Skip to content

Commit 8c38579

Browse files
IvanBorislavovDimitrovIvanBorislavovDimitrov
committed
Skip ssl validation if the option is already provided
1 parent 22b5ad9 commit 8c38579

File tree

2 files changed

+34
-15
lines changed

2 files changed

+34
-15
lines changed

clients/cfrestclient/rest_cloud_foundry_client_extended.go

Lines changed: 25 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package cfrestclient
22

33
import (
44
"crypto/md5"
5+
"crypto/tls"
56
"encoding/hex"
67
"encoding/json"
78
"fmt"
@@ -11,16 +12,23 @@ import (
1112
"code.cloudfoundry.org/cli/plugin"
1213
"code.cloudfoundry.org/jsonry"
1314
"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/models"
15+
"github.com/cloudfoundry-incubator/multiapps-cli-plugin/log"
1416
)
1517

1618
const cfBaseUrl = "v3/"
1719

1820
type CloudFoundryRestClient struct {
19-
cliConn plugin.CliConnection
21+
cliConn plugin.CliConnection
22+
isSslDisabled bool
2023
}
2124

2225
func NewCloudFoundryRestClient(cliConn plugin.CliConnection) CloudFoundryOperationsExtended {
23-
return &CloudFoundryRestClient{cliConn}
26+
isSslDisabled, err := cliConn.IsSSLDisabled()
27+
if err != nil {
28+
log.Tracef("Error while determining skip-ssl-validation: %v", err)
29+
isSslDisabled = false
30+
}
31+
return &CloudFoundryRestClient{cliConn, isSslDisabled}
2432
}
2533

2634
func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid string) ([]models.CloudFoundryApplication, error) {
@@ -40,7 +48,7 @@ func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid s
4048
} else {
4149
getAppsUrl = fmt.Sprintf("%s,!mta_namespace", getAppsUrl)
4250
}
43-
return getPaginatedResources[models.CloudFoundryApplication](getAppsUrl, token)
51+
return getPaginatedResources[models.CloudFoundryApplication](getAppsUrl, token, c.isSslDisabled)
4452
}
4553

4654
func (c CloudFoundryRestClient) GetAppProcessStatistics(appGuid string) ([]models.ApplicationProcessStatistics, error) {
@@ -51,7 +59,7 @@ func (c CloudFoundryRestClient) GetAppProcessStatistics(appGuid string) ([]model
5159
apiEndpoint, _ := c.cliConn.ApiEndpoint()
5260

5361
getAppProcessStatsUrl := fmt.Sprintf("%s/%sapps/%s/processes/web/stats", apiEndpoint, cfBaseUrl, appGuid)
54-
body, err := executeRequest(getAppProcessStatsUrl, token)
62+
body, err := executeRequest(getAppProcessStatsUrl, token, c.isSslDisabled)
5563
if err != nil {
5664
return nil, err
5765
}
@@ -70,7 +78,7 @@ func (c CloudFoundryRestClient) GetApplicationRoutes(appGuid string) ([]models.A
7078
apiEndpoint, _ := c.cliConn.ApiEndpoint()
7179

7280
getAppRoutesUrl := fmt.Sprintf("%s/%sapps/%s/routes", apiEndpoint, cfBaseUrl, appGuid)
73-
return getPaginatedResources[models.ApplicationRoute](getAppRoutesUrl, token)
81+
return getPaginatedResources[models.ApplicationRoute](getAppRoutesUrl, token, c.isSslDisabled)
7482
}
7583

7684
func (c CloudFoundryRestClient) GetServiceInstances(mtaId, mtaNamespace, spaceGuid string) ([]models.CloudFoundryServiceInstance, error) {
@@ -91,7 +99,7 @@ func (c CloudFoundryRestClient) GetServiceInstances(mtaId, mtaNamespace, spaceGu
9199
} else {
92100
getServicesUrl = fmt.Sprintf("%s,!mta_namespace", getServicesUrl)
93101
}
94-
return getPaginatedResourcesWithIncluded(getServicesUrl, token, buildServiceInstance)
102+
return getPaginatedResourcesWithIncluded(getServicesUrl, token, c.isSslDisabled, buildServiceInstance)
95103
}
96104

