Skip ssl validation if the option is already provided

cloudfoundry · Dec 13, 2023 · 2e6fd42 · 2e6fd42
1 parent 5b43ea2
commit 2e6fd42
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 20 deletions.
diff --git a/clients/cfrestclient/rest_cloud_foundry_client_extended.go b/clients/cfrestclient/rest_cloud_foundry_client_extended.go
@@ -1,25 +1,34 @@
 package cfrestclient
 
 import (
-	"code.cloudfoundry.org/cli/plugin"
-	"code.cloudfoundry.org/jsonry"
 	"crypto/md5"
+	"crypto/tls"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/models"
 	"io"
 	"net/http"
+
+	"code.cloudfoundry.org/cli/plugin"
+	"code.cloudfoundry.org/jsonry"
+	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/models"
+	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/log"
 )
 
 const cfBaseUrl = "v3/"
 
 type CloudFoundryRestClient struct {
-	cliConn plugin.CliConnection
+	cliConn       plugin.CliConnection
+	isSslDisabled bool
 }
 
 func NewCloudFoundryRestClient(cliConn plugin.CliConnection) CloudFoundryOperationsExtended {
-	return &CloudFoundryRestClient{cliConn}
+	isSslDisabled, err := cliConn.IsSSLDisabled()
+	if err != nil {
+		log.Tracef("Error while determining skip-ssl-validation: %v", err)
+		isSslDisabled = false
+	}
+	return &CloudFoundryRestClient{cliConn, isSslDisabled}
 }
 
 func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid string) ([]models.CloudFoundryApplication, error) {
@@ -31,6 +40,7 @@ func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid s
 	mtaIdHash := md5.Sum([]byte(mtaId))
 	mtaIdHashStr := hex.EncodeToString(mtaIdHash[:])
 
+<<<<<<< HEAD
 	getAppsUrl := fmt.Sprintf("%s/%sapps?space_guids=%s&label_selector=mta_id=%s", apiEndpoint, cfBaseUrl, spaceGuid, mtaIdHashStr)
 	if mtaNamespace != "" {
 		namespaceHash := md5.Sum([]byte(mtaNamespace))
@@ -40,6 +50,10 @@ func (c CloudFoundryRestClient) GetApplications(mtaId, mtaNamespace, spaceGuid s
 		getAppsUrl = fmt.Sprintf("%s,!mta_namespace", getAppsUrl)
 	}
 	return getPaginatedResources[models.CloudFoundryApplication](getAppsUrl, token)
+=======
+	getAppsUrl := fmt.Sprintf("%s/%sapps?label_selector=mta_id=%s&space_guids=%s", apiEndpoint, cfBaseUrl, mtaIdHashStr, spaceGuid)
+	return getPaginatedResources[models.CloudFoundryApplication](getAppsUrl, token, c.isSslDisabled)
+>>>>>>> 4f2f36f (Skip ssl validation if the option is already provided)
 }
 
 func (c CloudFoundryRestClient) GetAppProcessStatistics(appGuid string) ([]models.ApplicationProcessStatistics, error) {
@@ -50,7 +64,7 @@ func (c CloudFoundryRestClient) GetAppProcessStatistics(appGuid string) ([]model
 	apiEndpoint, _ := c.cliConn.ApiEndpoint()
 
 	getAppProcessStatsUrl := fmt.Sprintf("%s/%sapps/%s/processes/web/stats", apiEndpoint, cfBaseUrl, appGuid)
-	body, err := executeRequest(getAppProcessStatsUrl, token)
+	body, err := executeRequest(getAppProcessStatsUrl, token, c.isSslDisabled)
 	if err != nil {
 		return nil, err
 	}
@@ -69,7 +83,7 @@ func (c CloudFoundryRestClient) GetApplicationRoutes(appGuid string) ([]models.A
 	apiEndpoint, _ := c.cliConn.ApiEndpoint()
 
 	getAppRoutesUrl := fmt.Sprintf("%s/%sapps/%s/routes", apiEndpoint, cfBaseUrl, appGuid)
-	return getPaginatedResources[models.ApplicationRoute](getAppRoutesUrl, token)
+	return getPaginatedResources[models.ApplicationRoute](getAppRoutesUrl, token, c.isSslDisabled)
 }
 
