Skip to content
This repository has been archived by the owner on Aug 29, 2018. It is now read-only.

Commit

Permalink
Bug 1118712 and Bug 1118500 - makes global ssl options explicit on rh…
Browse files Browse the repository at this point in the history 
…c server commands
  • Loading branch information
@fabianofranz
fabianofranz committed Jul 12, 2014
1 parent 555a1d9 commit 0b7eee5
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 11 deletions.
12 changes: 6 additions & 6 deletions autocomplete/rhc_bash
View file
Expand Up @@ -86,7 +86,7 @@ _rhc()

"rhc add-server")
if [[ "$cur" == -* ]]; then
opts="--insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --use --use-authorization-tokens"
opts="--insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --ssl-ca-file --ssl-client-cert-file --ssl-version --timeout --use --use-authorization-tokens"
else
opts=""
fi
Expand Down Expand Up @@ -774,7 +774,7 @@ _rhc()

"rhc configure-server")
if [[ "$cur" == -* ]]; then
opts="--hostname --insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --use --use-authorization-tokens"
opts="--hostname --insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --ssl-ca-file --ssl-client-cert-file --ssl-version --timeout --use --use-authorization-tokens"
else
opts=""
fi
Expand Down Expand Up @@ -1518,15 +1518,15 @@ _rhc()

"rhc server add")
if [[ "$cur" == -* ]]; then
opts="--insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --use --use-authorization-tokens"
opts="--insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --ssl-ca-file --ssl-client-cert-file --ssl-version --timeout --use --use-authorization-tokens"
else
opts=""
fi
;;

"rhc server configure")
if [[ "$cur" == -* ]]; then
opts="--hostname --insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --use --use-authorization-tokens"
opts="--hostname --insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --ssl-ca-file --ssl-client-cert-file --ssl-version --timeout --use --use-authorization-tokens"
else
opts=""
fi
Expand Down Expand Up @@ -1574,15 +1574,15 @@ _rhc()

"rhc server-add")
if [[ "$cur" == -* ]]; then
opts="--insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --use --use-authorization-tokens"
opts="--insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --ssl-ca-file --ssl-client-cert-file --ssl-version --timeout --use --use-authorization-tokens"
else
opts=""
fi
;;

"rhc server-configure")
if [[ "$cur" == -* ]]; then
opts="--hostname --insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --use --use-authorization-tokens"
opts="--hostname --insecure --nickname --no-insecure --no-use-authorization-tokens --rhlogin --server --skip-wizard --ssl-ca-file --ssl-client-cert-file --ssl-version --timeout --use --use-authorization-tokens"
else
opts=""
fi
Expand Down
12 changes: 10 additions & 2 deletions lib/rhc/commands/server.rb
View file
Expand Up @@ -76,14 +76,18 @@ def status(server=nil)
When adding a new server users can optionally provide a 'nickname'
that will allow to easily switch between servers.
DESC
syntax "<hostname> [<nickname>] [--rhlogin LOGIN] [--[no-]use-authorization-tokens] [--[no-]insecure]"
syntax "<hostname> [<nickname>] [--rhlogin LOGIN] [--[no-]use-authorization-tokens] [--[no-]insecure] [--use] [--skip-wizard] [--timeout SECONDS] [--ssl-ca-file FILE] [--ssl-client-cert-file FILE] [--ssl-version VERSION]"
argument :hostname, "Hostname of the server you are adding", ["--server HOSTNAME"]
argument :nickname, "Optionally provide a nickname to the server you are adding (e.g. 'development', 'production', 'online')", ["--nickname NICKNAME"], :optional => true
option ["-l", "--rhlogin LOGIN"], "Change the default OpenShift login used on this server"
option ["--[no-]use-authorization-tokens"], "Server will attempt to create and use authorization tokens to connect to the server"
option ["--[no-]insecure"], "If true, certificate errors will be ignored"
option ["--use"], "If provided, the server being added will be set as default (same as 'rhc server use')"
option ["--skip-wizard"], "If provided, the wizard will be skipped and a session token will not be estabilished"
option ["--timeout SECONDS"], "The default timeout for operations on this server", :type => Integer
option ["--ssl-ca-file FILE"], "An SSL certificate CA file (may contain multiple certs) to be used on this server", :type => CertificateFile, :optional => true
option ["--ssl-client-cert-file FILE"], "An SSL x509 client certificate file to be used on this server", :type => CertificateFile, :optional => true
option ["--ssl-version VERSION"], "The version of SSL to use to be used on this server", :type => SSLVersion, :optional => true
def add(hostname, nickname)
raise ArgumentError, "The --use and --skip-wizard options cannot be used together." if options.use && options.skip_wizard

