Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revise using of rejectUnauthorized #16906

Closed
mmorhun opened this issue May 13, 2020 · 2 comments
Closed

Revise using of rejectUnauthorized #16906

mmorhun opened this issue May 13, 2020 · 2 comments
Labels
area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.

Comments

@mmorhun
Copy link
Contributor

mmorhun commented May 13, 2020

Is your task related to a problem? Please describe.

At the moment in chectl we use rejectUnauthorized: false option when AxiosInstance makes requests to Che API.

Describe the solution you'd like

Current approach works fine, but the right way is to use specific CA certificate for such requests.
We've implemented retrieving of Che self-signed CA certificate which can be used to get the cert and pass to Axis to be able to connect to Che API without rejectUnauthorized: fasle option.
However, retrieving the cert each time chectl is run will add a few seconds to command execution time (at this point we need to make sure, that self-signed certificate is using, which could be done by checking for self-signed-certificate secret in Che's namespace). To reduce this time we may try to cache the cert in tmp directory (it will not bring a security risk as we export only public part of Che root CA certificate).
@mmorhun mmorhun added kind/task Internal things, technical debt, and to-do tasks to be performed. area/chectl Issues related to chectl, the CLI of Che labels May 13, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label May 13, 2020
@mmorhun mmorhun mentioned this issue May 13, 2020
Closed
@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels May 13, 2020
@tolusha tolusha mentioned this issue May 22, 2020
Closed
56 tasks
@nickboldt nickboldt added this to the 7.15 milestone May 26, 2020
@tolusha tolusha modified the milestones: 7.15, Backlog - Deploy May 27, 2020
@tolusha
Copy link
Contributor

tolusha commented May 28, 2020

Add some preflight chekcs, if cert is not valid, ask user to trust the server.

@tolusha tolusha mentioned this issue Jun 1, 2020
Closed
34 tasks
@tolusha tolusha modified the milestones: Backlog - Deploy, 7.15 Jun 3, 2020
@mmorhun mmorhun mentioned this issue Jun 23, 2020
Closed
14 tasks
@tolusha tolusha removed this from the 7.15 milestone Jun 30, 2020
@tolusha tolusha added this to the Backlog - Deploy milestone Sep 29, 2020
@tolusha tolusha removed this from the Backlog - Deploy milestone Oct 21, 2020
@tolusha tolusha modified the milestone: 7.23 Nov 10, 2020
@tolusha tolusha modified the milestone: 7.24 Dec 2, 2020
@tolusha tolusha modified the milestones: 7.28, 7.29 Feb 24, 2021
@tolusha tolusha removed this from the 7.29 milestone Mar 16, 2021
@tolusha tolusha mentioned this issue Jul 7, 2021
Closed
24 tasks
@tolusha tolusha added this to the 7.34 milestone Jul 8, 2021
@tolusha tolusha removed this from the 7.34 milestone Jul 23, 2021
@tolusha
Copy link
Contributor

tolusha commented Jul 23, 2021

Having [1] and [2] the necessity of this issue is quite low.
So I've decided not to spend time on this.

[1] #20010
[2] #19182

@tolusha tolusha closed this as completed Jul 23, 2021
@tolusha tolusha mentioned this issue Jul 26, 2021
Closed
31 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickboldt @tolusha @mmorhun @che-bot