From ffe1fc4ad3a164ab1f2590f63b72ea019be8218c Mon Sep 17 00:00:00 2001 From: Ben McClelland Date: Mon, 8 Apr 2024 18:59:35 -0700 Subject: [PATCH] feat: optional disable cert check for admin cli actions Fixes #499. Allows running admin cli commands against servers with self signed certs. --- cmd/versitygw/admin.go | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/cmd/versitygw/admin.go b/cmd/versitygw/admin.go index 64e17d95..c7121650 100644 --- a/cmd/versitygw/admin.go +++ b/cmd/versitygw/admin.go @@ -17,6 +17,7 @@ package main import ( "bytes" "crypto/sha256" + "crypto/tls" "encoding/hex" "encoding/json" "fmt" @@ -37,6 +38,7 @@ var ( adminAccess string adminSecret string adminEndpoint string + allowInsecure bool ) func adminCommand() *cli.Command { @@ -154,10 +156,24 @@ func adminCommand() *cli.Command { Required: true, Destination: &adminEndpoint, }, + &cli.BoolFlag{ + Name: "allow-insecure", + Usage: "disable tls certificate verification for the admin endpoint", + EnvVars: []string{"ADMIN_ALLOW_INSECURE"}, + Aliases: []string{"ai"}, + Destination: &allowInsecure, + }, }, } } +func initHTTPClient() *http.Client { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: allowInsecure}, + } + return &http.Client{Transport: tr} +} + func createUser(ctx *cli.Context) error { access, secret, role := ctx.String("access"), ctx.String("secret"), ctx.String("role") userID, groupID, projectID := ctx.Int("user-id"), ctx.Int("group-id"), ctx.Int("projectID") @@ -199,7 +215,7 @@ func createUser(ctx *cli.Context) error { return fmt.Errorf("failed to sign the request: %w", err) } - client := http.Client{} + client := initHTTPClient() resp, err := client.Do(req) if err != nil { @@ -244,7 +260,7 @@ func deleteUser(ctx *cli.Context) error { return fmt.Errorf("failed to sign the request: %w", err) } - client := http.Client{} + client := initHTTPClient() resp, err := client.Do(req) if err != nil { @@ -284,7 +300,7 @@ func listUsers(ctx *cli.Context) error { return fmt.Errorf("failed to sign the request: %w", err) } - client := http.Client{} + client := initHTTPClient() resp, err := client.Do(req) if err != nil { @@ -399,7 +415,7 @@ func listBuckets(ctx *cli.Context) error { return fmt.Errorf("failed to sign the request: %w", err) } - client := http.Client{} + client := initHTTPClient() resp, err := client.Do(req) if err != nil {