openwhisk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From houshen...@apache.org
Subject [incubator-openwhisk-cli] 01/04: Support client certificate on cli and nginx (#2427)
Date Fri, 21 Jul 2017 16:33:30 GMT
This is an automated email from the ASF dual-hosted git repository.

houshengbo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-cli.git

commit a124cb3fe46af837410850a79a286c2e8e51caae
Author: ningyougang <415622920@qq.com>
AuthorDate: Wed Jul 19 20:01:23 2017 +0800

    Support client certificate on cli and nginx (#2427)
    
    In order to increase the security of auth, it is necessary to add client
    certificate on cli and nginx. So user can use wsk -i property set --cert
    openwhisk-client-cert.pem --key openwhisk-client-key.pem to pass client
    certificate to nginx. If you don't want to use default client certificate
    which system provides, you can create your own client certificate instead
    of them.
---
 commands/commands.go             |  5 ++-
 commands/flags.go                |  4 ++
 commands/property.go             | 80 ++++++++++++++++++++++++++++++++++++++--
 commands/wsk.go                  |  2 +
 wski18n/i18n_resources.go        | 22 +++++------
 wski18n/resources/en_US.all.json | 24 ++++++++++++
 6 files changed, 121 insertions(+), 16 deletions(-)

diff --git a/commands/commands.go b/commands/commands.go
index d943f6a..92c3254 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -36,7 +36,8 @@ func setupClientConfig(cmd *cobra.Command, args []string) (error){
 
     // Determine if the parent command will require the API host to be set
     apiHostRequired := (cmd.Parent().Name() == "property" && cmd.Name() == "get"
&& (Flags.property.auth ||
-      Flags.property.apihost || Flags.property.namespace || Flags.property.apiversion ||
Flags.property.cliversion)) ||
+      Flags.property.cert || Flags.property.key || Flags.property.apihost || Flags.property.namespace
||
+      Flags.property.apiversion || Flags.property.cliversion)) ||
       (cmd.Parent().Name() == "property" && cmd.Name() == "set" && (len(Flags.property.apihostSet)
> 0 ||
         len(Flags.property.apiversionSet) > 0 || len(Flags.Global.Auth) > 0)) ||
       (cmd.Parent().Name() == "sdk" && cmd.Name() == "install" && len(args)
> 0 && args[0] == "bashauto")
@@ -51,6 +52,8 @@ func setupClientConfig(cmd *cobra.Command, args []string) (error){
     }
 
     clientConfig := &whisk.Config{
+        Cert: Properties.Cert,
+        Key: Properties.Key,
         AuthToken:  Properties.Auth,
         Namespace:  Properties.Namespace,
         BaseURL:    baseURL,
diff --git a/commands/flags.go b/commands/flags.go
index 7357426..d7bf302 100644
--- a/commands/flags.go
+++ b/commands/flags.go
@@ -39,6 +39,8 @@ type FlagsStruct struct {
     Global struct {
         Verbose    bool
         Debug      bool
+        Cert       string
+        Key        string
         Auth       string
         Apihost    string
         Apiversion string
@@ -62,6 +64,8 @@ type FlagsStruct struct {
     }
 
     property struct {
+        cert            bool
+        key             bool
         auth            bool
         apihost         bool
         apiversion      bool
diff --git a/commands/property.go b/commands/property.go
index 8e81390..4fea615 100644
--- a/commands/property.go
+++ b/commands/property.go
@@ -31,6 +31,8 @@ import (
 )
 
 var Properties struct {
+    Cert       string
+    Key        string
     Auth       string
     APIHost    string
     APIVersion string
@@ -41,6 +43,8 @@ var Properties struct {
     PropsFile  string
 }
 
+const DefaultCert       string = ""
+const DefaultKey        string = ""
 const DefaultAuth       string = ""
 const DefaultAPIHost    string = ""
 const DefaultAPIVersion string = "v1"
@@ -77,6 +81,21 @@ var propertySetCmd = &cobra.Command{
         }
 
