From 8c3857948e6311b57a53cc29a0dff6d2357621df Mon Sep 17 00:00:00 2001 From: IvanBorislavovDimitrov Date: Mon, 11 Dec 2023 15:35:48 +0200 Subject: [PATCH] Skip ssl validation if the option is already provided --- .../rest_cloud_foundry_client_extended.go | 38 ++++++++++++------- commands/base_command.go | 11 +++++- 2 files changed, 34 insertions(+), 15 deletions(-) diff --git a/clients/cfrestclient/rest_cloud_foundry_client_extended.go b/clients/cfrestclient/rest_cloud_foundry_client_extended.go index a13f3bf..7a6cc42 100644 --- a/clients/cfrestclient/rest_cloud_foundry_client_extended.go +++ b/clients/cfrestclient/rest_cloud_foundry_client_extended.go @@ -2,6 +2,7 @@ package cfrestclient import ( "crypto/md5" + "crypto/tls" "encoding/hex" "encoding/json" "fmt" @@ -11,16 +12,23 @@ import ( "code.cloudfoundry.org/cli/plugin" "code.cloudfoundry.org/jsonry" "github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/models" + "github.com/cloudfoundry-incubator/multiapps-cli-plugin/log" ) const cfBaseUrl = "v3/" type CloudFoundryRestClient struct { - cliConn plugin.CliConnection + cliConn plugin.CliConnection + isSslDisabled bool } func NewCloudFoundryRestClient(cliConn plugin.CliConnection) CloudFoundryOperationsExtended { - return &CloudFoundryRestClient{cliConn} + isSslDisabled, err := cliConn.IsSSLDisabled() + if err != nil { + log.Tracef("Error while determining skip-ssl-validation: %v", err) + isSslDisabled = false + } + return &CloudFoundryRestClient{cliConn, isSslDisabled} } func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid string) ([]models.CloudFoundryApplication, error) { @@ -40,7 +48,7 @@ func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid s } else { getAppsUrl = fmt.Sprintf("%s,!mta_namespace", getAppsUrl) } - return getPaginatedResources[models.CloudFoundryApplication](getAppsUrl, token) + return getPaginatedResources[models.CloudFoundryApplication](getAppsUrl, token, c.isSslDisabled) } func (c CloudFoundryRestClient) GetAppProcessStatistics(appGuid string) ([]models.ApplicationProcessStatistics, error) { @@ -51,7 +59,7 @@ func (c CloudFoundryRestClient) GetAppProcessStatistics(appGuid string) ([]model apiEndpoint, _ := c.cliConn.ApiEndpoint() getAppProcessStatsUrl := fmt.Sprintf("%s/%sapps/%s/processes/web/stats", apiEndpoint, cfBaseUrl, appGuid) - body, err := executeRequest(getAppProcessStatsUrl, token) + body, err := executeRequest(getAppProcessStatsUrl, token, c.isSslDisabled) if err != nil { return nil, err } @@ -70,7 +78,7 @@ func (c CloudFoundryRestClient) GetApplicationRoutes(appGuid string) ([]models.A apiEndpoint, _ := c.cliConn.ApiEndpoint() getAppRoutesUrl := fmt.Sprintf("%s/%sapps/%s/routes", apiEndpoint, cfBaseUrl, appGuid) - return getPaginatedResources[models.ApplicationRoute](getAppRoutesUrl, token) + return getPaginatedResources[models.ApplicationRoute](getAppRoutesUrl, token, c.isSslDisabled) } func (c CloudFoundryRestClient) GetServiceInstances(mtaId, mtaNamespace, spaceGuid string) ([]models.CloudFoundryServiceInstance, error) { @@ -91,7 +99,7 @@ func (c CloudFoundryRestClient) GetServiceInstances(mtaId, mtaNamespace, spaceGu } else { getServicesUrl = fmt.Sprintf("%s,!mta_namespace", getServicesUrl) } - return getPaginatedResourcesWithIncluded(getServicesUrl, token, buildServiceInstance) + return getPaginatedResourcesWithIncluded(getServicesUrl, token, c.isSslDisabled, buildServiceInstance) } func (c CloudFoundryRestClient) GetServiceBindings(serviceName string) ([]models.ServiceBinding, error) { @@ -102,13 +110,13 @@ func (c