2 files changed, 44 insertions, 17 deletions

diff --git a/tests/units/cli/get/test_commands.py b/tests/units/cli/get/test_commands.py
index e0b17a0..1e8c6e9 100644
--- a/tests/units/cli/get/test_commands.py
+++ b/tests/units/cli/get/test_commands.py
@@ -11,6 +11,7 @@ from typing import TYPE_CHECKING
 from unittest.mock import ANY, patch
 
 import pytest
+import requests
 from cvprac.cvp_client_errors import CvpApiError
 
 from anta.cli._main import anta
@@ -24,19 +25,25 @@ DATA_DIR: Path = Path(__file__).parents[3].resolve() / "data"
 
 
 @pytest.mark.parametrize(
-    ("cvp_container", "cvp_connect_failure"),
+    ("cvp_container", "verify_cert", "cv_token_failure", "cvp_connect_failure"),
     [
-        pytest.param(None, False, id="all devices"),
-        pytest.param("custom_container", False, id="custom container"),
-        pytest.param(None, True, id="cvp connect failure"),
+        pytest.param(None, True, False, False, id="all devices - verify cert"),
+        pytest.param(None, True, True, False, id="all devices - fail SSL check"),
+        pytest.param(None, False, False, False, id="all devices - do not verify cert"),
+        pytest.param("custom_container", False, False, False, id="custom container"),
+        pytest.param(None, False, False, True, id="cvp connect failure"),
     ],
 )
 def test_from_cvp(
     tmp_path: Path,
     click_runner: CliRunner,
     cvp_container: str | None,
+    verify_cert: bool,
+    cv_token_failure: bool,
     cvp_connect_failure: bool,
 ) -> None:
+    # pylint: disable=too-many-arguments
+    # ruff: noqa: C901
     """Test `anta get from-cvp`.
 
     This test verifies that username and password are NOT mandatory to run this command
@@ -57,6 +64,12 @@ def test_from_cvp(
 
     if cvp_container is not None:
         cli_args.extend(["--container", cvp_container])
+    if not verify_cert:
+        cli_args.extend(["--ignore-cert"])
+
+    def mock_get_cv_token(*_args: str, **_kwargs: str) -> None:
+        if cv_token_failure:
+            raise requests.exceptions.SSLError
 
     def mock_cvp_connect(_self: CvpClient, *_args: str, **_kwargs: str) -> None:
         if cvp_connect_failure:
@@ -64,7 +77,7 @@ def test_from_cvp(
 
     # always get a token
     with (
-        patch("anta.cli.get.commands.get_cv_token", return_value="dummy_token"),
+        patch("anta.cli.get.commands.get_cv_token", autospec=True, side_effect=mock_get_cv_token),
         patch(
             "cvprac.cvp_client.CvpClient.connect",
             autospec=True,
@@ -79,20 +92,27 @@ def test_from_cvp(
     ):
         result = click_runner.invoke(anta, cli_args)
 
-    if not cvp_connect_failure:
+    if not cvp_connect_failure and not cv_token_failure:
         assert output.exists()
 
+    if cv_token_failure:
+        assert "Authentication to CloudVison failed" in result.output
+        assert result.exit_code == ExitCode.USAGE_ERROR
+        return
+
     mocked_cvp_connect.assert_called_once()
-    if not cvp_connect_failure:
-        assert "Connected to CloudVision" in result.output
-        if cvp_container is not None:
-            mocked_get_devices_in_container.assert_called_once_with(ANY, cvp_container)
-        else:
-            mocked_get_inventory.assert_called_once()
-        assert result.exit_code == ExitCode.OK
-    else:
+
+    if cvp_connect_failure:
         assert "Error connecting to CloudVision" in result.output
         assert result.exit_code == ExitCode.USAGE_ERROR
+        return
+
+    assert "Connected to CloudVision" in result.output
+    if cvp_container is not None:
+        mocked_get_devices_in_container.assert_called_once_with(ANY, cvp_container)
+    else:
+        mocked_get_inventory.assert_called_once()
+    assert result.exit_code == ExitCode.OK
 
 
 @pytest.mark.parametrize(
diff --git a/tests/units/cli/get/test_utils.py b/tests/units/cli/get/test_utils.py
index 7ce85dc..e105f94 100644
--- a/tests/units/cli/get/test_utils.py
+++ b/tests/units/cli/get/test_utils.py
@@ -19,7 +19,14 @@ from anta.inventory import AntaInventory
 DATA_DIR: Path = Path(__file__).parents[3].resolve() / "data"
 
 
-def test_get_cv_token() -> None:
+@pytest.mark.parametrize(
+    "verify_cert",
+    [
+        pytest.param(True, id="Verify cert enabled"),
+        pytest.param(False, id="Verify cert disabled"),
+    ],
+)
+def test_get_cv_token(verify_cert: bool) -> None:
     """Test anta.get.utils.get_cv_token."""
     ip_addr = "42.42.42.42"
     username = "ant"
@@ -29,13 +36,13 @@ def test_get_cv_token() -> None:
         mocked_ret = MagicMock(autospec=requests.Response)
         mocked_ret.json.return_value = {"sessionId": "simple"}
         patched_request.return_value = mocked_ret
-        res = get_cv_token(ip_addr, username, password)
+        res = get_cv_token(ip_addr, username, password, verify_cert=verify_cert)
     patched_request.assert_called_once_with(
         "POST",
         "https://42.42.42.42/cvpservice/login/authenticate.do",
         headers={"Content-Type": "application/json", "Accept": "application/json"},
         data='{"userId": "ant", "password": "formica"}',
-        verify=False,
+        verify=verify_cert,
         timeout=10,
     )
     assert res == "simple"