Add support for SSL verification and local migration flag

- Introduced `verify_ssl` option in remote settings to control SSL certificate verification.
- Updated `migrate_remote` method to accept `force_local` flag, allowing local migration to be forced.
- Enhanced documentation for using HTTPS with self-signed certificates.
- Added tests for the new `force-local` migration functionality.

Author: grongierisc

docs/getting-started/register-component.md

@@ -338,6 +338,7 @@ The dictionary has the following structure:
 - `namespace`: The namespace for the connection (optional, default is "USER")
 - `remote_folder`: The folder where the components are stored (optional, default is the routine database folder)
 - `package`: The package name for the components (optional, default is "python")
+- `verify_ssl`: Whether to verify SSL certificates (optional, default is True). Set to False for self-signed certificates
 
 Example:
 ```python
@@ -355,4 +356,30 @@ CLASSES = {
 }
 ```
 
-This will import `FileOperation` from the `bo` module and register it under the key `'Python.FileOperation'` in the `CLASSES` dictionary.
+This will import `FileOperation` from the `bo` module and register it under the key `'Python.FileOperation'` in the `CLASSES` dictionary.
+
+#### Using HTTPS with Self-Signed Certificates
+
+If your remote IRIS instance uses HTTPS with a self-signed certificate, you need to disable SSL verification:
+
+```python
+REMOTE_SETTINGS = {
+    "url": "https://localhost:8443",
+    "username": "SuperUser",
+    "password": "SYS",
+    "namespace": "IRISAPP",
+    "verify_ssl": False  # Disable SSL verification for self-signed certificates
+}
+```
+
+**Note:** Disabling SSL verification should only be used in development or trusted environments, as it makes the connection vulnerable to man-in-the-middle attacks.
+
+#### Force Local Migration
+
+You can force local migration (skip remote migration even if `REMOTE_SETTINGS` is present) by using the `--force-local` flag:
+
+```bash
+iop -m /path/to/settings.py --force-local
+```
+
+This is useful when you want to test local migration while keeping your `REMOTE_SETTINGS` configuration in the settings file.

src/iop/_cli.py

@@ -48,6 +48,7 @@ class CommandArgs:
     classname: Optional[str] = None
     body: Optional[str] = None
     namespace: Optional[str] = None
+    force_local: bool = False
 
 class Command:
     def __init__(self, args: CommandArgs):
@@ -147,7 +148,7 @@ def _handle_migrate(self) -> None:
         if migrate_path is not None:
             if not os.path.isabs(migrate_path):
                 migrate_path = os.path.join(os.getcwd(), migrate_path)
-            _Utils.migrate_remote(migrate_path)
+            _Utils.migrate_remote(migrate_path, force_local=self.args.force_local)
 
     def _handle_log(self) -> None:
         if self.args.log == 'not_set':
@@ -190,6 +191,9 @@ def create_parser() -> argparse.ArgumentParser:
     test.add_argument('-C', '--classname', help='test classname', nargs='?', const='not_set')
     test.add_argument('-B', '--body', help='test body', nargs='?', const='not_set')
 
+    migrate = main_parser.add_argument_group('migrate arguments')
+    migrate.add_argument('--force-local', help='force local migration, skip remote even if REMOTE_SETTINGS is present', action='store_true')
+
     namespace = main_parser.add_argument_group('namespace arguments')
     namespace.add_argument('-n', '--namespace', help='set namespace', nargs='?', const='not_set')
 

src/iop/_utils.py

@@ -23,6 +23,7 @@ class RemoteSettings(TypedDict, total=False):
     remote_folder: str  # Optional: the folder to use (default: '')
     username: str  # Optional: the username to use to connect (default: '')
     password: str  # Optional: the password to use to connect (default: '')
+    verify_ssl: bool  # Optional: verify SSL certificates (default: True, set to False for self-signed certs)
 
 class _Utils():
     @staticmethod
@@ -261,7 +262,7 @@ def filename_to_module(filename) -> str:
         return module
 
     @staticmethod
-    def migrate_remote(filename=None):
+    def migrate_remote(filename=None, force_local=False):
         """
         Read a settings file from the filename
         If the settings.py file has a key 'REMOTE_SETTINGS' then it will use the value of that key
@@ -273,6 +274,7 @@ def migrate_remote(filename=None):
             * 'remote_folder': the folder to use (optional, default is '')
             * 'username': the username to use to connect (optional, default is '')
             * 'password': the password to use to connect (optional, default is '')
+            * 'verify_ssl': verify SSL certificates (optional, default is True)
         