CloudFoundryRestClient) GetServiceBindings(serviceName string) ([]models apiEndpoint, _ := c.cliConn.ApiEndpoint() getServiceBindingsUrl := fmt.Sprintf("%s/%sservice_credential_bindings?type=app&include=app&service_instance_names=%s", apiEndpoint, cfBaseUrl, serviceName) - return getPaginatedResourcesWithIncluded(getServiceBindingsUrl, token, buildServiceBinding) + return getPaginatedResourcesWithIncluded(getServiceBindingsUrl, token, c.isSslDisabled, buildServiceBinding) } -func getPaginatedResources[T any](url, token string) ([]T, error) { +func getPaginatedResources[T any](url, token string, isSslDisabled bool) ([]T, error) { var result []T for url != "" { - body, err := executeRequest(url, token) + body, err := executeRequest(url, token, isSslDisabled) if err != nil { return nil, err } @@ -125,10 +133,10 @@ func getPaginatedResources[T any](url, token string) ([]T, error) { return result, nil } -func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, auxiliaryContentHandler func(T, Auxiliary) T) ([]T, error) { +func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, isSslDisabled bool, auxiliaryContentHandler func(T, Auxiliary) T) ([]T, error) { var result []T for url != "" { - body, err := executeRequest(url, token) + body, err := executeRequest(url, token, isSslDisabled) if err != nil { return nil, err } @@ -145,10 +153,14 @@ func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, return result, nil } -func executeRequest(url, token string) ([]byte, error) { +func executeRequest(url, token string, isSslDisabled bool) ([]byte, error) { req, _ := http.NewRequest(http.MethodGet, url, nil) req.Header.Add("Authorization", token) - resp, err := http.DefaultClient.Do(req) + httpTransport := http.DefaultTransport.(*http.Transport).Clone() + httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: isSslDisabled} + client := http.DefaultClient + client.Transport = httpTransport + resp, err := client.Do(req) if err != nil { return nil, err } diff --git a/commands/base_command.go b/commands/base_command.go index 872cbba..78f3203 100644 --- a/commands/base_command.go +++ b/commands/base_command.go @@ -1,6 +1,7 @@ package commands import ( + "crypto/tls" "flag" "fmt" "io" @@ -59,7 +60,12 @@ type BaseCommand struct { // Initialize initializes the command with the specified name and CLI connection func (c *BaseCommand) Initialize(name string, cliConnection plugin.CliConnection) { log.Tracef("Initializing command %q\n", name) - transport := newTransport() + isSslDisabled, err := cliConnection.IsSSLDisabled() + if err != nil { + log.Tracef("Error while determining skip-ssl-validation: %v", err) + isSslDisabled = false + } + transport := newTransport(isSslDisabled) tokenFactory := NewDefaultTokenFactory(cliConnection) c.InitializeAll(name, cliConnection, transport, clients.NewDefaultClientFactory(), tokenFactory, util.NewDeployServiceURLCalculator(cliConnection)) } @@ -264,11 +270,12 @@ func (c *BaseCommand) shouldAbortConflictingOperation(mtaID string, force bool) terminal.EntityNameColor(mtaID)) } -func newTransport() http.RoundTripper { +func newTransport(isSslDisabled bool) http.RoundTripper { csrfx := csrf.CsrfTokenHelper{NonProtectedMethods: getNonProtectedMethods()} httpTransport := http.DefaultTransport.(*http.Transport).Clone() // Increase tls handshake timeout to cope with slow internet connections. 3 x default value =30s. httpTransport.TLSHandshakeTimeout = 30 * time.Second + httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: isSslDisabled} return &csrf.Transport{Delegate: httpTransport, Csrf: &csrfx} }