This is an automated email from the ASF dual-hosted git repository. dubeejw pushed a commit to branch revert-39-add-certificate-support in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-client-go.git
commit 964f5d171926850eda4417565616dbd31eaec703 Author: James Dubee <jwdu...@us.ibm.com> AuthorDate: Mon Oct 16 13:00:57 2017 -0400 Revert "Add the support of certificate checking for secure mode (#39)" This reverts commit cef179c81f07f86413c720623995c17bd1bddd7d. --- whisk/client.go | 66 ++++++++++++++-------------------------- whisk/client_test.go | 59 +++++------------------------------ whisk/testUtils.go | 42 ------------------------- whisk/wskprops_test.go | 22 +++++++++++++- wski18n/i18n_resources.go | 22 +++++++------- wski18n/resources/en_US.all.json | 8 ----- 6 files changed, 61 insertions(+), 158 deletions(-) diff --git a/whisk/client.go b/whisk/client.go index 8dfc454..aea23ec 100644 --- a/whisk/client.go +++ b/whisk/client.go @@ -113,6 +113,28 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) { } } + // Disable certificate checking in the dev environment if in insecure mode + if config.Insecure { + Debug(DbgInfo, "Disabling certificate checking.\n") + var tlsConfig *tls.Config + if config.Cert != "" && config.Key != "" { + if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err == nil { + tlsConfig = &tls.Config{ + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + } + } + }else{ + tlsConfig = &tls.Config{ + InsecureSkipVerify: true, + } + } + + httpClient.Transport = &http.Transport{ + TLSClientConfig: tlsConfig, + } + } + var err error var errStr = "" if len(config.Host) == 0 { @@ -131,46 +153,6 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) { return nil, werr } - var tlsConfig *tls.Config - // Disable certificate checking in the environment for insecure mode - if config.Insecure { - Debug(DbgInfo, "Disabling certificate checking.\n") - tlsConfig = &tls.Config{ - InsecureSkipVerify: true, - } - if config.Cert != "" && config.Key != "" { - if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil { - tlsConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - InsecureSkipVerify: true, - } - } - } - } else { - // Enable certificate checking in the environment for secure mode - if config.Cert != "" && config.Key != "" { - if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil { - tlsConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - } - } else { - errStr = wski18n.T("Unable to enable the certificate checking due to the reason: {{.err}}.\n", - map[string]interface{}{ "err": err }) - } - } else { - errStr = wski18n.T("Unable to enable the certificate checking, because both of the certificate and the key are missing.\n") - } - - if len(errStr) != 0 { - werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL, DISPLAY_MSG, NO_DISPLAY_USAGE) - return nil, werr - } - } - - httpClient.Transport = &http.Transport{ - TLSClientConfig: tlsConfig, - } - if len(config.Namespace) == 0 { config.Namespace = "_" } @@ -201,10 +183,6 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) { return c, nil } -var ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) { - return tls.LoadX509KeyPair(certFile, keyFile) -} - /////////////////////////////// // Request/Utility Functions // /////////////////////////////// diff --git a/whisk/client_test.go b/whisk/client_test.go index 4425e71..1b3e748 100644 --- a/whisk/client_test.go +++ b/whisk/client_test.go @@ -25,7 +25,6 @@ import ( "net/http" "fmt" "net/url" - "crypto/tls" ) const ( @@ -37,20 +36,18 @@ const ( FakeAuthKey = "dhajfhshfs:hjhfsjfdjfjsgfjs" ) -func GetValidConfigTest(insecure bool) *Config { +func GetValidConfigTest() *Config { var config Config config.Host = FakeHost config.Namespace = FakeNamespace config.AuthToken = FakeAuthKey - config.Insecure = insecure return &config } -func GetInvalidConfigMissingApiHostTest(insecure bool) *Config { +func GetInvalidConfigMissingApiHostTest() *Config { var config Config config.Namespace = FakeNamespace config.AuthToken = FakeAuthKey - config.Insecure = insecure return &config } @@ -63,20 +60,19 @@ func GetInvalidConfigMissingApiHostWithBaseURLTest() *Config { return &config } -func GetValidConfigDiffApiHostAndBaseURLTest(insecure bool) *Config { +func GetValidConfigDiffApiHostAndBaseURLTest() *Config { var config Config urlBase := fmt.Sprintf("https://%s/api", FakeHostDiff) config.BaseURL, _ = url.Parse(urlBase) config.Host = FakeHost config.Namespace = FakeNamespace config.AuthToken = FakeAuthKey - config.Insecure = insecure return &config } -func TestNewClientDisablingCertificate(t *testing.T) { +func TestNewClient(t *testing.T) { // Test the use case to pass a valid config. - config := GetValidConfigTest(true) + config := GetValidConfigTest() client, err := NewClient(http.DefaultClient, config) assert.Nil(t, err) assert.NotNil(t, client) @@ -86,7 +82,7 @@ func TestNewClientDisablingCertificate(t *testing.T) { assert.Equal(t, FakeAuthKey, client.Config.AuthToken) // Test the use case to pass an invalid config with a missing api host. - config = GetInvalidConfigMissingApiHostTest(true) + config = GetInvalidConfigMissingApiHostTest() client, err = NewClient(http.DefaultClient, config) assert.NotNil(t, err) assert.Contains(t, err.Error(), "Unable to create request URL, because OpenWhisk API host is missing") @@ -100,7 +96,7 @@ func TestNewClientDisablingCertificate(t *testing.T) { assert.Nil(t, client) // Test the use case to pass a valid config with both the base and api host of different values. - config = GetValidConfigDiffApiHostAndBaseURLTest(true) + config = GetValidConfigDiffApiHostAndBaseURLTest() client, err = NewClient(http.DefaultClient, config) assert.Nil(t, err) assert.NotNil(t, client) @@ -109,44 +105,3 @@ func TestNewClientDisablingCertificate(t *testing.T) { assert.Equal(t, FakeBaseURLDiff, client.Config.BaseURL.String()) assert.Equal(t, FakeAuthKey, client.Config.AuthToken) } - -func TestNewClientEnablingCertificate(t *testing.T) { - TEST_KEY_FILE := "TEST_KEY_FILE" - TEST_CERT_FILE := "TEST_CERT_FILE" - - // Test the use case to pass a config in secure mode missing the cert and key files. - config := GetValidConfigTest(false) - _, err := NewClient(http.DefaultClient, config) - assert.NotNil(t, err) - - // Test the use case to pass a config in secure mode with non-existing the cert and key files. - config = GetValidConfigTest(false) - config.Key = TEST_KEY_FILE - config.Cert = TEST_CERT_FILE - _, err = NewClient(http.DefaultClient, config) - assert.NotNil(t, err) - - // Test the use case to pass a config in secure mode with invalid the cert and key files. - CreateFile([]string{ "testKey" }, TEST_KEY_FILE) - CreateFile([]string{ "testCert" }, TEST_CERT_FILE) - config = GetValidConfigTest(false) - config.Key = TEST_KEY_FILE - config.Cert = TEST_CERT_FILE - _, err = NewClient(http.DefaultClient, config) - assert.NotNil(t, err) - - // Test the use case to pass a config in secure mode with valid the cert and key files. - oldReadX509KeyPair := ReadX509KeyPair - defer func () { ReadX509KeyPair = oldReadX509KeyPair }() - ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) { - cert := tls.Certificate{} - return cert, nil - } - config = GetValidConfigTest(false) - config.Key = TEST_KEY_FILE - config.Cert = TEST_CERT_FILE - _, err = NewClient(http.DefaultClient, config) - assert.Nil(t, err) - DeleteFile(TEST_KEY_FILE) - DeleteFile(TEST_CERT_FILE) -} diff --git a/whisk/testUtils.go b/whisk/testUtils.go deleted file mode 100644 index 60152fc..0000000 --- a/whisk/testUtils.go +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package whisk - -import ( - "os" - "fmt" - "bufio" -) - -func CreateFile(lines []string, path string) error { - file, err := os.Create(path) - if err != nil { - return err - } - defer file.Close() - - w := bufio.NewWriter(file) - for _, line := range lines { - fmt.Fprintln(w, line) - } - return w.Flush() -} - -func DeleteFile(path string) error { - return os.Remove(path) -} diff --git a/whisk/wskprops_test.go b/whisk/wskprops_test.go index eff7dbb..ce2b890 100644 --- a/whisk/wskprops_test.go +++ b/whisk/wskprops_test.go @@ -1,4 +1,4 @@ -// +build unit +//// +build unit /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -23,6 +23,8 @@ import ( "testing" "github.com/stretchr/testify/assert" "os" + "fmt" + "bufio" ) const ( @@ -140,6 +142,24 @@ func (pi FakePropertiesImp) GetPropsFromWhiskProperties() *Wskprops { return &dep } +func CreateFile(lines []string, path string) error { + file, err := os.Create(path) + if err != nil { + return err + } + defer file.Close() + + w := bufio.NewWriter(file) + for _, line := range lines { + fmt.Fprintln(w, line) + } + return w.Flush() +} + +func DeleteFile(path string) error { + return os.Remove(path) +} + func TestGetPropsFromWhiskProperties(t *testing.T) { lines := []string{ EXPECTED_TEST_AUTH_KEY } CreateFile(lines, TEST_FILE) diff --git a/wski18n/i18n_resources.go b/wski18n/i18n_resources.go index df2cfa8..206cd63 100644 --- a/wski18n/i18n_resources.go +++ b/wski18n/i18n_resources.go @@ -109,12 +109,12 @@ func wski18nResourcesDe_deAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x58\x5f\x6f\xdb\x36\x10\x7f\xf7\xa7\x38\xf8\xc5\x19\xe0\xea\x03\x74\x4f\xc1\x66\xcc\xc1\xba\xc6\x58\x9d\xf5\x61\x19\x06\x5a\x3c\x47\x87\xc8\x3c\x95\xa4\x9c\xb9\x86\xbe\xfb\x70\x94\x5c\x67\x8d\x65\xfd\xb1\xda\xe5\xc9\x02\xcd\xfb\xdd\x8f\x77\xc7\xfb\xc3\x3f\x47\x00\xfb\x11\x00\xc0\x98\xf4\xf8\x2d\x8c\xef\x8c\x5a\xa5\x08\x9e\x41\x69\x0d\x96\x73\x8f\xc0\x99\x27\x36\x0e\x26\xfb\x7d\x54\x7d\x17\xc5\x64\x3c [...] +var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x98\x51\x6f\xdb\x36\x10\xc7\xdf\xfd\x29\x0e\x7a\x71\x06\xb8\xfa\x00\xdd\x53\xb0\x19\x73\xb0\xae\x31\x56\x67\x7d\x58\x86\x81\x16\xcf\xd6\x21\x12\xc9\x92\x94\x3d\xd7\xd0\x77\x1f\x48\xd9\xb5\xd7\x48\x96\x44\x2b\x59\x9e\x62\x30\xbc\xff\xfd\x78\x3c\x1e\x8f\xfa\x73\x04\xb0\x1f\x01\x00\x44\xc4\xa3\xf7\x10\x3d\x08\xb6\xcc\x10\xac\x04\xc6\x39\x68\x59\x58\x04\xa9\x2c\x49\x61\x60\xbc\xdf\xc7\x87\xdf\x65\x39\x8e [...] func wski18nResourcesEn_usAllJsonBytes() ([]byte, error) { return bindataRead( @@ -129,7 +129,7 @@ func wski18nResourcesEn_usAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 6974, mode: os.FileMode(420), modTime: time.Unix(1506610567, 0)} + info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 6538, mode: os.FileMode(420), modTime: time.Unix(1506031828, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -149,7 +149,7 @@ func wski18nResourcesEs_esAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -169,7 +169,7 @@ func wski18nResourcesFr_frAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -189,7 +189,7 @@ func wski18nResourcesIt_itAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -209,7 +209,7 @@ func wski18nResourcesJa_jaAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -229,7 +229,7 @@ func wski18nResourcesKo_krAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -249,7 +249,7 @@ func wski18nResourcesPt_brAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -269,7 +269,7 @@ func wski18nResourcesZh_hansAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -289,7 +289,7 @@ func wski18nResourcesZh_hantAllJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1500156160, 0)} + info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420), modTime: time.Unix(1506031186, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/wski18n/resources/en_US.all.json b/wski18n/resources/en_US.all.json index bd878a1..775cf4f 100644 --- a/wski18n/resources/en_US.all.json +++ b/wski18n/resources/en_US.all.json @@ -140,14 +140,6 @@ "translation": "Unable to create request URL, because the api host '{{.host}}' is invalid: {{.err}}" }, { - "id": "Unable to enable the certificate checking due to the reason: {{.err}}.\n", - "translation": "Unable to enable the certificate checking due to the reason: {{.err}}.\n" - }, - { - "id": "Unable to enable the certificate checking, because both of the certificate and the key are missing.\n", - "translation": "Unable to enable the certificate checking, because both of the certificate and the key are missing.\n" - }, - { "id": "OpenWhisk API host is missing (Please configure WHISK_APIHOST in .wskprops under the system HOME directory.)", "translation": "OpenWhisk API host is missing (Please configure WHISK_APIHOST in .wskprops under the system HOME directory.)" }, -- To stop receiving notification emails like this one, please contact "commits@openwhisk.apache.org" <commits@openwhisk.apache.org>.