feat: add possibility to specify the certification verification behaviour (influxdata#71)

Author: bednar

CHANGELOG.md

@@ -1,5 +1,8 @@
 ## 1.12.0 [unreleased]
 
+### Features
+1. [#71](https://github.com/influxdata/influxdb-client-ruby/pull/71): Added possibility to specify the certification verification behaviour
+
 ## 1.11.0 [2021-01-29]
 
 ### CI

README.md

@@ -48,6 +48,7 @@ client = InfluxDB2::Client.new('https://localhost:8086', 'my-token')
 | read_timeout | Number of seconds to wait for one block of data to be read | Integer | 10 |
 | max_redirect_count | Maximal number of followed HTTP redirects | Integer | 10 |
 | use_ssl | Turn on/off SSL for HTTP communication | bool | true |
+| verify_mode | Sets the flags for the certification verification at beginning of SSL/TLS session. | `OpenSSL::SSL::VERIFY_NONE` or `OpenSSL::SSL::VERIFY_PEER` | none |
 
 ```ruby
 client = InfluxDB2::Client.new('https://localhost:8086', 'my-token',

lib/influxdb2/client/client.rb

@@ -43,6 +43,9 @@ class Client
     # @option options [Integer] :read_timeout Number of seconds to wait for one block of data to be read
     # @option options [Integer] :max_redirect_count Maximal number of followed HTTP redirects
     # @option options [bool] :use_ssl Turn on/off SSL for HTTP communication
+    # @option options [Integer] :verify_mode Sets the flags for the certification verification
+    #   at beginning of SSL/TLS session. Could be one of `OpenSSL::SSL::VERIFY_NONE` or `OpenSSL::SSL::VERIFY_PEER`.
+    #   For more info see - https://docs.ruby-lang.org/en/3.0.0/Net/HTTP.html#verify_mode.
     # @option options [Logger] :logger Logger used for logging. Disable logging by set to false.
     # @option options [Hash] :tags Default tags which will be added to each point written by api.
     #   the body line-protocol

lib/influxdb2/client/default_api.rb

@@ -84,11 +84,7 @@ def _get(uri, limit: @max_redirect_count, headers: {})
     def _request(payload, uri, limit: @max_redirect_count, headers: {}, request: Net::HTTP::Post)
       raise InfluxError.from_message("Too many HTTP redirects. Exceeded limit: #{@max_redirect_count}") if limit.zero?
 
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.open_timeout = @options[:open_timeout] || DEFAULT_TIMEOUT
-      http.write_timeout = @options[:write_timeout] || DEFAULT_TIMEOUT if Net::HTTP.method_defined? :write_timeout
-      http.read_timeout = @options[:read_timeout] || DEFAULT_TIMEOUT
-      http.use_ssl = @options[:use_ssl].nil? ? true : @options[:use_ssl]
+      http = _prepare_http_client(uri)
 
       request = request.new(uri.request_uri)
       request['Authorization'] = "Token #{@options[:token]}"
@@ -115,6 +111,16 @@ def _request(payload, uri, limit: @max_redirect_count, headers: {}, request: Net
       end
     end
 
+    def _prepare_http_client(uri)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.open_timeout = @options[:open_timeout] || DEFAULT_TIMEOUT
+      http.write_timeout = @options[:write_timeout] || DEFAULT_TIMEOUT if Net::HTTP.method_defined? :write_timeout
+      http.read_timeout = @options[:read_timeout] || DEFAULT_TIMEOUT
+      http.use_ssl = @options[:use_ssl].nil? ? true : @options[:use_ssl]
+      http.verify_mode = @options[:verify_mode] if @options[:verify_mode]
+      http
+    end
+
     def _check_arg_type(name, value, klass)
       raise TypeError, "expected a #{klass.name} for #{name}; got #{value.class.name}" unless value.is_a?(klass)
     end

test/influxdb/default_api_test.rb

@@ -57,4 +57,33 @@ def test_supports_false
 
     @api.log(:info, 'without error')
   end
+
+  def test_default_verify_mode
+    http_client = @api.send(:_prepare_http_client, URI.parse('https://localhost:8086'))
+
+    refute_nil http_client
+    assert_nil http_client.verify_mode
+
+    http_client.finish if http_client.started?
+  end
+
+  def test_default_verify_mode_none
+    @api = InfluxDB2::DefaultApi.new(options: { logger: @logger, verify_mode: OpenSSL::SSL::VERIFY_NONE })
+    http_client = @api.send(:_prepare_http_client, URI.parse('https://localhost:8086'))
+
+    refute_nil http_client
+    assert_equal OpenSSL::SSL::VERIFY_NONE, http_client.verify_mode
+
+    http_client.finish if http_client.started?
+  end
+
+  def test_default_verify_mode_peer
+    @api = InfluxDB2::DefaultApi.new(options: { logger: @logger, verify_mode: OpenSSL::SSL::VERIFY_PEER })
+    http_client = @api.send(:_prepare_http_client, URI.parse('https://localhost:8086'))
+
+    refute_nil http_client
+    assert_equal OpenSSL::SSL::VERIFY_PEER, http_client.verify_mode
+
+    http_client.finish if http_client.started?
+  end
 end