Azure · yugangw-msft · Jan 18, 2018 · Jan 17, 2018 · Jan 17, 2018 · Jan 17, 2018
@@ -7,10 +7,9 @@
 
 from knack.log import get_logger
 from knack.util import CLIError
-
+from .util import should_disable_connection_verify, DISABLE_VERIFY_VARIABLE_NAME
 logger = get_logger(__name__)
 
-DISABLE_VERIFY_VARIABLE_NAME = "AZURE_CLI_DISABLE_CONNECTION_VERIFICATION"
 ADAL_PYTHON_SSL_NO_VERIFY = "ADAL_PYTHON_SSL_NO_VERIFY"
 REQUESTS_CA_BUNDLE = "REQUESTS_CA_BUNDLE"
 
@@ -30,10 +29,6 @@ def change_ssl_cert_verification(client):
     return client
 
 
-def should_disable_connection_verify():
-    return bool(os.environ.get(DISABLE_VERIFY_VARIABLE_NAME))
-
-
 def allow_debug_adal_connection():
     if should_disable_connection_verify():
         os.environ[ADAL_PYTHON_SSL_NO_VERIFY] = '1'
@@ -12,6 +12,7 @@
     from mock import MagicMock
 
 import azure.cli.core._debug as _debug
+import azure.cli.core.util as cli_util
 
 
 class Test_argparse(unittest.TestCase):
@@ -26,11 +27,11 @@ def tearDownClass(cls):
         logging.shutdown()
 
     def test_verify_client_connection(self):
-        os.environ[_debug.DISABLE_VERIFY_VARIABLE_NAME] = ""
-        self.assertFalse(_debug.should_disable_connection_verify())
+        os.environ[cli_util.DISABLE_VERIFY_VARIABLE_NAME] = ""
+        self.assertFalse(cli_util.should_disable_connection_verify())
 
-        os.environ[_debug.DISABLE_VERIFY_VARIABLE_NAME] = "1"
-        self.assertTrue(_debug.should_disable_connection_verify())
+        os.environ[cli_util.DISABLE_VERIFY_VARIABLE_NAME] = "1"
+        self.assertTrue(cli_util.should_disable_connection_verify())
 
         clientMock = MagicMock()
         clientMock.config.connection.verify = True

@@ -219,3 +219,11 @@ def get_arg_list(op):
     except AttributeError:
         sig = inspect.getargspec(op)  # pylint: disable=deprecated-method
         return sig.args
+
+
+DISABLE_VERIFY_VARIABLE_NAME = "AZURE_CLI_DISABLE_CONNECTION_VERIFICATION"
+
+
+def should_disable_connection_verify():
+    import os
+    return bool(os.environ.get(DISABLE_VERIFY_VARIABLE_NAME))
diff --git a/src/command_modules/azure-cli-acr/HISTORY.rst b/src/command_modules/azure-cli-acr/HISTORY.rst
@@ -2,6 +2,9 @@
 
 Release History
 ===============
+2.0.20
+++++++
+* minor fix
 
 2.0.19
 ++++++

diff --git a/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_docker_utils.py b/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_docker_utils.py
@@ -17,6 +17,8 @@
 from knack.prompting import prompt, prompt_pass, NoTTYException
 from knack.log import get_logger
 
+from azure.cli.core.util import should_disable_connection_verify
+
 from ._client_factory import cf_acr_registries
 from ._constants import MANAGED_REGISTRY_SKU
 from ._utils import get_registry_by_name
@@ -34,7 +36,7 @@ def _get_aad_token(cli_ctx, login_server, only_refresh_token, repository=None, p
     """
     login_server = login_server.rstrip('/')
 
-    challenge = requests.get('https://' + login_server + '/v2/')
+    challenge = requests.get('https://' + login_server + '/v2/', verify=(not should_disable_connection_verify()))
     if challenge.status_code not in [401] or 'WWW-Authenticate' not in challenge.headers:
         raise CLIError("Registry '{}' did not issue a challenge.".format(login_server))
 
@@ -82,7 +84,8 @@ def _get_aad_token(cli_ctx, login_server, only_refresh_token, repository=None, p
             'password': refresh
         }
 
-    response = requests.post(authhost, urlencode(content), headers=headers)
+    response = requests.post(authhost, urlencode(content), headers=headers,
+                             verify=(not should_disable_connection_verify()))
 
     if response.status_code not in [200]:
         raise CLIError(
@@ -106,7 +109,8 @@ def _get_aad_token(cli_ctx, login_server, only_refresh_token, repository=None, p
         'scope': scope,
         'refresh_token': refresh_token
     }
-    response = requests.post(authhost, urlencode(content), headers=headers)
+    response = requests.post(authhost, urlencode(content), headers=headers,
+                             verify=(not should_disable_connection_verify()))
     access_token = loads(response.content.decode("utf-8"))["access_token"]
 
     return access_token

diff --git a/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/repository.py b/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/repository.py
@@ -12,6 +12,8 @@
 from knack.util import CLIError
 from knack.log import get_logger
 