         // read in each flag, update if necessary
+        if cert := Flags.Global.Cert; len(cert) > 0 {
+            props["CERT"] = cert
+            client.Config.Cert = cert
+            okMsg += fmt.Sprintf(
+                wski18n.T("{{.ok}} client cert set. Run 'wsk property get --cert' to see
the new value.\n",
+                    map[string]interface{}{"ok": color.GreenString("ok:")}))
+        }
+
+        if key := Flags.Global.Key; len(key) > 0 {
+            props["KEY"] = key
+            client.Config.Key = key
+            okMsg += fmt.Sprintf(
+                wski18n.T("{{.ok}} client key set. Run 'wsk property get --key' to see the
new value.\n",
+                    map[string]interface{}{"ok": color.GreenString("ok:")}))
+        }
 
         if auth := Flags.Global.Auth; len(auth) > 0 {
             props["AUTH"] = auth
@@ -184,6 +203,20 @@ var propertyUnsetCmd = &cobra.Command{
 
         // read in each flag, update if necessary
 
+        if Flags.property.cert {
+            delete(props, "CERT")
+            okMsg += fmt.Sprintf(
+                wski18n.T("{{.ok}} client cert unset.\n",
+                    map[string]interface{}{"ok": color.GreenString("ok:")}))
+        }
+
+        if Flags.property.key {
+            delete(props, "KEY")
+            okMsg += fmt.Sprintf(
+                wski18n.T("{{.ok}} client key unset.\n",
+                    map[string]interface{}{"ok": color.GreenString("ok:")}))
+        }
+
         if Flags.property.auth {
             delete(props, "AUTH")
             okMsg += fmt.Sprintf(
@@ -255,13 +288,22 @@ var propertyGetCmd = &cobra.Command{
     RunE: func(cmd *cobra.Command, args []string) error {
 
         // If no property is explicitly specified, default to all properties
-        if !(Flags.property.all || Flags.property.auth ||
-             Flags.property.apiversion || Flags.property.cliversion ||
-             Flags.property.namespace || Flags.property.apibuild ||
-             Flags.property.apihost || Flags.property.apibuildno) {
+        if !(Flags.property.all || Flags.property.cert ||
+            Flags.property.key || Flags.property.auth ||
+            Flags.property.apiversion || Flags.property.cliversion ||
+            Flags.property.namespace || Flags.property.apibuild ||
+            Flags.property.apihost || Flags.property.apibuildno) {
             Flags.property.all = true
         }
 
+        if Flags.property.all || Flags.property.cert {
+            fmt.Fprintf(color.Output, "%s\t\t%s\n", wski18n.T("client cert"), boldString(Properties.Cert))
+        }
+
+        if Flags.property.all || Flags.property.key {
+            fmt.Fprintf(color.Output, "%s\t\t%s\n", wski18n.T("client key"), boldString(Properties.Key))
+        }
+
         if Flags.property.all || Flags.property.auth {
             fmt.Fprintf(color.Output, "%s\t\t%s\n", wski18n.T("whisk auth"), boldString(Properties.Auth))
         }
@@ -317,6 +359,8 @@ func init() {
     )
 
     // need to set property flags as booleans instead of strings... perhaps with boolApihost...
+    propertyGetCmd.Flags().BoolVar(&Flags.property.cert, "cert", false, wski18n.T("client
cert"))
+    propertyGetCmd.Flags().BoolVar(&Flags.property.key, "key", false, wski18n.T("client
key"))
     propertyGetCmd.Flags().BoolVar(&Flags.property.auth, "auth", false, wski18n.T("authorization
key"))
     propertyGetCmd.Flags().BoolVar(&Flags.property.apihost, "apihost", false, wski18n.T("whisk
API host"))
     propertyGetCmd.Flags().BoolVar(&Flags.property.apiversion, "apiversion", false, wski18n.T("whisk
API version"))
@@ -327,10 +371,14 @@ func init() {
     propertyGetCmd.Flags().BoolVar(&Flags.property.all, "all", false, wski18n.T("all
properties"))
 
     propertySetCmd.Flags().StringVarP(&Flags.Global.Auth, "auth", "u", "", wski18n.T("authorization
`KEY`"))
+    propertySetCmd.Flags().StringVar(&Flags.Global.Cert, "cert", "", wski18n.T("client
cert"))
+    propertySetCmd.Flags().StringVar(&Flags.Global.Key, "key", "", wski18n.T("client
key"))
     propertySetCmd.Flags().StringVar(&Flags.property.apihostSet, "apihost", "", wski18n.T("whisk
API `HOST`"))
     propertySetCmd.Flags().StringVar(&Flags.property.apiversionSet, "apiversion", "",
wski18n.T("whisk API `VERSION`"))
     propertySetCmd.Flags().StringVar(&Flags.property.namespaceSet, "namespace", "", wski18n.T("whisk
`NAMESPACE`"))
 
