This is an automated email from the ASF dual-hosted git repository.
rawlin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 8bdd0e7 Add flags to TV Riak util (#6361)
8bdd0e7 is described below
commit 8bdd0e7218d297644a6ed76ebbc09f5bc171a492
Author: Taylor Clayton Frey <[email protected]>
AuthorDate: Fri Nov 19 15:27:12 2021 -0700
Add flags to TV Riak util (#6361)
* Add flags to control TLS options for TV Riak util
* Change parameter name. Add CHANGELOG entry.
* Update doc reference
* Remove redundant server name
Co-authored-by: Taylor Frey <[email protected]>
---
CHANGELOG.md | 1 +
docs/source/tools/traffic_vault_util.rst | 6 +++++-
tools/traffic_vault_util.go | 10 +++++++---
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 002b7b4..4559b43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
- cache config t3c-apply retrying when another t3c-apply is running.
- IMS warnings to Content Invalidation requests in Traffic Portal and
documentation.
- [#6032](https://github.com/apache/trafficcontrol/issues/6032) Add t3c
setting mode 0600 for secure files
+- Traffic Vault: Added additional flag to TV Riak (Deprecated) Util
### Fixed
- [#6197](https://github.com/apache/trafficcontrol/issues/6197) - TO
`/deliveryservices/:id/routing` makes requests to all TRs instead of by CDN.
diff --git a/docs/source/tools/traffic_vault_util.rst
b/docs/source/tools/traffic_vault_util.rst
index 0ee3cc6..d6231cd 100644
--- a/docs/source/tools/traffic_vault_util.rst
+++ b/docs/source/tools/traffic_vault_util.rst
@@ -28,7 +28,7 @@ The ``traffic_vault_util`` tool - located at
:file:`tools/traffic_vault_util.go`
Usage
=====
-``traffic_vault_util [--dry_run] --vault_ip IP --vault_action ACTION
[--vault_user USER] [--vault_password PASSWD] [--vault_port PORT]``
+``traffic_vault_util [--dry_run] --vault_ip IP --vault_action ACTION
[--vault_user USER] [--vault_password PASSWD] [--vault_port PORT] [--insecure]``
.. option:: --dry_run
@@ -69,4 +69,8 @@ Usage
.. warning:: Although this flag is optional, the utility will not work
without it. It will try, but it will fail\ [1]_.
+.. option:: --insecure
+
+ An optional flag which, if given, specifies whether to utilize TLS
certificate checks when establishing a connection. Defaults to false.
+
.. [1] These problems are all tracked by `GitHub Issue #3261
<https://github.com/apache/trafficcontrol/issues/3261>`_.
diff --git a/tools/traffic_vault_util.go b/tools/traffic_vault_util.go
index 118a7d0..f25d082 100644
--- a/tools/traffic_vault_util.go
+++ b/tools/traffic_vault_util.go
@@ -37,10 +37,13 @@ var vault_user string
var vault_pass string
var vault_action string
var dry_run bool
+var insecure bool
+
+func connectToRiak(vault_ip string, vault_port uint, insecure bool)
*riak.Cluster {
-func connectToRiak(vault_ip string, vault_port uint) *riak.Cluster {
tlsConfig := tls.Config{
- InsecureSkipVerify: true,
+ ServerName: vault_ip,
+ InsecureSkipVerify: insecure,
}
authOptions := riak.AuthOptions{
@@ -216,6 +219,7 @@ func init() {
flag.StringVar(&vault_pass, "vault_password", "", "Riak Password")
flag.StringVar(&vault_action, "vault_action", "", "Action:
list_buckets|list_keys|list_values|convert_ssl_to_xmlid")
flag.BoolVar(&dry_run, "dry_run", false, "Do not perform writes")
+ flag.BoolVar(&insecure, "insecure", false, "Disable TLS certificate
checks when connecting to cluster. Defaults to false")
}
func main() {
@@ -230,7 +234,7 @@ func main() {
log.Fatal("Must provide Traffic Vault IP or host")
}
- cluster := connectToRiak(vault_ip, vault_port)
+ cluster := connectToRiak(vault_ip, vault_port, insecure)
defer func() {
if err := cluster.Stop(); err != nil {
log.Fatal(err.Error())
