From dd3edd95ae1573597296e4723a76ebabe90b62c1 Mon Sep 17 00:00:00 2001 From: Christopher Maahs Date: Thu, 27 May 2021 07:06:23 -0500 Subject: [PATCH] feat: add support to supply a CA cert for untrusted CA certs --- cmd/apply_cm-settings.go | 12 ++++++++++++ cmd/apply_database-cr.go | 12 ++++++++++++ cmd/apply_default-cr.go | 12 ++++++++++++ cmd/apply_image-tag.go | 12 ++++++++++++ cmd/apply_system-settings.go | 12 ++++++++++++ cmd/apply_vault-key.go | 12 ++++++++++++ cmd/auth.go | 11 +++++++++++ cmd/create_splice-database.go | 11 +++++++++++ cmd/delete.go | 11 +++++++++++ cmd/get_accounts.go | 11 +++++++++++ cmd/get_cm-settings.go | 11 +++++++++++ cmd/get_database-cr.go | 11 +++++++++++ cmd/get_database-status.go | 11 +++++++++++ cmd/get_default-cr.go | 12 ++++++++++++ cmd/get_image-tag.go | 11 +++++++++++ cmd/get_system-settings.go | 11 +++++++++++ cmd/get_vault-key.go | 11 +++++++++++ cmd/list_database.go | 11 +++++++++++ cmd/main.go | 27 +++++++++++++++++++++++++++ cmd/pause.go | 11 +++++++++++ cmd/restart_database.go | 11 +++++++++++ cmd/resume.go | 11 +++++++++++ cmd/rollback_cm-settings.go | 11 +++++++++++ cmd/rollback_database-cr.go | 11 +++++++++++ cmd/rollback_default-cr.go | 11 +++++++++++ cmd/rollback_system-settings.go | 11 +++++++++++ cmd/rollback_vault-key.go | 11 +++++++++++ cmd/version.go | 11 +++++++++++ cmd/versions_cm-settings.go | 11 +++++++++++ cmd/versions_database-cr.go | 11 +++++++++++ cmd/versions_default-cr.go | 11 +++++++++++ cmd/versions_system-settings.go | 11 +++++++++++ cmd/versions_vault-key.go | 11 +++++++++++ 33 files changed, 386 insertions(+) diff --git a/cmd/apply_cm-settings.go b/cmd/apply_cm-settings.go index 577c0ce..8661e6e 100644 --- a/cmd/apply_cm-settings.go +++ b/cmd/apply_cm-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io/ioutil" @@ -88,6 +90,16 @@ func displayApplyCmSettingsV1(in string) { func setCMSettings(comp string, in []byte) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } + uri := fmt.Sprintf("splicectl/v1/vault/cmsettings?component=%s", comp) resp, resperr := restClient.R(). SetHeader("X-Token-Bearer", authClient.GetTokenBearer()). diff --git a/cmd/apply_database-cr.go b/cmd/apply_database-cr.go index 06f1b1a..6734f36 100644 --- a/cmd/apply_database-cr.go +++ b/cmd/apply_database-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io/ioutil" @@ -105,6 +107,16 @@ func displayApplyDatabaseCRV2(in string) { func setDatabaseCR(dbname string, in []byte) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } + uri := fmt.Sprintf("splicectl/v1/vault/databasecr?database-name=%s", dbname) resp, resperr := restClient.R(). SetHeader("X-Token-Bearer", authClient.GetTokenBearer()). diff --git a/cmd/apply_default-cr.go b/cmd/apply_default-cr.go index 380d331..79ac90a 100644 --- a/cmd/apply_default-cr.go +++ b/cmd/apply_default-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io/ioutil" @@ -95,6 +97,16 @@ func displayApplyDefaultCRV2(in string) { func setDefaultCR(in []byte) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } + uri := "splicectl/v1/vault/defaultcr" resp, resperr := restClient.R(). SetHeader("X-Token-Bearer", authClient.GetTokenBearer()). diff --git a/cmd/apply_image-tag.go b/cmd/apply_image-tag.go index 52f3e8d..b88d7ba 100644 --- a/cmd/apply_image-tag.go +++ b/cmd/apply_image-tag.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" @@ -62,6 +64,16 @@ func displayApplyImageTagV1(in string) { func setDatabaseImageTag(componentName string, databaseName string, imageTag string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } + uri := fmt.Sprintf("splicectl/v1/splicedb/imagetag?component-name=%s&database-name=%s&tag=%s", componentName, databaseName, imageTag) resp, resperr := restClient.R(). diff --git a/cmd/apply_system-settings.go b/cmd/apply_system-settings.go index e54dd29..a88e90b 100644 --- a/cmd/apply_system-settings.go +++ b/cmd/apply_system-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io/ioutil" @@ -97,6 +99,16 @@ func displayApplySystemSettingsV2(in string) { func setSystemSettings(in []byte) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } + uri := "splicectl/v1/vault/systemsettings" resp, resperr := restClient.R(). SetHeader("X-Token-Bearer", authClient.GetTokenBearer()). diff --git a/cmd/apply_vault-key.go b/cmd/apply_vault-key.go index 83fb8f7..45174dd 100644 --- a/cmd/apply_vault-key.go +++ b/cmd/apply_vault-key.