feat: add --insecure flag to skip SSL certificate verification for API requests

Author: Wahib-L

README.md

@@ -74,6 +74,7 @@ Here are the planned enhancements and features for WRPT:
 | -l    | `--url <URL>`                   | URL of the Portainer instance.                                                                                                                       |
 | -A    | `--access-token <ACCESS_TOKEN>` | Access token of the Portainer instance. Learn how to generate an access token [here](https://docs.portainer.io/api/access#creating-an-access-token). |
 |       | `--color <COLOR>`               | When to use terminal colours [default: auto] [possible values: auto, always, never].                                                                 |
+|       | `--insecure`                    | Skip the host's SSL certificate verification, use at your own risk.                                                                                  |
 | -v... |                                 | Increase the verbosity of messages: 1 for normal output, 2 for more verbose output, 3 for debug and 4 for trace.                                     |
 | -q    | `--quiet`                       | Do not output any message.                                                                                                                           |
 | -h    | `--help`                        | Print help.                                                                                                                                          |

src/commands/endpoints/handlers/list.rs

@@ -14,20 +14,28 @@ pub(crate) fn handler(command: EndpointListCommand, global_args: GlobalArgs) ->
     let base_url = get_base_url(&global_args)?;
     let access_token = get_access_token(&global_args)?;
 
-    let endpoints = fetch_endpoints(base_url.as_str(), access_token.as_str())?;
+    let endpoints = fetch_endpoints(
+        base_url.as_str(),
+        access_token.as_str(),
+        global_args.insecure,
+    )?;
 
     build_table(&endpoints, None).printstd();
 
     Ok(())
 }
 
-pub(crate) fn fetch_endpoints(base_url: &str, access_token: &str) -> Result<Vec<EndpointList>, ()> {
+pub(crate) fn fetch_endpoints(
+    base_url: &str,
+    access_token: &str,
+    insecure: bool,
+) -> Result<Vec<EndpointList>, ()> {
     let url =
         construct_url(base_url, consts::ENDPOINT_ENDPOINTS).log_expect("failed to construct url");
 
     debug!("request = GET {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .get(url)
         .query(&[("excludeSnapshots", "true")])
         .send()

src/commands/helpers.rs

@@ -16,8 +16,9 @@ use std::fs::File;
 use std::io::{self, BufRead};
 use std::path::PathBuf;
 
-pub(crate) fn create_client(api_key: &str) -> reqwest::blocking::Client {
+pub(crate) fn create_client(api_key: &str, insecure: bool) -> reqwest::blocking::Client {
     reqwest::blocking::Client::builder()
+        .danger_accept_invalid_certs(insecure)
         .default_headers({
             let mut headers = reqwest::header::HeaderMap::new();
             headers.insert(
@@ -34,8 +35,9 @@ pub(crate) fn get_stack_id_from_name(
     name: &str,
     base_url: &str,
     access_token: &str,
+    insecure: bool,
 ) -> Result<Option<u32>, ()> {
-    let stacks = fetch_stacks(base_url, access_token)?;
+    let stacks = fetch_stacks(base_url, access_token, insecure)?;
 
     for stack in stacks {
         if stack.name.eq(name) {
@@ -50,6 +52,7 @@ pub(crate) fn get_swarm_id_from_endpoint_id(
     endpoint_id: u32,
     url: &str,
     access_token: &str,
+    insecure: bool,
 ) -> Option<String> {
     let mut url = url.to_string();
     url.push_str(
@@ -58,7 +61,7 @@ pub(crate) fn get_swarm_id_from_endpoint_id(
             .as_str(),
     );
 
-    let response = create_client(access_token).get(url).send();
+    let response = create_client(access_token, insecure).get(url).send();
 
     let body = response
         .log_expect("invalid response from API")

src/commands/stacks/handlers/deploy.rs

@@ -31,6 +31,7 @@ pub(crate) fn handler(command: StackDeployCommand, global_args: GlobalArgs) -> R
         command.stack_name.as_str(),
         base_url.as_str(),
         access_token.as_str(),
+        global_args.insecure,
     )?;
 
     let stack: Vec<Stack> = if stack_id.is_none() {
@@ -41,6 +42,7 @@ pub(crate) fn handler(command: StackDeployCommand, global_args: GlobalArgs) -> R
             command.endpoint,
             base_url.as_str(),
             access_token.as_str(),
+            global_args.insecure,
         );
 
