Cannot download apps from splunkbase behind a TLS-inspecting corporate web proxy #686
Description
Title says it all. Here is an example error:
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/adapters.py", line 489, in send
2024-10-24 12:58:01 resp = conn.urlopen( File "/usr/lib/python3.9/site-
2024-10-24 12:58:01 packages/urllib3/connectionpool.py", line 802, in urlopen retries =
2024-10-24 12:58:01 retries.increment( File "/usr/lib/python3.9/site-
2024-10-24 12:58:01 packages/urllib3/util/retry.py", line 594, in increment raise
2024-10-24 12:58:01 MaxRetryError(_pool, url, error or ResponseError(cause))
2024-10-24 12:58:01 urllib3.exceptions.MaxRetryError:
2024-10-24 12:58:01 HTTPSConnectionPool(host='splunkbase.splunk.com', port=443): Max retries
2024-10-24 12:58:01 exceeded with url: /api/account:login/ (Caused by
2024-10-24 12:58:01 SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
2024-10-24 12:58:01 certificate verify failed: unable to get local issuer certificate
2024-10-24 12:58:01 (_ssl.c:1133)'))) During handling of the above exception, another exception
2024-10-24 12:58:01 occurred: Traceback (most recent call last): File
2024-10-24 12:58:01 "/opt/ansible/inventory/environ.py", line 891, in <module> main() File
2024-10-24 12:58:01 "/opt/ansible/inventory/environ.py", line 877, in main
2024-10-24 12:58:01 getSplunkInventory(inventory) File "/opt/ansible/inventory/environ.py", line
2024-10-24 12:58:01 95, in getSplunkInventory inventory["all"]["vars"] = getDefaultVars()
2024-10-24 12:58:01 File "/opt/ansible/inventory/environ.py", line 146, in getDefaultVars
2024-10-24 12:58:01 getSplunkbaseToken(defaultVars) File "/opt/ansible/inventory/environ.py",
2024-10-24 12:58:01 line 350, in getSplunkbaseToken resp =
2024-10-24 12:58:01 requests.post("https://splunkbase.splunk.com/api/account:login/", File
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/api.py", line 115, in post
2024-10-24 12:58:01 return request("post", url, data=data, json=json, **kwargs) File
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/api.py", line 59, in request
2024-10-24 12:58:01 return session.request(method=method, url=url, **kwargs) File
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/sessions.py", line 587, in request
2024-10-24 12:58:01 resp = self.send(prep, **send_kwargs) File "/usr/lib/python3.9/site-
2024-10-24 12:58:01 packages/requests/sessions.py", line 701, in send r = adapter.send(request,
2024-10-24 12:58:01 **kwargs) File "/usr/lib/python3.9/site-packages/requests/adapters.py", line
2024-10-24 12:58:01 563, in send raise SSLError(e, request=request)
2024-10-24 12:58:01 requests.exceptions.SSLError: HTTPSConnectionPool(host='splunkbase.splunk.com',
2024-10-24 12:58:01 port=443): Max retries exceeded with url: /api/account:login/ (Caused by
2024-10-24 12:58:01 SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
2024-10-24 12:58:01 certificate verify failed: unable to get local issuer certificate
2024-10-24 12:58:01 (_ssl.c:1133)')))
2024-10-24 12:58:01 [WARNING]: * Failed to parse /opt/ansible/inventory/environ.py with ini
2024-10-24 12:58:01 plugin: /opt/ansible/inventory/environ.py:16: Expected key=value host variable
2024-10-24 12:58:01 assignment, got: __future__
2024-10-24 12:58:01 [WARNING]: Unable to parse /opt/ansible/inventory/environ.py as an inventory
2024-10-24 12:58:01 source
2024-10-24 12:58:01 ERROR! No inventory was parsed, please check your configuration and options.
Here, splunkbase.splunk.com cannot be accessed because the cert is not recognized (because of the TLS-inspecting corporate proxy).
I read the documentation, and there seems to exist no way of disabling TLS/SSL verification with an environment variable.
In some organizations, removing TLS inspections on a domain is hard and I think docker-splunk should provide an option to either provide an intermediate CA or disable TLS verification altogether.