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io/ioutil" @@ -101,6 +103,16 @@ func displayApplyVaultKeyV2(in string) { func setVaultKeyData(keypath string, in []byte) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } + uri := fmt.Sprintf("splicectl/v1/vault/vaultkey?keypath=%s", keypath) resp, resperr := restClient.R(). SetHeader("X-Token-Bearer", authClient.GetTokenBearer()). diff --git a/cmd/auth.go b/cmd/auth.go index 512b32b..18744fe 100644 --- a/cmd/auth.go +++ b/cmd/auth.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" @@ -63,6 +65,15 @@ var authCmd = &cobra.Command{ func performAuth() (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/auth" resp, resperr := restClient.R(). diff --git a/cmd/create_splice-database.go b/cmd/create_splice-database.go index 00510c6..9aa4390 100644 --- a/cmd/create_splice-database.go +++ b/cmd/create_splice-database.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io/ioutil" @@ -221,6 +223,15 @@ func generateSkel(dbReq *objects.DatabaseRequest) { func createSpliceDatabase(dbReq *objects.DatabaseRequest, outputonly bool) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/splicedb/splicedatabase" diff --git a/cmd/delete.go b/cmd/delete.go index aacfcd7..a9e393e 100644 --- a/cmd/delete.go +++ b/cmd/delete.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -86,6 +88,15 @@ func getMatchingClusterID(db string) string { func deleteDatabase(cid string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/splicedb/splicedatabasedelete?database-name=%s", cid) diff --git a/cmd/get_accounts.go b/cmd/get_accounts.go index aaa314c..c4c6d72 100644 --- a/cmd/get_accounts.go +++ b/cmd/get_accounts.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -76,6 +78,15 @@ func displayGetAccountsV1(in string) { func getAccounts() (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/cm/accounts" resp, resperr := restClient.R(). diff --git a/cmd/get_cm-settings.go b/cmd/get_cm-settings.go index a31c959..2543e94 100644 --- a/cmd/get_cm-settings.go +++ b/cmd/get_cm-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -77,6 +79,15 @@ func displayGetCmSettingsV1(in string) { func getCMSettings(comp string, ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/cmsettings?component=%s&version=%d", comp, ver) resp, resperr := restClient.R(). diff --git a/cmd/get_database-cr.go b/cmd/get_database-cr.go index ceffdd2..7618d25 100644 --- a/cmd/get_database-cr.go +++ b/cmd/get_database-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -98,6 +100,15 @@ func displayGetDatabaseV2(in string, fp string) { func getDatabaseCR(dbname string, ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/databasecr?version=%d&database-name=%s", ver, dbname) resp, resperr := restClient.R(). diff --git a/cmd/get_database-status.go b/cmd/get_database-status.go index 282aa9c..388f8ff 100644 --- a/cmd/get_database-status.go +++ b/cmd/get_database-status.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" @@ -54,6 +56,15 @@ func displayGetDatabaseStatusV1(in string) { func getDatabaseStatusData(databaseName string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/splicedb/splicedatabasestatus?database-name=%s", databaseName) resp, resperr := restClient.R(). diff --git a/cmd/get_default-cr.go b/cmd/get_default-cr.go index 44f9910..218974f 100644 --- a/cmd/get_default-cr.go +++ b/cmd/get_default-cr.go @@ -2,6 +2,8 @@ package cmd import ( "bytes" + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -100,7 +102,17 @@ func displayGetDefaultCRV2(in string) { } func getDefaultCR(ver int) (string, error) { + restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/defaultcr?version=%d", ver) resp, resperr := restClient.R(). diff --git a/cmd/get_image-tag.go b/cmd/get_image-tag.go index 685d513..af9427d 100644 --- a/cmd/get_image-tag.go +++ b/cmd/get_image-tag.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -100,6 +102,15 @@ func displayGetImageTagV2(in string) { func getImageTagData(componenetName string, databaseName string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/splicedb/imagetag?component-name=%s&database-name=%s", componenetName, databaseName) resp, resperr := restClient.R(). diff --git a/cmd/get_system-settings.go b/cmd/get_system-settings.go index eeac12c..f71475d 100644 --- a/cmd/get_system-settings.go +++ b/cmd/get_system-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -86,6 +88,15 @@ func displayGetSystemSettingsV2(in string, dc bool) { func getSystemSettings(ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/systemsettings?version=%d", ver) resp, resperr := restClient.R(). diff --git a/cmd/get_vault-key.go b/cmd/get_vault-key.go index 863aa4b..2cd163e 100644 --- a/cmd/get_vault-key.go +++ b/cmd/get_vault-key.go @@ -2,6 +2,8 @@ package cmd import ( "bytes" + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -103,6 +105,15 @@ func displayGetVaultKeyV2(in string) { func getVaultKeyData(keypath string, ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/vaultkey?version=%d&keypath=%s", ver, keypath) resp, resperr := restClient.R(). diff --git a/cmd/list_database.go b/cmd/list_database.go index b0dfb2a..6bc53d4 100644 --- a/cmd/list_database.go +++ b/cmd/list_database.