Skip to content

Commit 47d24c7

Browse files
Lloyd Wallisaviau
authored andcommitted
Mutual TLS authentication (influxdata#702)
* Add support for providing a client certificate for mutual TLS authentication. * Be more explicit in documentation on valid values for the parameter
1 parent 08e0299 commit 47d24c7

File tree

2 files changed

+24
-0
lines changed

2 files changed

+24
-0
lines changed

influxdb/client.py

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,13 @@ class InfluxDBClient(object):
6161
:type proxies: dict
6262
:param path: path of InfluxDB on the server to connect, defaults to ''
6363
:type path: str
64+
:param cert: Path to client certificate information to use for mutual TLS
65+
authentication. You can specify a local cert to use
66+
as a single file containing the private key and the certificate, or as
67+
a tuple of both files’ paths, defaults to None
68+
:type cert: str
69+
70+
:raises ValueError: if cert is provided but ssl is disabled (set to False)
6471
"""
6572

6673
def __init__(self,
@@ -78,6 +85,7 @@ def __init__(self,
7885
proxies=None,
7986
pool_size=10,
8087
path='',
88+
cert=None,
8189
):
8290
"""Construct a new InfluxDBClient object."""
8391
self.__host = host
@@ -120,6 +128,14 @@ def __init__(self,
120128
else:
121129
self._proxies = proxies
122130

131+
if cert:
132+
if not ssl:
133+
raise ValueError(
134+
"Client certificate provided but ssl is disabled."
135+
)
136+
else:
137+
self._session.cert = cert
138+
123139
self.__baseurl = "{0}://{1}:{2}{3}".format(
124140
self._scheme,
125141
self._host,

influxdb/tests/client_test.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,14 @@ def test_dsn(self):
149149
**{'ssl': False})
150150
self.assertEqual('http://my.host.fr:1886', cli._baseurl)
151151

152+
def test_cert(self):
153+
"""Test mutual TLS authentication for TestInfluxDBClient object."""
154+
cli = InfluxDBClient(ssl=True, cert='/etc/pki/tls/private/dummy.crt')
155+
self.assertEqual(cli._session.cert, '/etc/pki/tls/private/dummy.crt')
156+
157+
with self.assertRaises(ValueError):
158+
cli = InfluxDBClient(cert='/etc/pki/tls/private/dummy.crt')
159+
152160
def test_switch_database(self):
153161
"""Test switch database in TestInfluxDBClient object."""
154162
cli = InfluxDBClient('host', 8086, 'username', 'password', 'database')

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy