Allow Influxdb CA path in verify_ssl (#45270)

2025-04-25 09:47:52 +00:00 · 2021-02-02 00:29:31 +02:00 · 2021-02-02 00:29:31 +02:00 · 8222eb5e3e
commit 8222eb5e3e
parent 3bdf962838
6 changed files with 147 additions and 5 deletions
--- a/homeassistant/components/influxdb/init.py
+++ b/homeassistant/components/influxdb/init.py
@ -62,6 +62,7 @@ from .const import (
    CONF_PRECISION,
    CONF_RETRY_COUNT,
    CONF_SSL,
+    CONF_SSL_CA_CERT,
    CONF_TAGS,
    CONF_TAGS_ATTRIBUTES,
    CONF_TOKEN,
@ -335,6 +336,9 @@ def get_influx_connection(conf, test_write=False, test_read=False):
        kwargs[CONF_URL] = conf[CONF_URL]
        kwargs[CONF_TOKEN] = conf[CONF_TOKEN]
        kwargs[INFLUX_CONF_ORG] = conf[CONF_ORG]
+        kwargs[CONF_VERIFY_SSL] = conf[CONF_VERIFY_SSL]
+        if CONF_SSL_CA_CERT in conf:
+            kwargs[CONF_SSL_CA_CERT] = conf[CONF_SSL_CA_CERT]
        bucket = conf.get(CONF_BUCKET)
        influx = InfluxDBClientV2(**kwargs)
        query_api = influx.query_api()
@ -392,6 +396,9 @@ def get_influx_connection(conf, test_write=False, test_read=False):
        return InfluxClient(buckets, write_v2, query_v2, close_v2)

    # Else it's a V1 client
+    if CONF_SSL_CA_CERT in conf and conf[CONF_VERIFY_SSL]:
+        kwargs[CONF_VERIFY_SSL] = conf[CONF_SSL_CA_CERT]
+    else:
        kwargs[CONF_VERIFY_SSL] = conf[CONF_VERIFY_SSL]

    if CONF_DB_NAME in conf:
--- a/homeassistant/components/influxdb/const.py
+++ b/homeassistant/components/influxdb/const.py
@ -31,6 +31,7 @@ CONF_COMPONENT_CONFIG_DOMAIN = "component_config_domain"
 CONF_RETRY_COUNT = "max_retries"
 CONF_IGNORE_ATTRIBUTES = "ignore_attributes"
 CONF_PRECISION = "precision"
+CONF_SSL_CA_CERT = "ssl_ca_cert"

 CONF_LANGUAGE = "language"
 CONF_QUERIES = "queries"
@ -139,12 +140,13 @@ COMPONENT_CONFIG_SCHEMA_CONNECTION = {
    vol.Optional(CONF_PATH): cv.string,
    vol.Optional(CONF_PORT): cv.port,
    vol.Optional(CONF_SSL): cv.boolean,
+    vol.Optional(CONF_VERIFY_SSL, default=DEFAULT_VERIFY_SSL): cv.boolean,
+    vol.Optional(CONF_SSL_CA_CERT): cv.isfile,
    vol.Optional(CONF_PRECISION): vol.In(["ms", "s", "us", "ns"]),
    # Connection config for V1 API only.
    vol.Inclusive(CONF_USERNAME, "authentication"): cv.string,
    vol.Inclusive(CONF_PASSWORD, "authentication"): cv.string,
    vol.Optional(CONF_DB_NAME, default=DEFAULT_DATABASE): cv.string,
-    vol.Optional(CONF_VERIFY_SSL, default=DEFAULT_VERIFY_SSL): cv.boolean,
    # Connection config for V2 API only.
    vol.Inclusive(CONF_TOKEN, "v2_authentication"): cv.string,
    vol.Inclusive(CONF_ORG, "v2_authentication"): cv.string,
--- a/homeassistant/components/influxdb/manifest.json
+++ b/homeassistant/components/influxdb/manifest.json
@ -2,6 +2,6 @@
  "domain": "influxdb",
  "name": "InfluxDB",
  "documentation": "https://www.home-assistant.io/integrations/influxdb",
-  "requirements": ["influxdb==5.2.3", "influxdb-client==1.8.0"],
+  "requirements": ["influxdb==5.2.3", "influxdb-client==1.14.0"],
  "codeowners": ["@fabaff", "@mdegat01"]
 }
--- a/requirements_all.txt
+++ b/requirements_all.txt
@ -825,7 +825,7 @@ ihcsdk==2.7.0
 incomfort-client==0.4.0