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -86,6 +88,15 @@ func displayListDatabaseV2(in string) { } func getDatabaseList() (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/splicedb/splicedatabase" resp, resperr := restClient.R(). diff --git a/cmd/main.go b/cmd/main.go index 1623cd6..31687dd 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -3,6 +3,7 @@ package cmd import ( "encoding/json" "fmt" + "io/ioutil" "os" "strings" @@ -32,6 +33,8 @@ var ( // var tokenValid bool var apiServer string var outputFormat string +var caCert string +var caBundle string var formatOverridden bool var noHeaders bool var authClient auth.Client @@ -48,6 +51,29 @@ database clusters under Kubernetes easier to manage.`, Args: cobra.MinimumNArgs(1), PersistentPreRun: func(cmd *cobra.Command, args []string) { + if len(caCert) > 0 { + if _, err := os.Stat(caCert); err != nil { + if os.IsNotExist(err) { + logrus.Info("Couldn't read the ca-file, please check the path") + os.Exit(1) + } + } + fileBytes, _ := ioutil.ReadFile(caCert) + caBundle = strings.TrimSpace(string(fileBytes[:])) + } else { + caCert = os.Getenv("SPLICECTL_CACERT") + if len(caCert) > 0 { + if _, err := os.Stat(caCert); err != nil { + if os.IsNotExist(err) { + logrus.Info("Couldn't read the ca-file, please check the path") + os.Exit(1) + } + } + } + fileBytes, _ := ioutil.ReadFile(caCert) + caBundle = strings.TrimSpace(string(fileBytes[:])) + } + apiServer = getIngressDetail() if len(serverURI) > 0 { apiServer = serverURI @@ -123,6 +149,7 @@ func init() { rootCmd.PersistentFlags().StringVar(&serverURI, "server-uri", "", "override the server uri for the API server http(s)://host.domain.name:overrideport") rootCmd.PersistentFlags().StringVarP(&outputFormat, "output", "o", "", "output types: json, text, yaml, gron") rootCmd.PersistentFlags().BoolVar(&noHeaders, "no-headers", false, "Suppress header output in Text output") + rootCmd.PersistentFlags().StringVar(&caCert, "cacert", "", "Specify a cacert file to use to authenticate the SSL certificate") } func initConfig() { diff --git a/cmd/pause.go b/cmd/pause.go index c8e9f9a..4ef0bb6 100644 --- a/cmd/pause.go +++ b/cmd/pause.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -83,6 +85,15 @@ func isDatabaseActive(db string) bool { func pauseDatabase(db string, msg string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/splicedb/splicedatabasepause" diff --git a/cmd/restart_database.go b/cmd/restart_database.go index 04cc8ac..36c16c5 100644 --- a/cmd/restart_database.go +++ b/cmd/restart_database.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -79,6 +81,15 @@ func displayRestartDatabaseV1(in string) { func restartDatabase(dbname string, force bool) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/splicedb/splicedatabaserestart?database-name=%s&force=%t", dbname, force) resp, resperr := restClient.R(). diff --git a/cmd/resume.go b/cmd/resume.go index 1aa854d..1c0ef9c 100644 --- a/cmd/resume.go +++ b/cmd/resume.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -83,6 +85,15 @@ func isDatabasePaused(db string) bool { func resumeDatabase(db string, msg string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/splicedb/splicedatabaseresume" diff --git a/cmd/rollback_cm-settings.go b/cmd/rollback_cm-settings.go index 1578116..6d1bc43 100644 --- a/cmd/rollback_cm-settings.go +++ b/cmd/rollback_cm-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -78,6 +80,15 @@ func displayRollbackCmSettingsV1(in string) { func rollbackCMSettings(comp string, ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/rollbackcmsettings?component=%s&version=%d", comp, ver) resp, resperr := restClient.R(). diff --git a/cmd/rollback_database-cr.go b/cmd/rollback_database-cr.go index 7407f9c..4a7dcde 100644 --- a/cmd/rollback_database-cr.go +++ b/cmd/rollback_database-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -93,6 +95,15 @@ func displayRollbackDatabaseCRV2(in string) { func rollbackDatabaseCR(dbname string, ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/rollbackdatabasecr?version=%d&database-name=%s", ver, dbname) resp, resperr := restClient.R(). diff --git a/cmd/rollback_default-cr.go b/cmd/rollback_default-cr.go index a37dbcf..31f5622 100644 --- a/cmd/rollback_default-cr.go +++ b/cmd/rollback_default-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -85,6 +87,15 @@ func displayRollbackDefaultCRV2(in string) { func rollbackDefaultCR(ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/rollbackdefaultcr?version=%d", ver) resp, resperr := restClient.R(). diff --git a/cmd/rollback_system-settings.go b/cmd/rollback_system-settings.go index fb432ce..0bb381d 100644 --- a/cmd/rollback_system-settings.go +++ b/cmd/rollback_system-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -85,6 +87,15 @@ func displayRollbackSystemSettingsV2(in string) { func rollbackSystemSettings(ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/rollbacksystemsettings?version=%d", ver) resp, resperr := restClient.R(). diff --git a/cmd/rollback_vault-key.go b/cmd/rollback_vault-key.go index a8a3481..66d75bb 100644 --- a/cmd/rollback_vault-key.go +++ b/cmd/rollback_vault-key.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "os" @@ -89,6 +91,15 @@ func displayRollbackVaultKeyV2(in string) { func rollbackVaultKeyData(keypath string, ver int) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/rollbackvaultkey?version=%d&keypath=%s", ver, keypath) resp, resperr := restClient.R(). diff --git a/cmd/version.go b/cmd/version.go index 7203b38..e5e9e25 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "strings" @@ -37,6 +39,15 @@ var versionCmd = &cobra.Command{ func getVersionInfo() (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl" resp, resperr := restClient.R(). diff --git a/cmd/versions_cm-settings.go b/cmd/versions_cm-settings.go index 687250b..eb1d9d4 100644 --- a/cmd/versions_cm-settings.go +++ b/cmd/versions_cm-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" "strings" @@ -76,6 +78,15 @@ func displayVersionsCmSettingsV1(in string) { func getCMSettingsVersions(comp string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/cmsettingsversions?component=%s", comp) resp, resperr := restClient.R(). diff --git a/cmd/versions_database-cr.go b/cmd/versions_database-cr.go index 4fc0b65..c9ce2e1 100644 --- a/cmd/versions_database-cr.go +++ b/cmd/versions_database-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" "strings" @@ -89,6 +91,15 @@ func displayVersionsDatabaseCRV2(in string) { func getDatabaseCRVersions(db string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/databasecrversions?database-name=%s", db) resp, resperr := restClient.R(). diff --git a/cmd/versions_default-cr.go b/cmd/versions_default-cr.go index 5d969db..85467be 100644 --- a/cmd/versions_default-cr.go +++ b/cmd/versions_default-cr.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" "strings" @@ -82,6 +84,15 @@ func displayVersionsDefaultCRV2(in string) { func getDefaultCRVersions() (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/vault/defaultcrversions" resp, resperr := restClient.R(). diff --git a/cmd/versions_system-settings.go b/cmd/versions_system-settings.go index 652b473..dd8f7c9 100644 --- a/cmd/versions_system-settings.go +++ b/cmd/versions_system-settings.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" "strings" @@ -81,6 +83,15 @@ func displayVersionsSystemSettingsV2(in string) { func getSystemSettingsVersions() (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := "splicectl/v1/vault/systemsettingsversions" resp, resperr := restClient.R(). diff --git a/cmd/versions_vault-key.go b/cmd/versions_vault-key.go index b7e677e..e260b04 100644 --- a/cmd/versions_vault-key.go +++ b/cmd/versions_vault-key.go @@ -1,6 +1,8 @@ package cmd import ( + "crypto/tls" + "crypto/x509" "fmt" "os" "strings" @@ -85,6 +87,15 @@ func displayVersionsVaultKeyV2(in string) { func getVaultKeyVersionData(keypath string) (string, error) { restClient := resty.New() + // Check if we've set a caBundle (via --ca-cert parameter) + if len(caBundle) > 0 { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(caBundle)) + if !ok { + logrus.Info("Failed to parse CABundle") + } + restClient.SetTLSClientConfig(&tls.Config{RootCAs: roots}) + } uri := fmt.Sprintf("splicectl/v1/vault/vaultkeyversions?keypath=%s", keypath) resp, resperr := restClient.R().