From b6f08f27a243a9181ad8e71eb2616bc79f442520 Mon Sep 17 00:00:00 2001 From: Luc DUZAN Date: Mon, 29 Apr 2024 09:56:49 +0200 Subject: [PATCH] add ca cert --- README.md | 2 +- client/client.go | 9 +++++++-- client/client_test.go | 18 +++++++++--------- cmd/root.go | 4 ++-- 4 files changed, 19 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 200bd60..8c44b11 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ CDK_TOKEN= ```` You need to define the CDK_TOKEN and CDK_BASE_URL environment variables to use this tool. You can also use the CDK_KEY,CDK_CERT to use a certificate for tls authentication. -If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification +If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification or you can use CACERT. Usage: conduktor [flags] diff --git a/client/client.go b/client/client.go index ed3fa34..36af56b 100644 --- a/client/client.go +++ b/client/client.go @@ -20,7 +20,7 @@ type Client struct { kinds schema.KindCatalog } -func Make(token string, baseUrl string, debug bool, key, cert string, insecure bool) (*Client, error) { +func Make(token string, baseUrl string, debug bool, key, cert, cacert string, insecure bool) (*Client, error) { //token is set later because it's not mandatory for getting the openapi and parsing different kind restyClient := resty.New().SetDebug(debug).SetHeader("X-CDK-CLIENT", "CLI/"+utils.GetConduktorVersion()) @@ -34,6 +34,10 @@ func Make(token string, baseUrl string, debug bool, key, cert string, insecure b } } + if cacert != "" { + restyClient.SetRootCertificate(cacert) + } + result := &Client{ token: token, baseUrl: baseUrl, @@ -69,9 +73,10 @@ func MakeFromEnv() (*Client, error) { debug := strings.ToLower(os.Getenv("CDK_DEBUG")) == "true" key := os.Getenv("CDK_KEY") cert := os.Getenv("CDK_CERT") + cacert := os.Getenv("CDK_CACERT") insecure := strings.ToLower(os.Getenv("CDK_INSECURE")) == "true" - client, err := Make("", baseUrl, debug, key, cert, insecure) + client, err := Make("", baseUrl, debug, key, cert, cacert, insecure) if err != nil { return nil, fmt.Errorf("Cannot create client: %s", err) } diff --git a/client/client_test.go b/client/client_test.go index 0fad931..8eed91e 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -11,7 +11,7 @@ func TestApplyShouldWork(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -54,7 +54,7 @@ func TestApplyWithDryModeShouldWork(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -92,7 +92,7 @@ func TestApplyShouldFailIfNo2xx(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -130,7 +130,7 @@ func TestGetShouldWork(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -162,7 +162,7 @@ func TestGetShouldFailIfN2xx(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -193,7 +193,7 @@ func TestDescribeShouldWork(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -225,7 +225,7 @@ func TestDescribeShouldFailIfNo2xx(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl/api" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -256,7 +256,7 @@ func TestDeleteShouldWork(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } @@ -287,7 +287,7 @@ func TestDeleteShouldFailOnNot2XX(t *testing.T) { defer httpmock.Reset() baseUrl := "http://baseUrl" token := "aToken" - client, err := Make(token, baseUrl, false, "", "", false) + client, err := Make(token, baseUrl, false, "", "", "", false) if err != nil { panic(err) } diff --git a/cmd/root.go b/cmd/root.go index 481a00e..586157b 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -25,8 +25,8 @@ var rootCmd = &cobra.Command{ Use: "conduktor", Short: "Command line tools for conduktor", Long: `You need to define the CDK_TOKEN and CDK_BASE_URL environment variables to use this tool. -You can also use the CDK_KEY,CDK_CERT to use a certificate for tls authentication. -If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification`, +You can also use the CDK_KEY,CDK_CERT, CDK_CACERT to use a certificate for tls authentication. +If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification or set CDK_CACERT`, PersistentPreRun: func(cmd *cobra.Command, args []string) { if *debug { apiClient().ActivateDebug()