openwhisk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From csantan...@apache.org
Subject [incubator-openwhisk-client-go] branch master updated: Revert "Add the support of certificate checking for secure mode (#39)"
Date Mon, 16 Oct 2017 18:06:00 GMT
This is an automated email from the ASF dual-hosted git repository.

csantanapr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-client-go.git


The following commit(s) were added to refs/heads/master by this push:
     new 2e78a67  Revert "Add the support of certificate checking for secure mode (#39)"
2e78a67 is described below

commit 2e78a673c5c8524f22381b2666177345af130362
Author: James Dubee <jwdubee@us.ibm.com>
AuthorDate: Mon Oct 16 13:00:57 2017 -0400

    Revert "Add the support of certificate checking for secure mode (#39)"
    
    This reverts commit cef179c81f07f86413c720623995c17bd1bddd7d.
---
 whisk/client.go                  | 66 ++++++++++++++--------------------------
 whisk/client_test.go             | 59 +++++------------------------------
 whisk/testUtils.go               | 42 -------------------------
 whisk/wskprops_test.go           | 22 +++++++++++++-
 wski18n/i18n_resources.go        | 22 +++++++-------
 wski18n/resources/en_US.all.json |  8 -----
 6 files changed, 61 insertions(+), 158 deletions(-)

diff --git a/whisk/client.go b/whisk/client.go
index 8dfc454..aea23ec 100644
--- a/whisk/client.go
+++ b/whisk/client.go
@@ -113,6 +113,28 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client,
error) {
         }
     }
 
+    // Disable certificate checking in the dev environment if in insecure mode
+    if config.Insecure {
+        Debug(DbgInfo, "Disabling certificate checking.\n")
+        var tlsConfig *tls.Config
+        if config.Cert != "" && config.Key != "" {
+            if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err == nil {
+                tlsConfig = &tls.Config{
+                    Certificates: []tls.Certificate{cert},
+                    InsecureSkipVerify: true,
+                }
+            }
+        }else{
+            tlsConfig = &tls.Config{
+                InsecureSkipVerify: true,
+            }
+        }
+
+        httpClient.Transport = &http.Transport{
+            TLSClientConfig: tlsConfig,
+        }
+    }
+
     var err error
     var errStr = ""
     if len(config.Host) == 0 {
@@ -131,46 +153,6 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client,
error) {
         return nil, werr
     }
 
-    var tlsConfig *tls.Config
-    // Disable certificate checking in the environment for insecure mode
-    if config.Insecure {
-        Debug(DbgInfo, "Disabling certificate checking.\n")
-        tlsConfig = &tls.Config{
-            InsecureSkipVerify: true,
-        }
-        if config.Cert != "" && config.Key != "" {
-            if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
-                tlsConfig = &tls.Config{
-                    Certificates: []tls.Certificate{cert},
-                    InsecureSkipVerify: true,
-                }
-            }
-        }
-    } else {
-        // Enable certificate checking in the environment for secure mode
-        if config.Cert != "" && config.Key != "" {
-            if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
-                tlsConfig = &tls.Config{
-                    Certificates: []tls.Certificate{cert},
-                }
-            } else {
-                errStr = wski18n.T("Unable to enable the certificate checking due to the
reason: {{.err}}.\n",
-                    map[string]interface{}{ "err": err })
-            }
-        } else {
-            errStr = wski18n.T("Unable to enable the certificate checking, because both of
the certificate and the key are missing.\n")
-        }
-
-        if len(errStr) != 0 {
-            werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL, DISPLAY_MSG,
NO_DISPLAY_USAGE)
-            return nil, werr
-        }
-    }
-
-    httpClient.Transport = &http.Transport{
-        TLSClientConfig: tlsConfig,
-    }
-
     if len(config.Namespace) == 0 {
         config.Namespace = "_"
     }
@@ -201,10 +183,6 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client,
error) {
     return c, nil
 }
 
-var ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) {
-    return tls.LoadX509KeyPair(certFile, keyFile)
-}
-
 ///////////////////////////////
 // Request/Utility Functions //
 ///////////////////////////////
diff --git a/whisk/client_test.go b/whisk/client_test.go
index 4425e71..1b3e748 100644
--- a/whisk/client_test.go
+++ b/whisk/client_test.go
@@ -25,7 +25,6 @@ import (
     "net/http"
     "fmt"
     "net/url"
-    "crypto/tls"
 )
 
 const (
@@ -37,20 +36,18 @@ const (
     FakeAuthKey = "dhajfhshfs:hjhfsjfdjfjsgfjs"
 )
 
