use server certificates for checking rhsm and sattelite subscriptions

2026-01-10 15:32:07 -03:30 · 2025-04-23 10:41:54 +02:00 · 2025-04-23 10:41:54 +02:00 · 73187c61f4
commit 73187c61f4
parent db6e8b9bad
1 changed files with 3 additions and 13 deletions
--- a/awx/main/utils/licensing.py
+++ b/awx/main/utils/licensing.py
@ -242,20 +242,15 @@ class Licenser(object):
        return []

    def get_rhsm_subs(self, host, user, pw):
-        verify = getattr(settings, 'REDHAT_CANDLEPIN_VERIFY', True)
        json = []
        try:
-            subs = requests.get('/'.join([host, 'subscription/users/{}/owners'.format(user)]), verify=verify, auth=(user, pw))
+            subs = requests.get('/'.join([host, 'subscription/users/{}/owners'.format(user)]), verify=True, auth=(user, pw))
        except requests.exceptions.ConnectionError as error:
            raise error
-        except OSError as error:
-            raise OSError(
-                'Unable to open certificate bundle {}. Check that the service is running on Red Hat Enterprise Linux.'.format(verify)
-            ) from error  # noqa
        subs.raise_for_status()

        for sub in subs.json():
-            resp = requests.get('/'.join([host, 'subscription/owners/{}/pools/?match=*tower*'.format(sub['key'])]), verify=verify, auth=(user, pw))
+            resp = requests.get('/'.join([host, 'subscription/owners/{}/pools/?match=*tower*'.format(sub['key'])]), verify=True, auth=(user, pw))
            resp.raise_for_status()
            json.extend(resp.json())
        return json
@ -267,18 +262,13 @@ class Licenser(object):
            port = str(self.config.get("server", "port"))
        except Exception as e:
            logger.exception('Unable to read rhsm config to get ca_cert location. {}'.format(str(e)))
-            verify = getattr(settings, 'REDHAT_CANDLEPIN_VERIFY', True)
        if port:
            host = ':'.join([host, port])
        json = []
        try:
-            orgs = requests.get('/'.join([host, 'katello/api/organizations']), verify=verify, auth=(user, pw))
+            orgs = requests.get('/'.join([host, 'katello/api/organizations']), verify=True, auth=(user, pw))
        except requests.exceptions.ConnectionError as error:
            raise error
-        except OSError as error:
-            raise OSError(
-                'Unable to open certificate bundle {}. Check that the service is running on Red Hat Enterprise Linux.'.format(verify)
-            ) from error  # noqa
        orgs.raise_for_status()

        for org in orgs.json()['results']: