This is an automated email from the ASF dual-hosted git repository.
dubeejw pushed a commit to branch revert-39-add-certificate-support
in repository
https://gitbox.apache.org/repos/asf/incubator-openwhisk-client-go.git
commit 964f5d171926850eda4417565616dbd31eaec703
Author: James Dubee <jwdu...@us.ibm.com>
AuthorDate: Mon Oct 16 13:00:57 2017 -0400
Revert "Add the support of certificate checking for secure mode (#39)"
This reverts commit cef179c81f07f86413c720623995c17bd1bddd7d.
---
whisk/client.go | 66 ++++++++++++++--------------------------
whisk/client_test.go | 59 +++++------------------------------
whisk/testUtils.go | 42 -------------------------
whisk/wskprops_test.go | 22 +++++++++++++-
wski18n/i18n_resources.go | 22 +++++++-------
wski18n/resources/en_US.all.json | 8 -----
6 files changed, 61 insertions(+), 158 deletions(-)
diff --git a/whisk/client.go b/whisk/client.go
index 8dfc454..aea23ec 100644
--- a/whisk/client.go
+++ b/whisk/client.go
@@ -113,6 +113,28 @@ func NewClient(httpClient *http.Client, config_input
*Config) (*Client, error) {
}
}
+ // Disable certificate checking in the dev environment if in insecure mode
+ if config.Insecure {
+ Debug(DbgInfo, "Disabling certificate checking.\n")
+ var tlsConfig *tls.Config
+ if config.Cert != "" && config.Key != "" {
+ if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err
== nil {
+ tlsConfig = &tls.Config{
+ Certificates: []tls.Certificate{cert},
+ InsecureSkipVerify: true,
+ }
+ }
+ }else{
+ tlsConfig = &tls.Config{
+ InsecureSkipVerify: true,
+ }
+ }
+
+ httpClient.Transport = &http.Transport{
+ TLSClientConfig: tlsConfig,
+ }
+ }
+
var err error
var errStr = ""
if len(config.Host) == 0 {
@@ -131,46 +153,6 @@ func NewClient(httpClient *http.Client, config_input
*Config) (*Client, error) {
return nil, werr
}
- var tlsConfig *tls.Config
- // Disable certificate checking in the environment for insecure mode
- if config.Insecure {
- Debug(DbgInfo, "Disabling certificate checking.\n")
- tlsConfig = &tls.Config{
- InsecureSkipVerify: true,
- }
- if config.Cert != "" && config.Key != "" {
- if cert, err := ReadX509KeyPair(config.Cert, config.Key); err ==
nil {
- tlsConfig = &tls.Config{
- Certificates: []tls.Certificate{cert},
- InsecureSkipVerify: true,
- }
- }
- }
- } else {
- // Enable certificate checking in the environment for secure mode
- if config.Cert != "" && config.Key != "" {
- if cert, err := ReadX509KeyPair(config.Cert, config.Key); err ==
nil {
- tlsConfig = &tls.Config{
- Certificates: []tls.Certificate{cert},
- }
- } else {
- errStr = wski18n.T("Unable to enable the certificate checking
due to the reason: {{.err}}.\n",
- map[string]interface{}{ "err": err })
- }
- } else {
- errStr = wski18n.T("Unable to enable the certificate checking,
because both of the certificate and the key are missing.\n")
- }
-
- if len(errStr) != 0 {
- werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL,
DISPLAY_MSG, NO_DISPLAY_USAGE)
- return nil, werr
- }
- }
-
- httpClient.Transport = &http.Transport{
- TLSClientConfig: tlsConfig,
- }
-
if len(config.Namespace) == 0 {
config.Namespace = "_"
}
@@ -201,10 +183,6 @@ func NewClient(httpClient *http.Client, config_input
*Config) (*Client, error) {
return c, nil
}
-var ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) {
- return tls.LoadX509KeyPair(certFile, keyFile)
-}
-
///////////////////////////////
// Request/Utility Functions //
///////////////////////////////
diff --git a/whisk/client_test.go b/whisk/client_test.go
index 4425e71..1b3e748 100644
--- a/whisk/client_test.go
+++ b/whisk/client_test.go
@@ -25,7 +25,6 @@ import (
"net/http"
"fmt"
"net/url"
- "crypto/tls"
)
const (
@@ -37,20 +36,18 @@ const (
FakeAuthKey = "dhajfhshfs:hjhfsjfdjfjsgfjs"
)
-func GetValidConfigTest(insecure bool) *Config {
+func GetValidConfigTest() *Config {
var config Config
config.Host = FakeHost
config.Namespace = FakeNamespace
config.AuthToken = FakeAuthKey
- config.Insecure = insecure
return &config
}
-func GetInvalidConfigMissingApiHostTest(insecure bool) *Config {
+func GetInvalidConfigMissingApiHostTest() *Config {
var config Config
config.Namespace = FakeNamespace
config.AuthToken = FakeAuthKey
- config.Insecure = insecure
return &config
}
@@ -63,20 +60,19 @@ func GetInvalidConfigMissingApiHostWithBaseURLTest()
*Config {
return &config
}
-func GetValidConfigDiffApiHostAndBaseURLTest(insecure bool) *Config {
+func GetValidConfigDiffApiHostAndBaseURLTest() *Config {
var config Config
urlBase := fmt.Sprintf("https://%s/api";, FakeHostDiff)
config.BaseURL, _ = url.Parse(urlBase)
config.Host = FakeHost
config.Namespace = FakeNamespace
config.AuthToken = FakeAuthKey
- config.Insecure = insecure
return &config
}
-func TestNewClientDisablingCertificate(t *testing.T) {
+func TestNewClient(t *testing.T) {
// Test the use case to pass a valid config.
