jupyter-incubator · polomarcus · Jan 31, 2018 · Feb 1, 2018 · Feb 1, 2018 · Feb 2, 2018
diff --git a/sparkmagic/example_config.json b/sparkmagic/example_config.json
@@ -48,6 +48,7 @@
   "fatal_error_suggestion": "The code failed because of a fatal error:\n\t{}.\n\nSome things to try:\na) Make sure Spark has enough available resources for Jupyter to create a Spark context.\nb) Contact your Jupyter administrator to make sure the Spark magics library is configured correctly.\nc) Restart the kernel.",
 
   "ignore_ssl_errors": false,
+  "custom_certfiles_path": null,
 
   "session_configs": {
     "driverMemory": "1000M",

diff --git a/sparkmagic/sparkmagic/livyclientlib/reliablehttpclient.py b/sparkmagic/sparkmagic/livyclientlib/reliablehttpclient.py
@@ -33,6 +33,8 @@ def __init__(self, endpoint, headers, retry_policy):
         if not self.verify_ssl:
             self.logger.debug(u"ATTENTION: Will ignore SSL errors. This might render you vulnerable to attacks.")
             requests.packages.urllib3.disable_warnings()
+        else:
+            self._set_custom_certfiles_path()
 
     def get_headers(self):
         return self._headers
@@ -94,3 +96,8 @@ def _send_request_helper(self, url, accepted_status_codes, function, data, retry
                     raise HttpClientException(u"Invalid status code '{}' from {} with error payload: {}"
                                               .format(status, url, text))
             return r
+
+    def _set_custom_certfiles_path(self):
+        if conf.custom_certfiles_path is not None:
+            self.logger.debug(u"Using a custom SSL certificate")
+            self.verify_ssl = conf.custom_certfiles_path
diff --git a/sparkmagic/sparkmagic/tests/test_configuration.py b/sparkmagic/sparkmagic/tests/test_configuration.py
@@ -78,3 +78,13 @@ def test_share_config_between_pyspark_and_pyspark3():
     kpc = { 'username': 'U', 'password': 'P', 'base64_password': 'cGFzc3dvcmQ=', 'url': 'L', 'auth': AUTH_BASIC }
     overrides = { conf.kernel_python_credentials.__name__: kpc }
     assert_equals(conf.base64_kernel_python3_credentials(), conf.base64_kernel_python_credentials())
+
+@with_setup(_setup)
+def test_custom_certfiles_path():
+    overrides = { }
+    conf.override_all(overrides)
+    assert_equals(conf.custom_certfiles_path(), None)
+    cert = "test.pem"
+    overrides = { conf.custom_certfiles_path.__name__: cert }
+    conf.override_all(overrides)
+    assert_equals(conf.custom_certfiles_path(), cert)
diff --git a/sparkmagic/sparkmagic/tests/test_reliablehttpclient.py b/sparkmagic/sparkmagic/tests/test_reliablehttpclient.py
@@ -232,3 +232,4 @@ def test_kerberos_auth_check_auth():
     client = ReliableHttpClient(endpoint, {}, retry_policy)
     assert_is_not_none(client._auth)
     assert isinstance(client._auth, HTTPKerberosAuth)
+
diff --git a/sparkmagic/sparkmagic/utils/configuration.py b/sparkmagic/sparkmagic/utils/configuration.py
@@ -164,6 +164,9 @@ def resource_limit_mitigation_suggestion():
 def ignore_ssl_errors():
     return False
 
+@_with_override
+def custom_certfiles_path():
+    return None
 
 @_with_override
 def coerce_dataframe():
Original file line number	Diff line number	Diff line change
Expand Up		@@ -232,3 +232,4 @@ def test_kerberos_auth_check_auth():
		client = ReliableHttpClient(endpoint, {}, retry_policy)
		assert_is_not_none(client._auth)
		assert isinstance(client._auth, HTTPKerberosAuth)

Copy link Contributor aggFTW Feb 6, 2018 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Adding a test here to see that the verify parameter in the request is honoring the value of `conf.custom_certfiles_path()` when it's set would be useful and would have caught the lack of method call I mentioned in the other file. Let's add it.