Expand Down Expand Up @@ -162,7 +166,7 @@ def remove(server)
end

summary "Update server attributes"
syntax "<server> [--hostname HOSTNAME] [--nickname NICKNAME] [--rhlogin LOGIN] [--[no-]use-authorization-tokens] [--[no-]insecure]"
syntax "<server> [--hostname HOSTNAME] [--nickname NICKNAME] [--rhlogin LOGIN] [--[no-]use-authorization-tokens] [--[no-]insecure] [--use] [--skip-wizard] [--timeout SECONDS] [--ssl-ca-file FILE] [--ssl-client-cert-file FILE] [--ssl-version VERSION]"
argument :server, "Server hostname or nickname to be configured", ["--server SERVER"]
option ["--hostname HOSTNAME"], "Change the hostname of this server"
option ["--nickname NICKNAME"], "Change the nickname of this server"
Expand All @@ -171,6 +175,10 @@ def remove(server)
option ["--[no-]insecure"], "If true, certificate errors will be ignored"
option ["--use"], "If provided, the server being configured will be set as default (same as 'rhc server use')"
option ["--skip-wizard"], "If provided, the wizard will be skipped and a session token will not be estabilished"
option ["--timeout SECONDS"], "The default timeout for operations on this server", :type => Integer
option ["--ssl-ca-file FILE"], "An SSL certificate CA file (may contain multiple certs) to be used on this server", :type => CertificateFile, :optional => true
option ["--ssl-client-cert-file FILE"], "An SSL x509 client certificate file to be used on this server", :type => CertificateFile, :optional => true
option ["--ssl-version VERSION"], "The version of SSL to use to be used on this server", :type => SSLVersion, :optional => true
def configure(server)
raise ArgumentError, "The --use and --skip-wizard options cannot be used together." if options.use && options.skip_wizard

Expand Down
7 changes: 6 additions & 1 deletion lib/rhc/helpers.rb
View file
Expand Up @@ -117,7 +117,7 @@ def user_agent
global_option '--raw', "Do not format the output from the requested operations.", :hide => true
global_option '--always-prefix', "Include the gear prefix on all output from the server.", :hide => true

OptionParser.accept(SSLVersion = Class.new){ |s| OpenSSL::SSL::SSLContext::METHODS.find{ |m| m.to_s.downcase == s.downcase } or raise OptionParser::InvalidOption.new(nil, "The provided SSL version '#{s}' is not valid. Supported values: #{OpenSSL::SSL::SSLContext::METHODS.map(&:to_s).map(&:downcase).join(', ')}") }
OptionParser.accept(SSLVersion = Class.new){ |s| parse_ssl_version(s) }
global_option '--ssl-version VERSION', SSLVersion, "The version of SSL to use", :hide => true do |value|
raise RHC::Exception, "You are using an older version of the httpclient gem which prevents the use of --ssl-version. Please run 'gem update httpclient' to install a newer version (2.2.6 or newer)." unless HTTPClient::SSLConfig.method_defined? :ssl_version
end
Expand Down Expand Up @@ -150,6 +150,8 @@ def user_agent
raise OptionParser::InvalidOption.new(nil, "The provided role '#{s}' is not valid. Supported values: #{ROLES.keys.join(', ')}")
end

OptionParser.accept(CertificateFile = Class.new) {|s| certificate_file(s); s}

def role_name(s)
ROLES[s.downcase]
end
Expand Down Expand Up @@ -209,6 +211,9 @@ def certificate_file(file)
raise OptionParser::InvalidOption.new(nil, "The certificate '#{file}' cannot be loaded: #{e.message} (#{e.class})")
end

def parse_ssl_version(version)
OpenSSL::SSL::SSLContext::METHODS.find{ |m| m.to_s.downcase == version.downcase } or raise OptionParser::InvalidOption.new(nil, "The provided SSL version '#{version}' is not valid. Supported values: #{OpenSSL::SSL::SSLContext::METHODS.map(&:to_s).map(&:downcase).join(', ')}") unless version.nil?
end

#
# Output helpers
Expand Down
4 changes: 2 additions & 2 deletions lib/rhc/servers.rb
View file
Expand Up @@ -23,7 +23,7 @@ def initialize(hostname, args={})
@use_authorization_tokens = RHC::Helpers.to_boolean(args[:use_authorization_tokens], true)
@insecure = RHC::Helpers.to_boolean(args[:insecure], true)
@timeout = Integer(args[:timeout]) if args[:timeout].present?
@ssl_version = args[:ssl_version]
@ssl_version = RHC::Helpers.parse_ssl_version(args[:ssl_version])
@ssl_client_cert_file = args[:ssl_client_cert_file]
@ssl_ca_file = args[:ssl_ca_file]
@default = args[:default]
Expand All @@ -42,7 +42,7 @@ def to_yaml_hash
instance_variables.each do |k|
h[k.to_s.delete('@')] = instance_variable_get(k)
end
end.reject{|k, v| v.nil? || k == 'default'}.inject({}){|h, (k, v)| h[k] = v.is_a?(String) ? v.to_s : v; h }
end.reject{|k, v| v.nil? || k == 'default'}.inject({}){|h, (k, v)| h[k] = v.is_a?(String) || v.is_a?(Symbol) ? v.to_s : v; h }
end

def to_config
Expand Down

0 comments on commit 0b7eee5

Please sign in to comment.