 # homeassistant.components.influxdb
-influxdb-client==1.8.0
+influxdb-client==1.14.0

 # homeassistant.components.influxdb
 influxdb==5.2.3
--- a/requirements_test_all.txt
+++ b/requirements_test_all.txt
@ -436,7 +436,7 @@ iaqualink==0.3.4
 icmplib==2.0

 # homeassistant.components.influxdb
-influxdb-client==1.8.0
+influxdb-client==1.14.0

 # homeassistant.components.influxdb
 influxdb==5.2.3
--- a/tests/components/influxdb/test_init.py
+++ b/tests/components/influxdb/test_init.py
@ -131,6 +131,139 @@ async def test_setup_config_full(hass, mock_client, config_ext, get_write_api):
    assert get_write_api(mock_client).call_count == 1


+@pytest.mark.parametrize(
+    "mock_client, config_base, config_ext, expected_client_args",
+    [
+        (
+            influxdb.DEFAULT_API_VERSION,
+            BASE_V1_CONFIG,
+            {
+                "ssl": True,
+                "verify_ssl": False,
+            },
+            {
+                "ssl": True,
+                "verify_ssl": False,
+            },
+        ),
+        (
+            influxdb.DEFAULT_API_VERSION,
+            BASE_V1_CONFIG,
+            {
+                "ssl": True,
+                "verify_ssl": True,
+            },
+            {
+                "ssl": True,
+                "verify_ssl": True,
+            },
+        ),
+        (
+            influxdb.DEFAULT_API_VERSION,
+            BASE_V1_CONFIG,
+            {
+                "ssl": True,
+                "verify_ssl": True,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+            {
+                "ssl": True,
+                "verify_ssl": "fake/path/ca.pem",
+            },
+        ),
+        (
+            influxdb.DEFAULT_API_VERSION,
+            BASE_V1_CONFIG,
+            {
+                "ssl": True,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+            {
+                "ssl": True,
+                "verify_ssl": "fake/path/ca.pem",
+            },
+        ),
+        (
+            influxdb.DEFAULT_API_VERSION,
+            BASE_V1_CONFIG,
+            {
+                "ssl": True,
+                "verify_ssl": False,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+            {
+                "ssl": True,
+                "verify_ssl": False,
+            },
+        ),
+        (
+            influxdb.API_VERSION_2,
+            BASE_V2_CONFIG,
+            {
+                "api_version": influxdb.API_VERSION_2,
+                "verify_ssl": False,
+            },
+            {
+                "verify_ssl": False,
+            },
+        ),
+        (
+            influxdb.API_VERSION_2,
+            BASE_V2_CONFIG,
+            {
+                "api_version": influxdb.API_VERSION_2,
+                "verify_ssl": True,
+            },
+            {
+                "verify_ssl": True,
+            },
+        ),
+        (
+            influxdb.API_VERSION_2,
+            BASE_V2_CONFIG,
+            {
+                "api_version": influxdb.API_VERSION_2,
+                "verify_ssl": True,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+            {
+                "verify_ssl": True,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+        ),
+        (
+            influxdb.API_VERSION_2,
+            BASE_V2_CONFIG,
+            {
+                "api_version": influxdb.API_VERSION_2,
+                "verify_ssl": False,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+            {
+                "verify_ssl": False,
+                "ssl_ca_cert": "fake/path/ca.pem",
+            },
+        ),
+    ],
+    indirect=["mock_client"],
+)
+async def test_setup_config_ssl(
+    hass, mock_client, config_base, config_ext, expected_client_args
+):
+    """Test the setup with various verify_ssl values."""
+    config = {"influxdb": config_base.copy()}
+    config["influxdb"].update(config_ext)
+
+    with patch("os.access", return_value=True):
+        with patch("os.path.isfile", return_value=True):
+            assert await async_setup_component(hass, influxdb.DOMAIN, config)
+            await hass.async_block_till_done()
+
+            assert hass.bus.listen.called
+            assert EVENT_STATE_CHANGED == hass.bus.listen.call_args_list[0][0][0]
+            assert expected_client_args.items() <= mock_client.call_args.kwargs.items()
+
+
@pytest.mark.parametrize(
    "mock_client, config_ext, get_write_api",
    [