From 8222eb5e3efce2f6f73ca447b0505be80b7bc9db Mon Sep 17 00:00:00 2001 From: Alessandro Pilotti Date: Tue, 2 Feb 2021 00:29:31 +0200 Subject: [PATCH] Allow Influxdb CA path in verify_ssl (#45270) --- homeassistant/components/influxdb/__init__.py | 9 +- homeassistant/components/influxdb/const.py | 4 +- .../components/influxdb/manifest.json | 2 +- requirements_all.txt | 2 +- requirements_test_all.txt | 2 +- tests/components/influxdb/test_init.py | 133 ++++++++++++++++++ 6 files changed, 147 insertions(+), 5 deletions(-) diff --git a/homeassistant/components/influxdb/__init__.py b/homeassistant/components/influxdb/__init__.py index 16b6971b11f..e327f34d128 100644 --- a/homeassistant/components/influxdb/__init__.py +++ b/homeassistant/components/influxdb/__init__.py @@ -62,6 +62,7 @@ from .const import ( CONF_PRECISION, CONF_RETRY_COUNT, CONF_SSL, + CONF_SSL_CA_CERT, CONF_TAGS, CONF_TAGS_ATTRIBUTES, CONF_TOKEN, @@ -335,6 +336,9 @@ def get_influx_connection(conf, test_write=False, test_read=False): kwargs[CONF_URL] = conf[CONF_URL] kwargs[CONF_TOKEN] = conf[CONF_TOKEN] kwargs[INFLUX_CONF_ORG] = conf[CONF_ORG] + kwargs[CONF_VERIFY_SSL] = conf[CONF_VERIFY_SSL] + if CONF_SSL_CA_CERT in conf: + kwargs[CONF_SSL_CA_CERT] = conf[CONF_SSL_CA_CERT] bucket = conf.get(CONF_BUCKET) influx = InfluxDBClientV2(**kwargs) query_api = influx.query_api() @@ -392,7 +396,10 @@ def get_influx_connection(conf, test_write=False, test_read=False): return InfluxClient(buckets, write_v2, query_v2, close_v2) # Else it's a V1 client - kwargs[CONF_VERIFY_SSL] = conf[CONF_VERIFY_SSL] + if CONF_SSL_CA_CERT in conf and conf[CONF_VERIFY_SSL]: + kwargs[CONF_VERIFY_SSL] = conf[CONF_SSL_CA_CERT] + else: + kwargs[CONF_VERIFY_SSL] = conf[CONF_VERIFY_SSL] if CONF_DB_NAME in conf: kwargs[CONF_DB_NAME] = conf[CONF_DB_NAME] diff --git a/homeassistant/components/influxdb/const.py b/homeassistant/components/influxdb/const.py index 1a827c1b63c..e66a0fe10c4 100644 --- a/homeassistant/components/influxdb/const.py +++ b/homeassistant/components/influxdb/const.py @@ -31,6 +31,7 @@ CONF_COMPONENT_CONFIG_DOMAIN = "component_config_domain" CONF_RETRY_COUNT = "max_retries" CONF_IGNORE_ATTRIBUTES = "ignore_attributes" CONF_PRECISION = "precision" +CONF_SSL_CA_CERT = "ssl_ca_cert" CONF_LANGUAGE = "language" CONF_QUERIES = "queries" @@ -139,12 +140,13 @@ COMPONENT_CONFIG_SCHEMA_CONNECTION = { vol.Optional(CONF_PATH): cv.string, vol.Optional(CONF_PORT): cv.port, vol.Optional(CONF_SSL): cv.boolean, + vol.Optional(CONF_VERIFY_SSL, default=DEFAULT_VERIFY_SSL): cv.boolean, + vol.Optional(CONF_SSL_CA_CERT): cv.isfile, vol.Optional(CONF_PRECISION): vol.In(["ms", "s", "us", "ns"]), # Connection config for V1 API only. vol.Inclusive(CONF_USERNAME, "authentication"): cv.string, vol.Inclusive(CONF_PASSWORD, "authentication"): cv.string, vol.Optional(CONF_DB_NAME, default=DEFAULT_DATABASE): cv.string, - vol.Optional(CONF_VERIFY_SSL, default=DEFAULT_VERIFY_SSL): cv.boolean, # Connection config for V2 API only. vol.Inclusive(CONF_TOKEN, "v2_authentication"): cv.string, vol.Inclusive(CONF_ORG, "v2_authentication"): cv.string, diff --git a/homeassistant/components/influxdb/manifest.json b/homeassistant/components/influxdb/manifest.json index ec1bd8f9594..c2d6f77e7c1 100644 --- a/homeassistant/components/influxdb/manifest.json +++ b/homeassistant/components/influxdb/manifest.json @@ -2,6 +2,6 @@ "domain": "influxdb", "name": "InfluxDB", "documentation": "https://www.home-assistant.io/integrations/influxdb", - "requirements": ["influxdb==5.2.3", "influxdb-client==1.8.0"], + "requirements": ["influxdb==5.2.3", "influxdb-client==1.14.0"], "codeowners": ["@fabaff", "@mdegat01"] } diff --git a/requirements_all.txt b/requirements_all.txt index 285140101a9..8a74e574f04 100644 --- a/requirements_all.txt +++ b/requirements_all.txt @@ -825,7 +825,7 @@ ihcsdk==2.7.0 incomfort-client==0.4.0 # homeassistant.components.influxdb -influxdb-client==1.8.0 +influxdb-client==1.14.0 # homeassistant.components.influxdb influxdb==5.2.3 diff --git a/requirements_test_all.txt b/requirements_test_all.txt index a5dc813c407..99f1c997ec1 100644 --- a/requirements_test_all.txt +++ b/requirements_test_all.txt @@ -436,7 +436,7 @@ iaqualink==0.3.4 icmplib==2.0 # homeassistant.components.influxdb -influxdb-client==1.8.0 +influxdb-client==1.14.0 # homeassistant.components.influxdb influxdb==5.2.3 diff --git a/tests/components/influxdb/test_init.py b/tests/components/influxdb/test_init.py index db22b5c5236..fd43091f457 100644 --- a/tests/components/influxdb/test_init.py +++ b/tests/components/influxdb/test_init.py @@ -131,6 +131,139 @@ async def test_setup_config_full(hass, mock_client, config_ext, get_write_api): assert get_write_api(mock_client).call_count == 1 +@pytest.mark.parametrize( + "mock_client, config_base, config_ext, expected_client_args", + [ + ( + influxdb.DEFAULT_API_VERSION, + BASE_V1_CONFIG, + { + "ssl": True, + "verify_ssl": False, + }, + { + "ssl": True, + "verify_ssl": False, + }, + ), + ( + influxdb.DEFAULT_API_VERSION, + BASE_V1_CONFIG, + { + "ssl": True, + "verify_ssl": True, + }, + { + "ssl": True, + "verify_ssl": True, + }, + ), + ( + influxdb.DEFAULT_API_VERSION, + BASE_V1_CONFIG, + { + "ssl": True, + "verify_ssl": True, + "ssl_ca_cert": "fake/path/ca.pem", + }, + { + "ssl": True, + "verify_ssl": "fake/path/ca.pem", + }, + ), + ( + influxdb.DEFAULT_API_VERSION, + BASE_V1_CONFIG, + { + "ssl": True, + "ssl_ca_cert": "fake/path/ca.pem", + }, + { + "ssl": True, + "verify_ssl": "fake/path/ca.pem", + }, + ), + ( + influxdb.DEFAULT_API_VERSION, + BASE_V1_CONFIG, + { + "ssl": True, + "verify_ssl": False, + "ssl_ca_cert": "fake/path/ca.pem", + }, + { + "ssl": True, + "verify_ssl": False, + }, + ), + ( + influxdb.API_VERSION_2, + BASE_V2_CONFIG, + { + "api_version": influxdb.API_VERSION_2, + "verify_ssl": False, + }, + { + "verify_ssl": False, + }, + ), + ( + influxdb.API_VERSION_2, + BASE_V2_CONFIG, + { + "api_version": influxdb.API_VERSION_2, + "verify_ssl": True, + }, + { + "verify_ssl": True, + }, + ), + ( + influxdb.API_VERSION_2, + BASE_V2_CONFIG, + { + "api_version": influxdb.API_VERSION_2, + "verify_ssl": True, + "ssl_ca_cert": "fake/path/ca.pem", + }, + { + "verify_ssl": True, + "ssl_ca_cert": "fake/path/ca.pem", + }, + ), + ( + influxdb.API_VERSION_2, + BASE_V2_CONFIG, + { + "api_version": influxdb.API_VERSION_2, + "verify_ssl": False, + "ssl_ca_cert": "fake/path/ca.pem", + }, + { + "verify_ssl": False, + "ssl_ca_cert": "fake/path/ca.pem", + }, + ), + ], + indirect=["mock_client"], +) +async def test_setup_config_ssl( + hass, mock_client, config_base, config_ext, expected_client_args +): + """Test the setup with various verify_ssl values.""" + config = {"influxdb": config_base.copy()} + config["influxdb"].update(config_ext) + + with patch("os.access", return_value=True): + with patch("os.path.isfile", return_value=True): + assert await async_setup_component(hass, influxdb.DOMAIN, config) + await hass.async_block_till_done() + + assert hass.bus.listen.called + assert EVENT_STATE_CHANGED == hass.bus.listen.call_args_list[0][0][0] + assert expected_client_args.items() <= mock_client.call_args.kwargs.items() + + @pytest.mark.parametrize( "mock_client, config_ext, get_write_api", [