+from azure.cli.core.util import should_disable_connection_verify
+
 from ._utils import validate_managed_registry
 from ._docker_utils import get_access_credentials, log_registry_response
 
@@ -56,7 +58,8 @@ def _delete_data_from_registry(login_server, path, username, password, retry_tim
         try:
             response = requests.delete(
                 'https://{}{}'.format(login_server, path),
-                headers=_get_authorization_header(username, password)
+                headers=_get_authorization_header(username, password),
+                verify=(not should_disable_connection_verify())
             )
             log_registry_response(response)
 
@@ -84,7 +87,8 @@ def _get_manifest_digest(login_server, path, username, password, retry_times=3,
             headers.update(_get_manifest_v2_header())
             response = requests.get(
                 'https://{}{}'.format(login_server, path),
-                headers=headers
+                headers=headers,
+                verify=(not should_disable_connection_verify())
             )
             log_registry_response(response)
 
@@ -123,7 +127,8 @@ def _obtain_data_from_registry(login_server,
                 response = requests.get(
                     'https://{}{}'.format(login_server, path),
                     headers=_get_authorization_header(username, password),
-                    params=_get_pagination_params(pagination)
+                    params=_get_pagination_params(pagination),
+                    verify=(not should_disable_connection_verify())
                 )
                 log_registry_response(response)
 

diff --git a/...mmand_modules/azure-cli-acr/azure/cli/command_modules/acr/tests/test_acr_commands_mock.py b/...mmand_modules/azure-cli-acr/azure/cli/command_modules/acr/tests/test_acr_commands_mock.py
@@ -50,15 +50,17 @@ def test_repository_list(self, mock_requests_get, mock_get_access_credentials):
         mock_requests_get.assert_called_with(
             'https://testregistry.azurecr.io/v2/_catalog',
             headers=_get_authorization_header('username', 'password'),
-            params=_get_pagination_params(20))
+            params=_get_pagination_params(20),
+            verify=mock.ANY)
 
         # List repositories using Bearer auth
         mock_get_access_credentials.return_value = 'testregistry.azurecr.io', None, 'password'
         acr_repository_list(cmd, 'testregistry')
         mock_requests_get.assert_called_with(
             'https://testregistry.azurecr.io/v2/_catalog',
             headers=_get_authorization_header(None, 'password'),
-            params=_get_pagination_params(20))
+            params=_get_pagination_params(20),
+            verify=mock.ANY)
 
     @mock.patch('azure.cli.command_modules.acr.repository.get_access_credentials', autospec=True)
     @mock.patch('requests.get', autospec=True)
@@ -78,7 +80,8 @@ def test_repository_show_tags(self, mock_requests_get, mock_get_access_credentia
         mock_requests_get.assert_called_with(
             'https://testregistry.azurecr.io/v2/testrepository/tags/list',
             headers=_get_authorization_header('username', 'password'),
-            params=_get_pagination_params(20))
+            params=_get_pagination_params(20),
+            verify=mock.ANY)
 
     @mock.patch('azure.cli.command_modules.acr.repository.get_access_credentials', autospec=True)
     @mock.patch('requests.get', autospec=True)
@@ -113,7 +116,8 @@ def test_repository_show_manifests(self, mock_requests_get, mock_get_access_cred
         mock_requests_get.assert_called_with(
             'https://testregistry.azurecr.io/v2/_acr/testrepository/manifests/list',
             headers=_get_authorization_header('username', 'password'),
-            params=_get_pagination_params(20))
+            params=_get_pagination_params(20),
+            verify=mock.ANY)
 
     @mock.patch('azure.cli.command_modules.acr.repository.validate_managed_registry', autospec=True)
     @mock.patch('azure.cli.command_modules.acr.repository.get_access_credentials', autospec=True)
@@ -142,30 +146,35 @@ def test_repository_delete(self, mock_requests_get, mock_requests_delete, mock_g
         acr_repository_delete(cmd, 'testregistry', 'testrepository', yes=True)
         mock_requests_delete.assert_called_with(
             'https://testregistry.azurecr.io/v2/_acr/testrepository/repository',
-            headers=_get_authorization_header('username', 'password'))
+            headers=_get_authorization_header('username', 'password'),
+            verify=mock.ANY)
 
         # Delete tag
         acr_repository_delete(cmd, 'testregistry', 'testrepository', tag='testtag', yes=True)
         mock_requests_delete.assert_called_with(
             'https://testregistry.azurecr.io/v2/_acr/testrepository/tags/testtag',
-            headers=_get_authorization_header('username', 'password'))
+            headers=_get_authorization_header('username', 'password'),
+            verify=mock.ANY)
 
         # Delete manifest with tag
         acr_repository_delete(cmd, 'testregistry', 'testrepository', tag='testtag', manifest='', yes=True)
         expected_get_headers = _get_authorization_header('username', 'password')
         expected_get_headers.update(_get_manifest_v2_header())
         mock_requests_get.assert_called_with(
             'https://testregistry.azurecr.io/v2/testrepository/manifests/testtag',
-            headers=expected_get_headers)
+            headers=expected_get_headers,
+            verify=mock.ANY)
         mock_requests_delete.assert_called_with(
             'https://testregistry.azurecr.io/v2/testrepository/manifests/sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7',
-            headers=_get_authorization_header('username', 'password'))
+            headers=_get_authorization_header('username', 'password'),
+            verify=mock.ANY)
 
         # Delete manifest with digest
         acr_repository_delete(cmd, 'testregistry', 'testrepository', manifest='sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7', yes=True)
         mock_requests_delete.assert_called_with(
             'https://testregistry.azurecr.io/v2/testrepository/manifests/sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7',
-            headers=_get_authorization_header('username', 'password'))
+            headers=_get_authorization_header('username', 'password'),
+            verify=mock.ANY)
 
     @mock.patch('azure.cli.core._profile.Profile.get_refresh_token', autospec=True)
     @mock.patch('azure.cli.command_modules.acr._docker_utils.get_registry_by_name', autospec=True)
@@ -199,7 +208,8 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
         # Set up AAD token with both refresh and access tokens
         mock_get_refresh_token.return_value = None, 'aadrefreshtoken', 'aadaccesstoken', 'testtenant'
         get_login_credentials(cmd.cli_ctx, 'testregistry', None, None, None)
-        mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/')
+        mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/',
+                                             verify=mock.ANY)
         mock_requests_post.assert_called_with(
             'https://testregistry.azurecr.io/oauth2/exchange',
             urlencode({
@@ -209,7 +219,8 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
                 'access_token': 'aadaccesstoken',
                 'refresh_token': 'aadrefreshtoken'
             }),
-            headers={'Content-Type': 'application/x-www-form-urlencoded'})
+            headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            verify=mock.ANY)
 
         get_access_credentials(cmd.cli_ctx, 'testregistry', None, None, None, 'testrepository')
         mock_requests_post.assert_called_with(
@@ -220,12 +231,13 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
                 'scope': 'repository:testrepository:*',
                 'refresh_token': 'testrefreshtoken'
             }),
-            headers={'Content-Type': 'application/x-www-form-urlencoded'})
+            headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            verify=mock.ANY)
 
         # Set up AAD token with only access token
         mock_get_refresh_token.return_value = None, None, 'aadaccesstoken', 'testtenant'
         get_login_credentials(cmd.cli_ctx, 'testregistry', None, None, None)
-        mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/')
+        mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/', verify=mock.ANY)
         mock_requests_post.assert_called_with(
             'https://testregistry.azurecr.io/oauth2/exchange',
             urlencode({
@@ -234,7 +246,8 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
                 'tenant': 'testtenant',
                 'access_token': 'aadaccesstoken'
             }),
-            headers={'Content-Type': 'application/x-www-form-urlencoded'})
+            headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            verify=mock.ANY)
 
         get_access_credentials(cmd.cli_ctx, 'testregistry', None, None, None, 'testrepository')
         mock_requests_post.assert_called_with(
@@ -245,12 +258,13 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
                 'scope': 'repository:testrepository:*',
                 'refresh_token': 'testrefreshtoken'
             }),
-            headers={'Content-Type': 'application/x-www-form-urlencoded'})
+            headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            verify=mock.ANY)
 
         # Set up AAD token with service principal
         mock_get_refresh_token.return_value = 'testspid', 'testsppassword', None, 'testtenant'
         get_login_credentials(cmd.cli_ctx, 'testregistry', None, None, None)
-        mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/')
+        mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/', verify=mock.ANY)
         mock_requests_post.assert_called_with(
             'https://testregistry.azurecr.io/oauth2/exchange',
             urlencode({
@@ -260,7 +274,8 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
                 'username': 'testspid',
                 'password': 'testsppassword'
             }),
-            headers={'Content-Type': 'application/x-www-form-urlencoded'})
+            headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            verify=mock.ANY)
 
         get_access_credentials(cmd.cli_ctx, 'testregistry', None, None, None, 'testrepository')
         mock_requests_post.assert_called_with(
@@ -271,4 +286,5 @@ def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, moc
                 'scope': 'repository:testrepository:*',
                 'refresh_token': 'testrefreshtoken'
             }),
-            headers={'Content-Type': 'application/x-www-form-urlencoded'})
+            headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            verify=mock.ANY)
diff --git a/src/command_modules/azure-cli-acr/setup.py b/src/command_modules/azure-cli-acr/setup.py
@@ -14,7 +14,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
     cmdclass = {}
 