 func (c CloudFoundryRestClient) GetServiceInstances(mtaId, mtaNamespace, spaceGuid string) ([]models.CloudFoundryServiceInstance, error) {
@@ -101,13 +115,13 @@ func (c CloudFoundryRestClient) GetServiceBindings(serviceName string) ([]models
 	apiEndpoint, _ := c.cliConn.ApiEndpoint()
 
 	getServiceBindingsUrl := fmt.Sprintf("%s/%sservice_credential_bindings?type=app&include=app&service_instance_names=%s", apiEndpoint, cfBaseUrl, serviceName)
-	return getPaginatedResourcesWithIncluded(getServiceBindingsUrl, token, buildServiceBinding)
+	return getPaginatedResourcesWithIncluded(getServiceBindingsUrl, token, c.isSslDisabled, buildServiceBinding)
 }
 
-func getPaginatedResources[T any](url, token string) ([]T, error) {
+func getPaginatedResources[T any](url, token string, isSslDisabled bool) ([]T, error) {
 	var result []T
 	for url != "" {
-		body, err := executeRequest(url, token)
+		body, err := executeRequest(url, token, isSslDisabled)
 		if err != nil {
 			return nil, err
 		}
@@ -124,10 +138,10 @@ func getPaginatedResources[T any](url, token string) ([]T, error) {
 	return result, nil
 }
 
-func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, auxiliaryContentHandler func(T, Auxiliary) T) ([]T, error) {
+func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string, isSslDisabled bool, auxiliaryContentHandler func(T, Auxiliary) T) ([]T, error) {
 	var result []T
 	for url != "" {
-		body, err := executeRequest(url, token)
+		body, err := executeRequest(url, token, isSslDisabled)
 		if err != nil {
 			return nil, err
 		}
@@ -144,11 +158,14 @@ func getPaginatedResourcesWithIncluded[T any, Auxiliary any](url, token string,
 	return result, nil
 }
 
-func executeRequest(url, token string) ([]byte, error) {
+func executeRequest(url, token string, isSslDisabled bool) ([]byte, error) {
 	req, _ := http.NewRequest(http.MethodGet, url, nil)
 	req.Header.Add("Authorization", token)
-
-	resp, err := http.DefaultClient.Do(req)
+	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
+	httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: isSslDisabled}
+	client := http.DefaultClient
+	client.Transport = httpTransport
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}

diff --git a/clients/csrf/csrf_token_manager_test.go b/clients/csrf/csrf_token_manager_test.go
@@ -1,11 +1,12 @@
 package csrf
 
 import (
+	"net/http"
+	"time"
+
 	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/fakes"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
-	"net/http"
-	"time"
 )
 
 const csrfTokenNotSet = ""

diff --git a/commands/base_command.go b/commands/base_command.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"io"
@@ -59,7 +60,12 @@ type BaseCommand struct {
 // Initialize initializes the command with the specified name and CLI connection
 func (c *BaseCommand) Initialize(name string, cliConnection plugin.CliConnection) {
 	log.Tracef("Initializing command %q\n", name)
-	transport := newTransport()
+	isSslDisabled, err := cliConnection.IsSSLDisabled()
+	if err != nil {
+		log.Tracef("Error while determining skip-ssl-validation: %v", err)
+		isSslDisabled = false
+	}
+	transport := newTransport(isSslDisabled)
 	tokenFactory := NewDefaultTokenFactory(cliConnection)
 	c.InitializeAll(name, cliConnection, transport, clients.NewDefaultClientFactory(), tokenFactory, util.NewDeployServiceURLCalculator(cliConnection))
 }
@@ -264,11 +270,12 @@ func (c *BaseCommand) shouldAbortConflictingOperation(mtaID string, force bool)
 		terminal.EntityNameColor(mtaID))
 }
 
-func newTransport() http.RoundTripper {
+func newTransport(isSslDisabled bool) http.RoundTripper {
 	csrfx := csrf.CsrfTokenHelper{NonProtectedMethods: getNonProtectedMethods()}
-	httpTransport := http.DefaultTransport.(*http.Transport)
+	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	// Increase tls handshake timeout to cope with slow internet connections. 3 x default value =30s.
 	httpTransport.TLSHandshakeTimeout = 30 * time.Second
+	httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: isSslDisabled}
 	return &csrf.Transport{Delegate: httpTransport, Csrf: &csrfx}
 }