- config := GetValidConfigTest(true)
+ config := GetValidConfigTest()
client, err := NewClient(http.DefaultClient, config)
assert.Nil(t, err)
assert.NotNil(t, client)
@@ -86,7 +82,7 @@ func TestNewClientDisablingCertificate(t *testing.T) {
assert.Equal(t, FakeAuthKey, client.Config.AuthToken)
// Test the use case to pass an invalid config with a missing api host.
- config = GetInvalidConfigMissingApiHostTest(true)
+ config = GetInvalidConfigMissingApiHostTest()
client, err = NewClient(http.DefaultClient, config)
assert.NotNil(t, err)
assert.Contains(t, err.Error(), "Unable to create request URL, because
OpenWhisk API host is missing")
@@ -100,7 +96,7 @@ func TestNewClientDisablingCertificate(t *testing.T) {
assert.Nil(t, client)
// Test the use case to pass a valid config with both the base and api
host of different values.
- config = GetValidConfigDiffApiHostAndBaseURLTest(true)
+ config = GetValidConfigDiffApiHostAndBaseURLTest()
client, err = NewClient(http.DefaultClient, config)
assert.Nil(t, err)
assert.NotNil(t, client)
@@ -109,44 +105,3 @@ func TestNewClientDisablingCertificate(t *testing.T) {
assert.Equal(t, FakeBaseURLDiff, client.Config.BaseURL.String())
assert.Equal(t, FakeAuthKey, client.Config.AuthToken)
}
-
-func TestNewClientEnablingCertificate(t *testing.T) {
- TEST_KEY_FILE := "TEST_KEY_FILE"
- TEST_CERT_FILE := "TEST_CERT_FILE"
-
- // Test the use case to pass a config in secure mode missing the cert and
key files.
- config := GetValidConfigTest(false)
- _, err := NewClient(http.DefaultClient, config)
- assert.NotNil(t, err)
-
- // Test the use case to pass a config in secure mode with non-existing the
cert and key files.
- config = GetValidConfigTest(false)
- config.Key = TEST_KEY_FILE
- config.Cert = TEST_CERT_FILE
- _, err = NewClient(http.DefaultClient, config)
- assert.NotNil(t, err)
-
- // Test the use case to pass a config in secure mode with invalid the cert
and key files.
- CreateFile([]string{ "testKey" }, TEST_KEY_FILE)
- CreateFile([]string{ "testCert" }, TEST_CERT_FILE)
- config = GetValidConfigTest(false)
- config.Key = TEST_KEY_FILE
- config.Cert = TEST_CERT_FILE
- _, err = NewClient(http.DefaultClient, config)
- assert.NotNil(t, err)
-
- // Test the use case to pass a config in secure mode with valid the cert
and key files.
- oldReadX509KeyPair := ReadX509KeyPair
- defer func () { ReadX509KeyPair = oldReadX509KeyPair }()
- ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) {
- cert := tls.Certificate{}
- return cert, nil
- }
- config = GetValidConfigTest(false)
- config.Key = TEST_KEY_FILE
- config.Cert = TEST_CERT_FILE
- _, err = NewClient(http.DefaultClient, config)
- assert.Nil(t, err)
- DeleteFile(TEST_KEY_FILE)
- DeleteFile(TEST_CERT_FILE)
-}
diff --git a/whisk/testUtils.go b/whisk/testUtils.go
deleted file mode 100644
index 60152fc..0000000
--- a/whisk/testUtils.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package whisk
-
-import (
- "os"
- "fmt"
- "bufio"
-)
-
-func CreateFile(lines []string, path string) error {
- file, err := os.Create(path)
- if err != nil {
- return err
- }
- defer file.Close()
-
- w := bufio.NewWriter(file)
- for _, line := range lines {
- fmt.Fprintln(w, line)
- }
- return w.Flush()
-}
-
-func DeleteFile(path string) error {
- return os.Remove(path)
-}
diff --git a/whisk/wskprops_test.go b/whisk/wskprops_test.go
index eff7dbb..ce2b890 100644
--- a/whisk/wskprops_test.go
+++ b/whisk/wskprops_test.go
@@ -1,4 +1,4 @@
-// +build unit
+//// +build unit
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
@@ -23,6 +23,8 @@ import (
"testing"
"github.com/stretchr/testify/assert"
"os"
+ "fmt"
+ "bufio"
)
const (
@@ -140,6 +142,24 @@ func (pi FakePropertiesImp) GetPropsFromWhiskProperties()
*Wskprops {
return &dep
}
+func CreateFile(lines []string, path string) error {
+ file, err := os.Create(path)
+ if err != nil {
+ return err
+ }
+ defer file.Close()
+
+ w := bufio.NewWriter(file)
+ for _, line := range lines {
+ fmt.Fprintln(w, line)
+ }
+ return w.Flush()
+}
+
+func DeleteFile(path string) error {
+ return os.Remove(path)
+}
+
