cacert and insecure for 0.1.1 (#36)

conduktor · Apr 30, 2024 · a21ef08 · a21ef08
1 parent 06aba51
commit a21ef08
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 20 deletions.
diff --git a/client/client.go b/client/client.go
@@ -18,7 +18,7 @@ type Client struct {
 	client  *resty.Client
 }
 
-func Make(token string, baseUrl string, debug bool, key, cert string) (*Client, error) {
+func Make(token string, baseUrl string, debug bool, key, cert, cacert string, insecure bool) (*Client, error) {
 	restyClient := resty.New().SetDebug(debug).SetHeader("Authorization", "Bearer "+token)
 	if (key == "" && cert != "") || (key != "" && cert == "") {
 		return nil, fmt.Errorf("key and cert must be provided together")
@@ -29,12 +29,21 @@ func Make(token string, baseUrl string, debug bool, key, cert string) (*Client,
 			return nil, err
 		}
 	}
+	if cacert != "" {
+		restyClient.SetRootCertificate(cacert)
+	}
 
-	return &Client{
+	result := &Client{
 		token:   token,
 		baseUrl: baseUrl,
 		client:  restyClient,
-	}, nil
+	}
+
+	if insecure {
+		result.IgnoreUntrustedCertificate()
+	}
+
+	return result, nil
 }
 
 func MakeFromEnv() *Client {
@@ -51,16 +60,14 @@ func MakeFromEnv() *Client {
 	debug := strings.ToLower(os.Getenv("CDK_DEBUG")) == "true"
 	key := os.Getenv("CDK_KEY")
 	cert := os.Getenv("CDK_CERT")
+	cacert := os.Getenv("CDK_CACERT")
+	insecure := strings.ToLower(os.Getenv("CDK_INSECURE")) == "true"
 
-	client, err := Make(token, baseUrl, debug, key, cert)
+	client, err := Make(token, baseUrl, debug, key, cert, cacert, insecure)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Cannot create client: %s", err)
 		os.Exit(3)
 	}
-	insecure := strings.ToLower(os.Getenv("CDK_INSECURE")) == "true"
-	if insecure {
-		client.IgnoreUntrustedCertificate()
-	}
 	return client
 }
 

diff --git a/client/client_test.go b/client/client_test.go
@@ -11,7 +11,7 @@ func TestApplyShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -49,7 +49,7 @@ func TestApplyWithDryModeShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -87,7 +87,7 @@ func TestApplyShouldFailIfNo2xx(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -125,7 +125,7 @@ func TestGetShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -155,7 +155,7 @@ func TestGetShouldApplyCaseTransformation(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -185,7 +185,7 @@ func TestGetShouldKeepCase(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -216,7 +216,7 @@ func TestGetShouldFailIfN2xx(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -246,7 +246,7 @@ func TestDescribeShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -276,7 +276,7 @@ func TestDescribeShouldFailIfNo2xx(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl/api"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -306,7 +306,7 @@ func TestDeleteShouldWork(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}
@@ -335,7 +335,7 @@ func TestDeleteShouldFailOnNot2XX(t *testing.T) {
 	defer httpmock.Reset()
 	baseUrl := "http://baseUrl"
 	token := "aToken"
-	client, err := Make(token, baseUrl, false, "", "")
+	client, err := Make(token, baseUrl, false, "", "", "", false)
 	if err != nil {
 		panic(err)
 	}

diff --git a/cmd/root.go b/cmd/root.go
@@ -23,7 +23,7 @@ var rootCmd = &cobra.Command{
 	Short: "Command line tools for conduktor",
 	Long: `You need to define the CDK_TOKEN and CDK_BASE_URL environment variables to use this tool.
 You can also use the CDK_KEY,CDK_CERT instead of --key and --cert flags to use a certificate for tls authentication.
-If you have an untrusted certificate you can use the CDK_INSECURE=true variable to disable tls verification`,
+If you have an untrusted certificate you can use the CDK_INSECURE=true or CDK_CACERT variable to disable tls verification`,
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		if *debug {
 			apiClient.ActivateDebug()