Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ca_file for http client in curl mode #130

Merged
merged 2 commits into from
Nov 21, 2023
Merged

Support ca_file for http client in curl mode #130

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5b82609
Support ca_file for http client in curl mode
strehle Nov 18, 2023
26a6d08
Merge branch 'main' of github.com:cloudfoundry/cf-uaac into issue/128…
strehle Nov 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion lib/uaa/cli/curl.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,10 @@ class CurlCli < CommonCli
define_option :data, "-d", "--data <data>", "data included in request body"
define_option :header, "-H", "--header <header>", "header to be included in the request"
define_option :insecure, "-k", "--insecure", "makes request without verifying SSL certificates"
define_option :cacert, "-C", "--cacert <ca_file>", "CA certificate to verify peer against"
strehle marked this conversation as resolved.
Show resolved Hide resolved
define_option :bodyonly, "-b", "--bodyonly", "show body only in response"

desc "curl [path]", "CURL to a UAA endpoint", :request, :data, :header, :insecure , :bodyonly do |path|
desc "curl [path]", "CURL to a UAA endpoint", :request, :data, :header, :insecure , :bodyonly, :cacert do |path|
return say_command_help(["curl"]) unless path

uri = parse_uri(path)
Expand Down Expand Up @@ -65,6 +66,9 @@ def make_request(uri, options)
http.use_ssl = true
if options[:insecure]
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
elsif options[:cacert]
http.ca_file = File.expand_path(options[:cacert])
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
end
end
request_class = Net::HTTP.const_get("#{options[:request][0]}#{options[:request][1..-1].downcase}")
Expand Down
15 changes: 15 additions & 0 deletions spec/curl_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ module CF::UAA
Cli.output.string.should include "-d | --data <data>"
Cli.output.string.should include "-k | --insecure"
Cli.output.string.should include "-b | --bodyonly"
Cli.output.string.should include "-C | --cacert"
end

it "hits the URL on the UAA target" do
Expand Down Expand Up @@ -108,5 +109,19 @@ module CF::UAA
Cli.output.string.should_not include "ECONNRESET"
Cli.output.string.should include "200 OK"
end

it "makes insecure requests without the -k flag" do
Cli.run("curl https://example.com/")

Cli.output.string.should_not include "ECONNRESET"
Cli.output.string.should include "200 OK"
end

it "makes requests using invalid custom ca cert file with the -C flag" do
Cli.run("curl https://example.com/ -C ca.pem")

Cli.output.string.should_not include "200 OK"
Cli.output.string.should include "SSLError"
end
end
end