropole.fr/geoserver-geofence/") == {
         "auth": Credentials("toto6", "Str0ng_passW0rd"),
         "url": "https://mastergs.rennesmetropole.fr/geoserver-geofence/",
+        "verifytls": True,
     }
     assert conf.get_access_info(False, True, "PlateformeProfessionnelle") == {
         "auth": Credentials("toto", "passW0rd"),
         "url": "https://portail.sig.rennesmetropole.fr/geonetwork/srv/api",
+        "verifytls": True,
     }
     assert conf.get_access_info(False, False, "CompoLocale") == {
         "auth": None,
         "url": "https://georchestra-127-0-0-1.nip.io/geoserver",
+        "verifytls": True,
     }
     with pytest.raises(ConfigError) as err:
         conf.get_access_info(False, False, "MissingKey")