func TestGetPropsFromWhiskProperties(t *testing.T) {
lines := []string{ EXPECTED_TEST_AUTH_KEY }
CreateFile(lines, TEST_FILE)
diff --git a/wski18n/i18n_resources.go b/wski18n/i18n_resources.go
index df2cfa8..206cd63 100644
--- a/wski18n/i18n_resources.go
+++ b/wski18n/i18n_resources.go
@@ -109,12 +109,12 @@ func wski18nResourcesDe_deAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
-var _wski18nResourcesEn_usAllJson =
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x58\x5f\x6f\xdb\x36\x10\x7f\xf7\xa7\x38\xf8\xc5\x19\xe0\xea\x03\x74\x4f\xc1\x66\xcc\xc1\xba\xc6\x58\x9d\xf5\x61\x19\x06\x5a\x3c\x47\x87\xc8\x3c\x95\xa4\x9c\xb9\x86\xbe\xfb\x70\x94\x5c\x67\x8d\x65\xfd\xb1\xda\xe5\xc9\x02\xcd\xfb\xdd\x8f\x77\xc7\xfb\xc3\x3f\x47\x00\xfb\x11\x00\xc0\x98\xf4\xf8\x2d\x8c\xef\x8c\x5a\xa5\x08\x9e\x41\x69\x0d\x96\x73\x8f\xc0\x99\x27\x36\x0e\x26\xfb\x7d\x54\x7d\x17\xc5\x64\x3c
[...]
+var _wski18nResourcesEn_usAllJson =
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x98\x51\x6f\xdb\x36\x10\xc7\xdf\xfd\x29\x0e\x7a\x71\x06\xb8\xfa\x00\xdd\x53\xb0\x19\x73\xb0\xae\x31\x56\x67\x7d\x58\x86\x81\x16\xcf\xd6\x21\x12\xc9\x92\x94\x3d\xd7\xd0\x77\x1f\x48\xd9\xb5\xd7\x48\x96\x44\x2b\x59\x9e\x62\x30\xbc\xff\xfd\x78\x3c\x1e\x8f\xfa\x73\x04\xb0\x1f\x01\x00\x44\xc4\xa3\xf7\x10\x3d\x08\xb6\xcc\x10\xac\x04\xc6\x39\x68\x59\x58\x04\xa9\x2c\x49\x61\x60\xbc\xdf\xc7\x87\xdf\x65\x39\x8e
[...]
func wski18nResourcesEn_usAllJsonBytes() ([]byte, error) {
return bindataRead(
@@ -129,7 +129,7 @@ func wski18nResourcesEn_usAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size:
6974, mode: os.FileMode(420), modTime: time.Unix(1506610567, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size:
6538, mode: os.FileMode(420), modTime: time.Unix(1506031828, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -149,7 +149,7 @@ func wski18nResourcesEs_esAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -169,7 +169,7 @@ func wski18nResourcesFr_frAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -189,7 +189,7 @@ func wski18nResourcesIt_itAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -209,7 +209,7 @@ func wski18nResourcesJa_jaAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -229,7 +229,7 @@ func wski18nResourcesKo_krAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -249,7 +249,7 @@ func wski18nResourcesPt_brAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0,
mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -269,7 +269,7 @@ func wski18nResourcesZh_hansAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size:
0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size:
0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -289,7 +289,7 @@ func wski18nResourcesZh_hantAllJson() (*asset, error) {
return nil, err
}
- info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size:
0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)}
+ info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size:
0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
diff --git a/wski18n/resources/en_US.all.json b/wski18n/resources/en_US.all.json
index bd878a1..775cf4f 100644
--- a/wski18n/resources/en_US.all.json
+++ b/wski18n/resources/en_US.all.json
@@ -140,14 +140,6 @@
"translation": "Unable to create request URL, because the api host
'{{.host}}' is invalid: {{.err}}"
},
{
- "id": "Unable to enable the certificate checking due to the reason:
{{.err}}.\n",
- "translation": "Unable to enable the certificate checking due to the
reason: {{.err}}.\n"
- },
- {
- "id": "Unable to enable the certificate checking, because both of the
certificate and the key are missing.\n",
- "translation": "Unable to enable the certificate checking, because both of
the certificate and the key are missing.\n"
- },
- {
"id": "OpenWhisk API host is missing (Please configure WHISK_APIHOST in
.wskprops under the system HOME directory.)",
"translation": "OpenWhisk API host is missing (Please configure
WHISK_APIHOST in .wskprops under the system HOME directory.)"
},
--
To stop receiving notification emails like this one, please contact
"commits@openwhisk.apache.org" <commits@openwhisk.apache.org>.