+    propertyUnsetCmd.Flags().BoolVar(&Flags.property.cert, "cert", false, wski18n.T("client
cert"))
+    propertyUnsetCmd.Flags().BoolVar(&Flags.property.key, "key", false, wski18n.T("client
key"))
     propertyUnsetCmd.Flags().BoolVar(&Flags.property.auth, "auth", false, wski18n.T("authorization
key"))
     propertyUnsetCmd.Flags().BoolVar(&Flags.property.apihost, "apihost", false, wski18n.T("whisk
API host"))
     propertyUnsetCmd.Flags().BoolVar(&Flags.property.apiversion, "apiversion", false,
wski18n.T("whisk API version"))
@@ -339,6 +387,8 @@ func init() {
 }
 
 func SetDefaultProperties() {
+    Properties.Key = DefaultCert
+    Properties.Cert = DefaultKey
     Properties.Auth = DefaultAuth
     Properties.Namespace = DefaultNamespace
     Properties.APIHost = DefaultAPIHost
@@ -399,6 +449,14 @@ func loadProperties() error {
         return werr
     }
 
+    if cert, hasProp := props["CERT"]; hasProp {
+        Properties.Cert = cert
+    }
+
+    if key, hasProp := props["KEY"]; hasProp {
+        Properties.Key = key
+    }
+
     if authToken, hasProp := props["AUTH"]; hasProp {
         Properties.Auth = authToken
     }
@@ -436,6 +494,20 @@ func loadProperties() error {
 
 func parseConfigFlags(cmd *cobra.Command, args []string) error {
 
+    if cert := Flags.Global.Cert; len(cert) > 0 {
+        Properties.Cert = cert
+        if client != nil {
+            client.Config.Cert = cert
+        }
+    }
+
+    if key := Flags.Global.Key; len(key) > 0 {
+        Properties.Key = key
+        if client != nil {
+            client.Config.Key = key
+        }
+    }
+
     if auth := Flags.Global.Auth; len(auth) > 0 {
         Properties.Auth = auth
         if client != nil {
diff --git a/commands/wsk.go b/commands/wsk.go
index 48391e9..62ac850 100644
--- a/commands/wsk.go
+++ b/commands/wsk.go
@@ -60,6 +60,8 @@ func init() {
 
     WskCmd.PersistentFlags().BoolVarP(&Flags.Global.Verbose, "verbose", "v", false, wski18n.T("verbose
output"))
     WskCmd.PersistentFlags().BoolVarP(&Flags.Global.Debug, "debug", "d", false, wski18n.T("debug
level output"))
+    WskCmd.PersistentFlags().StringVar(&Flags.Global.Cert, "cert", "", wski18n.T("client
cert"))
+    WskCmd.PersistentFlags().StringVar(&Flags.Global.Key, "key", "", wski18n.T("client
key"))
     WskCmd.PersistentFlags().StringVarP(&Flags.Global.Auth, "auth", "u", "", wski18n.T("authorization
`KEY`"))
     WskCmd.PersistentFlags().StringVar(&Flags.Global.Apihost, "apihost", "", wski18n.T("whisk
API `HOST`"))
     WskCmd.PersistentFlags().StringVar(&Flags.Global.Apiversion, "apiversion", "", wski18n.T("whisk
API `VERSION`"))
diff --git a/wski18n/i18n_resources.go b/wski18n/i18n_resources.go
index aab13af..01dd9b6 100644
--- a/wski18n/i18n_resources.go
+++ b/wski18n/i18n_resources.go
@@ -109,12 +109,12 @@ func wski18nResourcesDe_deAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
 
