6432: Python SDK can find and use CA certs on Red Hat.

[arvados.git] / sdk / python / arvados / util.py

diff --git a/sdk/python/arvados/util.py b/sdk/python/arvados/util.py
index a474a94550d699b89ac1844ba3f38dd2ea52e433..aaf20945595e8b5e32fe74520465a761fd539e5e 100644 (file)
--- a/sdk/python/arvados/util.py
+++ b/sdk/python/arvados/util.py
@@ -1,11 +1,14 @@
 import fcntl
 import hashlib
+import httplib2
 import os
 import re
 import subprocess
 import errno
 import sys
-from arvados.collection import *
+
+import arvados
+from arvados.collection import CollectionReader
 
 HEX_RE = re.compile(r'^[0-9a-fA-F]+$')
 
@@ -349,8 +352,8 @@ def is_hex(s, *length_args):
     """
     num_length_args = len(length_args)
     if num_length_args > 2:
-        raise ArgumentError("is_hex accepts up to 3 arguments ({} given)".
-                            format(1 + num_length_args))
+        raise errors.ArgumentError("is_hex accepts up to 3 arguments ({} given)"
+                                   .format(1 + num_length_args))
     elif num_length_args == 2:
         good_len = (length_args[0] <= len(s) <= length_args[1])
     elif num_length_args == 1:
@@ -369,3 +372,20 @@ def list_all(fn, num_retries=0, **kwargs):
         items_available = c['items_available']
         offset = c['offset'] + len(c['items'])
     return items
+
+def ca_certs_path(fallback=httplib2.CA_CERTS):
+    """Return the path of the best available CA certs source.
+
+    This function searches for various distribution sources of CA
+    certificates, and returns the first it finds.  If it doesn't find any,
+    it returns the value of `fallback` (httplib2's CA certs by default).
+    """
+    for ca_certs_path in [
+        # Debian:
+        '/etc/ssl/certs/ca-certificates.crt',
+        # Red Hat:
+        '/etc/pki/tls/certs/ca-bundle.crt',
+        ]:
+        if os.path.exists(ca_certs_path):
+            return ca_certs_path
+    return fallback