Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support to supply a CA cert for untrusted CA certs #7

Merged
merged 2 commits into from
Jun 21, 2021
Merged

feat: add support to supply a CA cert for untrusted CA certs #7

merged 2 commits into from
Jun 21, 2021

Conversation

splicemaahs
Copy link
Contributor

@splicemaahs splicemaahs commented May 27, 2021
edited
Loading

Description

Provide a mechanism to supply a CA certificate to use in validation of the SSL endpoint for splicectl-api. This allows use of self-signed certs or certs that are signed by an untrusted CA.

The primary work is done in main.go. Reading from --cacert and SPLICECTL_CACERT. The rest of the edits are all the same, consuming the caBundle set in main.go and passing it to the goresty object.

Motivation and Context

In many on-prem installation we may not have a CA issued for POC and need a way to handle self-signed certificates.

Dependencies

How Has This Been Tested?

The functionality remains exactly the same if --cacert or export SPLICECTL_CACERT= are not specified or set.

Screenshots (if appropriate)

Checklist

If the pull request includes user-facing changes, extra documentation is required:

  • If the change is user facing, please ensure you add info in one of the Changelog Inclusions sections.

Changelog Inclusions

Additions

  • added --cacert /path/to/cert.crt to pass in a certificate used as the CA to validate SSL connections
  • added support to read from SPLICECTL_CACERT=/path/to/cert.crt to auto-set the --cacert option.

Changes

Fixes

Deprecated

Removed

Breaking Changes

@splicemaahs splicemaahs merged commit 2ddf486 into main Jun 21, 2021
@splicemaahs splicemaahs deleted the DBAAS-5635/cafile branch June 21, 2021 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skolobov skolobov skolobov approved these changes

@Ben-Epstein Ben-Epstein Awaiting requested review from Ben-Epstein Ben-Epstein is a code owner

@bklo94 bklo94 Awaiting requested review from bklo94 bklo94 is a code owner

@edriggers edriggers Awaiting requested review from edriggers

@jramineni jramineni Awaiting requested review from jramineni jramineni is a code owner

@juanvisoler juanvisoler Awaiting requested review from juanvisoler juanvisoler is a code owner

@voron voron Awaiting requested review from voron voron is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@splicemaahs @skolobov