-var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x5d\x5f\x73\xdb\x38\x92\x7f\x9f\x4f\xd1\x95\x17\x3b\x55\xb2\xb3\xfb\x74\x75\x99\x9a\x07\x4d\xec\xd9\x78\x93\xd8\xae\xc8\x99\xdd\xa9\x9b\xab\x11\x4c\x42\x12\xc6\x14\xc0\x01\x40\x2b\x4a\xd6\xdf\xfd\x0a\x00\x49\x91\x12\xfe\x92\x72\x72\x4f\x71\xc4\xee\x5f\x37\xfe\x37\x1a\xdd\xc0\xff\xfc\x00\xf0\xf5\x07\x00\x80\x17\x24\x7f\xf1\x1a\x5e\x4c\xcb\xb2\x20\x19\x92\x84\x51\xc0\x9f\x89\xc4\x39\x54\x14\x7f\x2e\x71
[...]
+var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x5d\x5f\x73\xdb\x38\x92\x7f\x9f\x4f\xd1\x95\x17\x3b\x55\xb2\xb3\xfb\x74\x75\x99\x9a\x07\x4d\xec\xd9\x78\x93\xd8\xae\xc8\x99\xdd\xa9\x9b\xab\x11\x4c\x42\x12\xc6\x14\xc0\x01\x40\x2b\x4a\xd6\xdf\xfd\x0a\x00\x49\x91\x12\xfe\x92\x72\x72\x4f\x71\xc4\xee\x5f\x37\xfe\x37\x1a\xdd\xc0\xff\xfc\x00\xf0\xf5\x07\x00\x80\x17\x24\x7f\xf1\x1a\x5e\x4c\xcb\xb2\x20\x19\x92\x84\x51\xc0\x9f\x89\xc4\x39\x54\x14\x7f\x2e\x71
[...]
 
 func wski18nResourcesEn_usAllJsonBytes() ([]byte, error) {
     return bindataRead(
@@ -129,7 +129,7 @@ func wski18nResourcesEn_usAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 49131, mode:
os.FileMode(420), modTime: time.Unix(1500255849, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 49861, mode:
os.FileMode(420), modTime: time.Unix(1500649503, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -149,7 +149,7 @@ func wski18nResourcesEs_esAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -169,7 +169,7 @@ func wski18nResourcesFr_frAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 101, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 101, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -189,7 +189,7 @@ func wski18nResourcesIt_itAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -209,7 +209,7 @@ func wski18nResourcesJa_jaAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -229,7 +229,7 @@ func wski18nResourcesKo_krAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -249,7 +249,7 @@ func wski18nResourcesPt_brAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -269,7 +269,7 @@ func wski18nResourcesZh_hansAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -289,7 +289,7 @@ func wski18nResourcesZh_hantAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500255391, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500649425, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
diff --git a/wski18n/resources/en_US.all.json b/wski18n/resources/en_US.all.json
index 7d3929e..9b513a3 100644
--- a/wski18n/resources/en_US.all.json
+++ b/wski18n/resources/en_US.all.json
@@ -253,6 +253,14 @@
     "translation": "Unable to set the property value: {{.err}}"
   },
   {
+    "id": "{{.ok}} client cert set. Run 'wsk property get --cert' to see the new value.\n",
+    "translation": "{{.ok}} client cert set. Run 'wsk property get --cert' to see the new
value.\n"
+  },
+  {
+    "id": "{{.ok}} client key set. Run 'wsk property get --key' to see the new value.\n",
+    "translation": "{{.ok}} client key set. Run 'wsk property get --key' to see the new value.\n"
+  },
+  {
     "id": "{{.ok}} whisk auth set. Run 'wsk property get --auth' to see the new value.\n",
     "translation": "{{.ok}} whisk auth set. Run 'wsk property get --auth' to see the new
value.\n"
   },
@@ -293,6 +301,14 @@
     "translation": "Unable to unset the property value: {{.err}}"
   },
   {
+    "id": "{{.ok}} client cert unset.\n",
+    "translation": "{{.ok}} client cert unset.\n"
+  },
+  {
+    "id": "{{.ok}} client key unset.\n",
+    "translation": "{{.ok}} client key unset.\n"
+  },
+  {
     "id": "{{.ok}} whisk auth unset.\n",
     "translation": "{{.ok}} whisk auth unset.\n"
   },
@@ -321,6 +337,14 @@
     "translation": "get property"
   },
   {
+    "id": "client cert",
+    "translation": "client cert"
+  },
+  {
+    "id": "client key",
+    "translation": "client key"
+  },
+  {
     "id": "whisk auth",
     "translation": "whisk auth"
   },

-- 
To stop receiving notification emails like this one, please contact
"commits@openwhisk.apache.org" <commits@openwhisk.apache.org>.

Mime
View raw message