         The remote host is a rest API that will be used to register the components
         The payload will be a json object with the following keys:
@@ -283,11 +285,15 @@ def migrate_remote(filename=None):
                 * 'data': the data of the file, it will be an UTF-8 encoded string
 
         'body' will be constructed with all the files in the folder if the folder is not empty else use root folder of settings.py
+        
+        Args:
+            filename: Path to the settings file
+            force_local: If True, skip remote migration even if REMOTE_SETTINGS is present
         """
         settings, path = _Utils._load_settings(filename)
         remote_settings: Optional[RemoteSettings] = getattr(settings, 'REMOTE_SETTINGS', None) if settings else None
 
-        if not remote_settings:
+        if not remote_settings or force_local:
             _Utils.migrate(filename)
             return
 
@@ -321,21 +327,35 @@ def migrate_remote(filename=None):
                             'data': data
                         })
 
+        # Get SSL verification setting (default to True for security)
+        verify_ssl = remote_settings.get('verify_ssl', True)
+        
+        # Disable SSL warnings if verify_ssl is False
+        if not verify_ssl:
+            import urllib3
+            urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+        
         # send the request to the remote settings
-        response = requests.put(
-            url=f"{remote_settings['url']}/api/iop/migrate",
-            json=payload,
-            headers={
-                'Content-Type': 'application/json',
-                'Accept': 'application/json'
-            },
-            auth=(remote_settings.get('username', ''), remote_settings.get('password', '')),
-            timeout=10
-        )
-
-        print(f"Response from remote migration:\n{response.text}")
-
-        response.raise_for_status()  # Raise an error for bad responses
+        try:
+            response = requests.put(
+                url=f"{remote_settings['url']}/api/iop/migrate",
+                json=payload,
+                headers={
+                    'Content-Type': 'application/json',
+                    'Accept': 'application/json'
+                },
+                auth=(remote_settings.get('username', ''), remote_settings.get('password', '')),
+                timeout=10,
+                verify=verify_ssl
+            )
+
+            print(f"Response from remote migration:\n{response.text}")
+
+            response.raise_for_status()  # Raise an error for bad responses
+        except requests.exceptions.SSLError as e:
+            print(f"SSL Error: {e}")
+            print("If you're using a self-signed certificate, set 'verify_ssl': False in REMOTE_SETTINGS")
+            raise
 
     @staticmethod
     def migrate(filename=None):

src/tests/bench/bench_bo.py

@@ -8,3 +8,10 @@ class BenchIoPOperation(BusinessOperation):
     def on_message(self, request):
         time.sleep(0.001)  # Simulate some processing delay
         return request
+
+if __name__ == "__main__":
+    # This block is for testing the operation directly
+    operation = BenchIoPOperation()
+    test_request = {"data": "test"}
+    response = operation.on_message(test_request)
+    print("Response:", response)

src/tests/test_cli.py

@@ -79,14 +79,21 @@ def test_migration(self):
             with self.assertRaises(SystemExit) as cm:
                 main(['-m', 'settings.json'])
             self.assertEqual(cm.exception.code, 0)
-            mock_migrate.assert_called_once_with(os.path.join(os.getcwd(), 'settings.json'))
+            mock_migrate.assert_called_once_with(os.path.join(os.getcwd(), 'settings.json'), force_local=False)
 
         # Test absolute path
         with patch('iop._utils._Utils.migrate_remote') as mock_migrate:
             with self.assertRaises(SystemExit) as cm:
                 main(['-m', '/tmp/settings.json'])
             self.assertEqual(cm.exception.code, 0)
-            mock_migrate.assert_called_once_with('/tmp/settings.json')
+            mock_migrate.assert_called_once_with('/tmp/settings.json', force_local=False)
+
+        # Test with force_local flag
+        with patch('iop._utils._Utils.migrate_remote') as mock_migrate:
+            with self.assertRaises(SystemExit) as cm:
+                main(['-m', '/tmp/settings.json', '--force-local'])
+            self.assertEqual(cm.exception.code, 0)
+            mock_migrate.assert_called_once_with('/tmp/settings.json', force_local=True)
 
     def test_initialization(self):
         """Test initialization command."""