-VERSION = "2.0.19"
+VERSION = "2.0.20"
 CLASSIFIERS = [
     'Development Status :: 4 - Beta',
     'Intended Audience :: Developers',

diff --git a/src/command_modules/azure-cli-batchai/HISTORY.rst b/src/command_modules/azure-cli-batchai/HISTORY.rst
@@ -2,6 +2,9 @@
 
 Release History
 ===============
+0.1.5
+++++++
+* minor fixes
 
 0.1.4
 ++++++

diff --git a/src/command_modules/azure-cli-batchai/azure/cli/command_modules/batchai/custom.py b/src/command_modules/azure-cli-batchai/azure/cli/command_modules/batchai/custom.py
@@ -19,6 +19,7 @@
 import azure.mgmt.batchai.models as models
 
 from azure.cli.core.keys import is_valid_ssh_rsa_public_key
+from azure.cli.core.util import should_disable_connection_verify
 
 
 # Environment variables for specifying azure storage account and key. We want the user to make explicit
@@ -431,7 +432,8 @@ def tail_file(client, resource_group, job_name, directory, file_name):
     # Stream the file
     downloaded = 0
     while True:
-        r = requests.get(url, headers={'Range': 'bytes={0}-'.format(downloaded)})
+        r = requests.get(url, headers={'Range': 'bytes={0}-'.format(downloaded)},
+                         verify=(not should_disable_connection_verify()))
         if int(r.status_code / 100) == 2:
             downloaded += len(r.content)
             print(r.content.decode(), end='')

diff --git a/src/command_modules/azure-cli-batchai/setup.py b/src/command_modules/azure-cli-batchai/setup.py
@@ -13,7 +13,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
     cmdclass = {}
 
-VERSION = "0.1.4"
+VERSION = "0.1.5"
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers
 CLASSIFIERS = [

diff --git a/src/command_modules/azure-cli-extension/HISTORY.rst b/src/command_modules/azure-cli-extension/HISTORY.rst
@@ -2,6 +2,9 @@
 
 Release History
 ===============
+0.0.8
+++++++
+Minor fixes
 
 0.0.7
 ++++++

diff --git a/src/command_modules/azure-cli-extension/azure/cli/command_modules/extension/_index.py b/src/command_modules/azure-cli-extension/azure/cli/command_modules/extension/_index.py
@@ -21,9 +21,10 @@
 
 # pylint: disable=inconsistent-return-statements
 def get_index(index_url=None):
+    from azure.cli.core.util import should_disable_connection_verify
     index_url = index_url or DEFAULT_INDEX_URL
     try:
-        response = requests.get(index_url)
+        response = requests.get(index_url, verify=(not should_disable_connection_verify()))
         if response.status_code == 200:
             return response.json()
         else:

diff --git a/src/command_modules/azure-cli-extension/azure/cli/command_modules/extension/custom.py b/src/command_modules/azure-cli-extension/azure/cli/command_modules/extension/custom.py
@@ -48,8 +48,9 @@ def _run_pip(pip_exec_args):
 
 
 def _whl_download_from_url(url_parse_result, ext_file):
+    from azure.cli.core.util import should_disable_connection_verify
     url = url_parse_result.geturl()
-    r = requests.get(url, stream=True)
+    r = requests.get(url, stream=True, verify=(not should_disable_connection_verify()))
     if r.status_code != 200:
         raise CLIError("Request to {} failed with {}".format(url, r.status_code))
     with open(ext_file, 'wb') as f:

diff --git a/...d_modules/azure-cli-extension/azure/cli/command_modules/extension/tests/test_index_get.py b/...d_modules/azure-cli-extension/azure/cli/command_modules/extension/tests/test_index_get.py
@@ -25,7 +25,7 @@ def json(self):
 
 
 def mock_index_get_generator(index_url, index_data):
-    def mock_req_get(url):
+    def mock_req_get(url, verify):
         if url == index_url:
             return MockResponse(200, index_data)
         return MockResponse(404, None)
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,9 @@ @@
     Release History
     ===============
+.0.20
+    ++++++
+    * minor fix
 .0.19
     ++++++
@@ Expand Down @@