97105
func (c CloudFoundryRestClient) GetServiceBindings(serviceName string) ([]models.ServiceBinding, error) {
@@ -102,13 +110,13 @@ func (c CloudFoundryRestClient) GetServiceBindings(serviceName string) ([]models
102110
apiEndpoint, _ := c.cliConn.ApiEndpoint()
103111

104112
getServiceBindingsUrl := fmt.Sprintf("%s/%sservice_credential_bindings?type=app&include=app&service_instance_names=%s", apiEndpoint, cfBaseUrl, serviceName)
105-
return getPaginatedResourcesWithIncluded(getServiceBindingsUrl, token, buildServiceBinding)
113+
return getPaginatedResourcesWithIncluded(getServiceBindingsUrl, token, c.isSslDisabled, buildServiceBinding)
106114
}
107115

108-
func getPaginatedResources[T any](url, token string) ([]T, error) {
116+
func getPaginatedResources[T any](url, token string, isSslDisabled bool) ([]T, error) {
109117
var result []T
110118
for url != "" {
111-
body, err := executeRequest(url, token)
119+
body, err := executeRequest(url, token, isSslDisabled)
112120
if err != nil {
113121
return nil, err
114122
}
@@ -125,10 +133,10 @@ func getPaginatedResources[T any](url, token string) ([]T, error) {
125133
return result, nil
126134
}
127135

128-
func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, auxiliaryContentHandler func(T, Auxiliary) T) ([]T, error) {
136+
func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, isSslDisabled bool, auxiliaryContentHandler func(T, Auxiliary) T) ([]T, error) {
129137
var result []T
130138
for url != "" {
131-
body, err := executeRequest(url, token)
139+
body, err := executeRequest(url, token, isSslDisabled)
132140
if err != nil {
133141
return nil, err
134142
}
@@ -145,10 +153,14 @@ func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string,
145153
return result, nil
146154
}
147155

148-
func executeRequest(url, token string) ([]byte, error) {
156+
func executeRequest(url, token string, isSslDisabled bool) ([]byte, error) {
149157
req, _ := http.NewRequest(http.MethodGet, url, nil)
150158
req.Header.Add("Authorization", token)
151-
resp, err := http.DefaultClient.Do(req)
159+
httpTransport := http.DefaultTransport.(*http.Transport).Clone()
160+
httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: isSslDisabled}
161+
client := http.DefaultClient
162+
client.Transport = httpTransport
163+
resp, err := client.Do(req)
152164
if err != nil {
153165
return nil, err
154166
}

commands/base_command.go

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package commands
22

33
import (
4+
"crypto/tls"
45
"flag"
56
"fmt"
67
"io"
@@ -59,7 +60,12 @@ type BaseCommand struct {
5960
// Initialize initializes the command with the specified name and CLI connection
6061
func (c *BaseCommand) Initialize(name string, cliConnection plugin.CliConnection) {
6162
log.Tracef("Initializing command %q\n", name)
62-
transport := newTransport()
63+
isSslDisabled, err := cliConnection.IsSSLDisabled()
64+
if err != nil {
65+
log.Tracef("Error while determining skip-ssl-validation: %v", err)
66+
isSslDisabled = false
67+
}
68+
transport := newTransport(isSslDisabled)
6369
tokenFactory := NewDefaultTokenFactory(cliConnection)
6470
c.InitializeAll(name, cliConnection, transport, clients.NewDefaultClientFactory(), tokenFactory, util.NewDeployServiceURLCalculator(cliConnection))
6571
}
@@ -264,11 +270,12 @@ func (c *BaseCommand) shouldAbortConflictingOperation(mtaID string, force bool)
264270
terminal.EntityNameColor(mtaID))
265271
}
266272

267-
func newTransport() http.RoundTripper {
273+
func newTransport(isSslDisabled bool) http.RoundTripper {
268274
csrfx := csrf.CsrfTokenHelper{NonProtectedMethods: getNonProtectedMethods()}
269275
httpTransport := http.DefaultTransport.(*http.Transport).Clone()
270276
// Increase tls handshake timeout to cope with slow internet connections. 3 x default value =30s.
271277
httpTransport.TLSHandshakeTimeout = 30 * time.Second
278+
httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: isSslDisabled}
272279
return &csrf.Transport{Delegate: httpTransport, Csrf: &csrfx}
273280
}
274281

0 commit comments

Comments
 (0)