The ggshield auth login command isn't using the --allow-self-hosted flag.
What has been done
Passing allow_self_hosted to the create_client function--as we're already doing for auth logout.
Validation
Without the fix, trying run ggshield auth login --allow-self-signed against a GitGuardian instance using an untrusted certificate or being routed through a TLS bump proxy will result in an error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='hostname.example.com', port=443): Max retries exceeded with url: /exposed/v1/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)')))
With the fix the certificate error won't appear.
PR check list
[x] As much as possible, the changes include tests (unit and/or functional)
[x] If the changes affect the end user (new feature, behavior change, bug fix) then the PR has a changelog entry (see doc/dev/getting-started.md). If the changes do not affect the end user, then the skip-changelog label has been added to the PR.
agateau-gg
commented
1 month ago
Context
The
ggshield auth logincommand isn't using the--allow-self-hostedflag.What has been done
Passing
allow_self_hostedto thecreate_clientfunction--as we're already doing forauth logout.Validation
Without the fix, trying run
ggshield auth login --allow-self-signedagainst a GitGuardian instance using an untrusted certificate or being routed through a TLS bump proxy will result in an error:With the fix the certificate error won't appear.
PR check list
skip-changeloglabel has been added to the PR.