conduktor · strokyl · Apr 29, 2024 · Apr 29, 2024
diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ CDK_TOKEN=<admin-token>
 ````
 You need to define the CDK_TOKEN and CDK_BASE_URL environment variables to use this tool.
 You can also use the CDK_KEY,CDK_CERT to use a certificate for tls authentication.
-If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification
+If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification or you can use CACERT.
 
 Usage:
   conduktor [flags]

diff --git a/client/client.go b/client/client.go
@@ -20,7 +20,7 @@ type Client struct {
 	kinds   schema.KindCatalog
 }
 
-func Make(token string, baseUrl string, debug bool, key, cert string, insecure bool) (*Client, error) {
+func Make(token string, baseUrl string, debug bool, key, cert, cacert string, insecure bool) (*Client, error) {
 	//token is set later because it's not mandatory for getting the openapi and parsing different kind
 	restyClient := resty.New().SetDebug(debug).SetHeader("X-CDK-CLIENT", "CLI/"+utils.GetConduktorVersion())
 
@@ -34,6 +34,10 @@ func Make(token string, baseUrl string, debug bool, key, cert string, insecure b
 		}
 	}
 
+	if cacert != "" {
+		restyClient.SetRootCertificate(cacert)
+	}
+
 	result := &Client{
 		token:   token,
 		baseUrl: baseUrl,
@@ -69,9 +73,10 @@ func MakeFromEnv() (*Client, error) {
 	debug := strings.ToLower(os.Getenv("CDK_DEBUG")) == "true"
 	key := os.Getenv("CDK_KEY")
 	cert := os.Getenv("CDK_CERT")
+	cacert := os.Getenv("CDK_CACERT")
 	insecure := strings.ToLower(os.Getenv("CDK_INSECURE")) == "true"
 
-	client, err := Make("", baseUrl, debug, key, cert, insecure)
+	client, err := Make("", baseUrl, debug, key, cert, cacert, insecure)
 	if err != nil {
 		return nil, fmt.Errorf("Cannot create client: %s", err)
 	}

diff --git a/client/client_test.go b/client/client_test.go
@@ -11,7 +11,7 @@ func TestApplyShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -54,7 +54,7 @@ func TestApplyWithDryModeShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -92,7 +92,7 @@ func TestApplyShouldFailIfNo2xx(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -130,7 +130,7 @@ func TestGetShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -162,7 +162,7 @@ func TestGetShouldFailIfN2xx(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -193,7 +193,7 @@ func TestDescribeShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -225,7 +225,7 @@ func TestDescribeShouldFailIfNo2xx(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl/api"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -256,7 +256,7 @@ func TestDeleteShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -287,7 +287,7 @@ func TestDeleteShouldFailOnNot2XX(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "", false)
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}

diff --git a/cmd/root.go b/cmd/root.go
@@ -25,8 +25,8 @@ var rootCmd = &cobra.Command{
 	Use:   "conduktor",
 	Short: "Command line tools for conduktor",
 	Long: `You need to define the CDK_TOKEN and CDK_BASE_URL environment variables to use this tool.
-You can also use the CDK_KEY,CDK_CERT to use a certificate for tls authentication.
-If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification`,
+You can also use the CDK_KEY,CDK_CERT, CDK_CACERT to use a certificate for tls authentication.
+If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification or set CDK_CACERT`,
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		if *debug {
 			apiClient().ActivateDebug()