Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BROOKLYN-280] add --skipSslChecks flag to work with self-signed certs #21

Merged
merged 2 commits into from May 30, 2016
Merged

[BROOKLYN-280] add --skipSslChecks flag to work with self-signed certs #21

merged 2 commits into from May 30, 2016

Conversation

johnmccabe
Copy link
Contributor

@johnmccabe johnmccabe commented May 24, 2016
edited

  • defaults to false, ie existing behaviour
  • setting the flag --skipSslChecks disables certificate chain and hostname verification (see InsecureSkipVerify in https://golang.org/pkg/crypto/tls/)
  • persisted to ~/.brooklyn_cli
  • also bumped version to 0.10.0-SNAPSHOT
bash-4.3$ br login https://10.10.10.100:8443/ admin password
Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown authority
bash-4.3$ br app
Get https://10.10.10.100:8443/v1/applications: x509: certificate signed by unknown authority

bash-4.3$ br --skipSslChecks login https://10.10.10.100:8443/ admin password
Connected to Brooklyn version 0.10.0-20160513.2042 at https://10.10.10.100:8443
bash-4.3$ br app
Id   Name   Status   Location

Note: I'd no apps running on this system so the empty table is ok, catalog returns as expected.

{
    "auth": {
        "https://10.10.10.100:8443": {
            "password": "password",
            "username": "admin"
        }
    },
    "skipSslChecks": true,
    "target": "https://10.10.10.100:8443"
}

@johnmccabe
fix BROOKLYN-280, add --skipSslChecks flag
7dc9b3f 
- defaults to false, ie existing behaviour
- setting to true disables certificate chain and hostname verificiation (see `InsecureSkipVerify` in https://golang.org/pkg/crypto/tls/)
- persisted to ~/.brooklyn_cli

```
bash-4.3$ br login https://10.10.10.100:8443/ admin password
Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown authority
bash-4.3$ br app
Get https://10.10.10.100:8443/v1/applications: x509: certificate signed by unknown authority

bash-4.3$ br --skipSslChecks login https://10.10.10.100:8443/ admin password
Connected to Brooklyn version 0.10.0-20160513.2042 at https://10.10.10.100:8443
bash-4.3$ br app
Id   Name   Status   Location

```
@johnmccabe johnmccabe changed the title fix BROOKLYN-280, add --skipSslChecks flag to work with self-signed certs [BROOKLYN-280] add --skipSslChecks flag to work with self-signed certs May 24, 2016
neykov
neykov reviewed May 25, 2016
View reviewed changes
app/app.go
@@ -39,7 +39,7 @@ var appConfig = configDefaults{
Name: os.Args[0],
HelpName: os.Args[0],
Usage: "A Brooklyn command line client application",
Version: "0.9.0",
Version: "0.10.0-SNAPSHOT",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an inline comment BROOKLYN_VERSION, or a comment on the line above BROOKLYN_VERSION_BELOW to have this changed automatically.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @neykov forgot about that

@johnmccabe
Copy link
Contributor Author

I'm tempted to change the flag to match curl

-k, --insecure

wdyt?

@m4rkmckenna
Copy link
Member

+1 to matching curl

@geomacy
Copy link
Contributor

geomacy commented May 27, 2016

👍 LGTM, I have pulled and tested this and it works well. Think this is a valuable addition to the tool.

@geomacy
Copy link
Contributor

geomacy commented May 27, 2016

I don't think this necessarily needs to change to match the "-k / --insecure" of curl, the current flag has a nicely meaningful name.

@johnmccabe
Copy link
Contributor Author

Thanks @geomacy should be good to merge now

@asfgit asfgit merged commit fe57b6a into apache:master May 30, 2016
asfgit pushed a commit that referenced this pull request May 30, 2016
@neykov
Closes #21
9700ec0 
[BROOKLYN-280] add --skipSslChecks flag to work with self-signed certs

- defaults to `false`, ie existing behaviour
- setting the flag `--skipSslChecks` disables certificate chain and hostname verification (see `InsecureSkipVerify` in https://golang.org/pkg/crypto/tls/)
- persisted to `~/.brooklyn_cli`
- also bumped version to `0.10.0-SNAPSHOT`

```
bash-4.3$ br login https://10.10.10.100:8443/ admin password
Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown authority
bash-4.3$ br app
Get https://10.10.10.100:8443/v1/applications: x509: certificate signed by unknown authority

bash-4.3$ br --skipSslChecks login https://10.10.10.100:8443/ admin password
Connected to Brooklyn version 0.10.0-20160513.2042 at https://10.10.10.100:8443
bash-4.3$ br app
Id   Name   Status   Location
```
*Note*: I'd no apps running on this system so the empty table is ok, catalog returns as expected.

```json
{
    "auth": {
        "https://10.10.10.100:8443": {
            "password": "password",
            "username": "admin"
        }
    },
    "skipSslChecks": true,
    "target": "https://10.10.10.100:8443"
}
```
andreaturli pushed a commit to andreaturli/brooklyn-client that referenced this pull request Sep 9, 2016
@lloyddave
Merge pull request apache#21 from brooklyncentral/stop-start-restart
de86603 
Add stop, start and restart commands.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@johnmccabe @m4rkmckenna @geomacy @neykov @asfgit