         match swarm_id {
@@ -64,6 +66,7 @@ pub(crate) fn handler(command: StackDeployCommand, global_args: GlobalArgs) -> R
                     stack_create_payload,
                     command.endpoint,
                     consts::ENDPOINT_STACKS_CREATE_SWARM_STRING,
+                    global_args.insecure,
                 )?
             }
             None => {
@@ -85,6 +88,7 @@ pub(crate) fn handler(command: StackDeployCommand, global_args: GlobalArgs) -> R
                     stack_create_payload,
                     command.endpoint,
                     consts::ENDPOINT_STACKS_CREATE_STANDALONE_STRING,
+                    global_args.insecure,
                 )?
             }
         }
@@ -111,6 +115,7 @@ pub(crate) fn handler(command: StackDeployCommand, global_args: GlobalArgs) -> R
             stack_update_payload,
             stack_id.unwrap_or_default(),
             command.endpoint,
+            global_args.insecure,
         )?
     };
 
@@ -143,12 +148,13 @@ pub(crate) fn create_stack<T: serde::Serialize>(
     stack_create_payload: T,
     entrypoint_id: u32,
     endpoint: &str,
+    insecure: bool,
 ) -> Result<Vec<Stack>, ()> {
     let url = construct_url(base_url, endpoint).log_expect("failed to construct url");
 
     debug!("request = POST {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .post(url)
         .json(&stack_create_payload)
         .query(&[("endpointId", entrypoint_id)])
@@ -164,6 +170,7 @@ pub(crate) fn update_stack(
     stack_update_payload: StackDeployUpdatePayload,
     stack_id: u32,
     entrypoint_id: u32,
+    insecure: bool,
 ) -> Result<Vec<Stack>, ()> {
     let url = construct_url(
         base_url,
@@ -175,7 +182,7 @@ pub(crate) fn update_stack(
 
     debug!("request = PUT {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .put(url)
         .json(&stack_update_payload)
         .query(&[("endpointId", entrypoint_id)])

src/commands/stacks/handlers/list.rs

@@ -14,7 +14,11 @@ pub(crate) fn handler(command: StackListCommand, global_args: GlobalArgs) -> Res
     let base_url = get_base_url(&global_args)?;
     let access_token = get_access_token(&global_args)?;
 
-    let stacks = fetch_stacks(base_url.as_str(), access_token.as_str())?;
+    let stacks = fetch_stacks(
+        base_url.as_str(),
+        access_token.as_str(),
+        global_args.insecure,
+    )?;
 
     build_table(
         &stacks,
@@ -37,13 +41,17 @@ pub(crate) fn handler(command: StackListCommand, global_args: GlobalArgs) -> Res
     Ok(())
 }
 
-pub(crate) fn fetch_stacks(base_url: &str, access_token: &str) -> Result<Vec<StackList>, ()> {
+pub(crate) fn fetch_stacks(
+    base_url: &str,
+    access_token: &str,
+    insecure: bool,
+) -> Result<Vec<StackList>, ()> {
     let url =
         construct_url(base_url, consts::ENDPOINT_STACKS).log_expect("failed to construct url");
 
     debug!("request = GET {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .get(url)
         .send()
         .log_expect("invalid response from API");

src/commands/stacks/handlers/remove.rs

@@ -19,6 +19,7 @@ pub(crate) fn handler(command: StackRemoveCommand, global_args: GlobalArgs) -> R
         command.stack_name.as_str(),
         base_url.as_str(),
         access_token.as_str(),
+        global_args.insecure,
     )?;
 
     if stack_id.is_none() {
@@ -39,14 +40,21 @@ pub(crate) fn handler(command: StackRemoveCommand, global_args: GlobalArgs) -> R
         access_token.as_str(),
         stack_id.unwrap_or_default(),
         command.endpoint,
+        global_args.insecure,
     );
 
     info!("Done");
 
     Ok(())
 }
 
-pub(crate) fn remove_stack(base_url: &str, access_token: &str, stack_id: u32, entrypoint_id: u32) {
+pub(crate) fn remove_stack(
+    base_url: &str,
+    access_token: &str,
+    stack_id: u32,
+    entrypoint_id: u32,
+    insecure: bool,
+) {
     let url = construct_url(
         base_url,
         consts::ENDPOINT_STACKS_REMOVE
@@ -57,7 +65,7 @@ pub(crate) fn remove_stack(base_url: &str, access_token: &str, stack_id: u32, en
 
     debug!("request = DELETE {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .delete(url)
         .query(&[("endpointId", entrypoint_id)])
         .send()

src/commands/stacks/handlers/resource_control.rs

@@ -23,6 +23,7 @@ pub(crate) fn handler(
         command.stack_name.as_str(),
         base_url.as_str(),
         access_token.as_str(),
+        global_args.insecure,
     )?;
 
     if stack_id.is_none() {
@@ -46,6 +47,7 @@ pub(crate) fn handler(
         access_token.as_str(),
         stack_id.unwrap_or_default(),
         command.endpoint,
+        global_args.insecure,
     )?;
 
     let resource_control = &stack.first().ok_or(())?.resource_control;
@@ -60,6 +62,7 @@ pub(crate) fn inspect_stack(
     access_token: &str,
     stack_id: u32,
     entrypoint_id: u32,
+    insecure: bool,
 ) -> Result<Vec<Stack>, ()> {
     let url = construct_url(
         base_url,
@@ -71,7 +74,7 @@ pub(crate) fn inspect_stack(
 
     debug!("request = GET {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .get(url)
         .query(&[("endpointId", entrypoint_id)])
         .send()

src/commands/stacks/handlers/start.rs

@@ -19,6 +19,7 @@ pub(crate) fn handler(command: StackStartCommand, global_args: GlobalArgs) -> Re
         command.stack_name.as_str(),
         base_url.as_str(),
         access_token.as_str(),
+        global_args.insecure,
     )?;
 
     if stack_id.is_none() {
@@ -39,14 +40,21 @@ pub(crate) fn handler(command: StackStartCommand, global_args: GlobalArgs) -> Re
         access_token.as_str(),
         stack_id.unwrap_or_default(),
         command.endpoint,
+        global_args.insecure,
     );
 
     info!("Done");
 
     Ok(())
 }
 
-pub(crate) fn start_stack(base_url: &str, access_token: &str, stack_id: u32, entrypoint_id: u32) {
+pub(crate) fn start_stack(
+    base_url: &str,
+    access_token: &str,
+    stack_id: u32,
+    entrypoint_id: u32,
+    insecure: bool,
+) {
     let url = construct_url(
         base_url,
         consts::ENDPOINT_STACKS_START
@@ -57,7 +65,7 @@ pub(crate) fn start_stack(base_url: &str, access_token: &str, stack_id: u32, ent
 
     debug!("request = POST {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .post(url)
         .query(&[("endpointId", entrypoint_id)])
         .send()

src/commands/stacks/handlers/stop.rs

@@ -19,6 +19,7 @@ pub(crate) fn handler(command: StackStopCommand, global_args: GlobalArgs) -> Res
         command.stack_name.as_str(),
         base_url.as_str(),
         access_token.as_str(),
+        global_args.insecure,
     )?;
 
     if stack_id.is_none() {
@@ -39,14 +40,21 @@ pub(crate) fn handler(command: StackStopCommand, global_args: GlobalArgs) -> Res
         access_token.as_str(),
         stack_id.unwrap_or_default(),
         command.endpoint,
+        global_args.insecure,
     );
 
     info!("Done");
 
     Ok(())
 }
 
-pub(crate) fn stop_stack(base_url: &str, access_token: &str, stack_id: u32, entrypoint_id: u32) {
+pub(crate) fn stop_stack(
+    base_url: &str,
+    access_token: &str,
+    stack_id: u32,
+    entrypoint_id: u32,
+    insecure: bool,
+) {
     let url = construct_url(
         base_url,
         consts::ENDPOINT_STACKS_STOP
@@ -57,7 +65,7 @@ pub(crate) fn stop_stack(base_url: &str, access_token: &str, stack_id: u32, entr
 
     debug!("request = POST {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .post(url)
         .query(&[("endpointId", entrypoint_id)])
         .send()

src/commands/teams/handlers/list.rs

@@ -14,19 +14,27 @@ pub(crate) fn handler(command: TeamListCommand, global_args: GlobalArgs) -> Resu
     let base_url = get_base_url(&global_args)?;
     let access_token = get_access_token(&global_args)?;
 
-    let teams = fetch_teams(base_url.as_str(), access_token.as_str())?;
+    let teams = fetch_teams(
+        base_url.as_str(),
+        access_token.as_str(),
+        global_args.insecure,
+    )?;
 
     build_table(&teams, None).printstd();
 
     Ok(())
 }
 
-pub(crate) fn fetch_teams(base_url: &str, access_token: &str) -> Result<Vec<TeamList>, ()> {
+pub(crate) fn fetch_teams(
+    base_url: &str,
+    access_token: &str,
+    insecure: bool,
+) -> Result<Vec<TeamList>, ()> {
     let url = construct_url(base_url, consts::ENDPOINT_TEAMS).log_expect("failed to construct url");
 
     debug!("request = GET {:?}", url.as_str());
 
-    let response = create_client(access_token)
+    let response = create_client(access_token, insecure)
         .get(url)
         .send()
         .log_expect("invalid response from API");