-func GetValidConfigTest(insecure bool) *Config {
+func GetValidConfigTest() *Config {
     var config Config
     config.Host = FakeHost
     config.Namespace = FakeNamespace
     config.AuthToken = FakeAuthKey
-    config.Insecure = insecure
     return &config
 }
 
-func GetInvalidConfigMissingApiHostTest(insecure bool) *Config {
+func GetInvalidConfigMissingApiHostTest() *Config {
     var config Config
     config.Namespace = FakeNamespace
     config.AuthToken = FakeAuthKey
-    config.Insecure = insecure
     return &config
 }
 
@@ -63,20 +60,19 @@ func GetInvalidConfigMissingApiHostWithBaseURLTest() *Config {
     return &config
 }
 
-func GetValidConfigDiffApiHostAndBaseURLTest(insecure bool) *Config {
+func GetValidConfigDiffApiHostAndBaseURLTest() *Config {
     var config Config
     urlBase := fmt.Sprintf("https://%s/api", FakeHostDiff)
     config.BaseURL, _ = url.Parse(urlBase)
     config.Host = FakeHost
     config.Namespace = FakeNamespace
     config.AuthToken = FakeAuthKey
-    config.Insecure = insecure
     return &config
 }
 
-func TestNewClientDisablingCertificate(t *testing.T) {
+func TestNewClient(t *testing.T) {
     // Test the use case to pass a valid config.
-    config := GetValidConfigTest(true)
+    config := GetValidConfigTest()
     client, err := NewClient(http.DefaultClient, config)
     assert.Nil(t, err)
     assert.NotNil(t, client)
@@ -86,7 +82,7 @@ func TestNewClientDisablingCertificate(t *testing.T) {
     assert.Equal(t, FakeAuthKey, client.Config.AuthToken)
 
     // Test the use case to pass an invalid config with a missing api host.
-    config = GetInvalidConfigMissingApiHostTest(true)
+    config = GetInvalidConfigMissingApiHostTest()
     client, err = NewClient(http.DefaultClient, config)
     assert.NotNil(t, err)
     assert.Contains(t, err.Error(), "Unable to create request URL, because OpenWhisk API
host is missing")
@@ -100,7 +96,7 @@ func TestNewClientDisablingCertificate(t *testing.T) {
     assert.Nil(t, client)
 
     // Test the use case to pass a valid config with both the base and api host of different
values.
-    config = GetValidConfigDiffApiHostAndBaseURLTest(true)
+    config = GetValidConfigDiffApiHostAndBaseURLTest()
     client, err = NewClient(http.DefaultClient, config)
     assert.Nil(t, err)
     assert.NotNil(t, client)
@@ -109,44 +105,3 @@ func TestNewClientDisablingCertificate(t *testing.T) {
     assert.Equal(t, FakeBaseURLDiff, client.Config.BaseURL.String())
     assert.Equal(t, FakeAuthKey, client.Config.AuthToken)
 }
-
-func TestNewClientEnablingCertificate(t *testing.T) {
-    TEST_KEY_FILE := "TEST_KEY_FILE"
-    TEST_CERT_FILE := "TEST_CERT_FILE"
-
-    // Test the use case to pass a config in secure mode missing the cert and key files.
-    config := GetValidConfigTest(false)
-    _, err := NewClient(http.DefaultClient, config)
-    assert.NotNil(t, err)
-
-    // Test the use case to pass a config in secure mode with non-existing the cert and key
files.
-    config = GetValidConfigTest(false)
-    config.Key = TEST_KEY_FILE
-    config.Cert = TEST_CERT_FILE
-    _, err = NewClient(http.DefaultClient, config)
-    assert.NotNil(t, err)
-
-    // Test the use case to pass a config in secure mode with invalid the cert and key files.
-    CreateFile([]string{ "testKey" }, TEST_KEY_FILE)
-    CreateFile([]string{ "testCert" }, TEST_CERT_FILE)
-    config = GetValidConfigTest(false)
-    config.Key = TEST_KEY_FILE
-    config.Cert = TEST_CERT_FILE
-    _, err = NewClient(http.DefaultClient, config)
-    assert.NotNil(t, err)
-
-    // Test the use case to pass a config in secure mode with valid the cert and key files.
-    oldReadX509KeyPair := ReadX509KeyPair
-    defer func () { ReadX509KeyPair = oldReadX509KeyPair }()
-    ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) {
-        cert := tls.Certificate{}
-        return cert, nil
-    }
-    config = GetValidConfigTest(false)
-    config.Key = TEST_KEY_FILE
-    config.Cert = TEST_CERT_FILE
-    _, err = NewClient(http.DefaultClient, config)
-    assert.Nil(t, err)
-    DeleteFile(TEST_KEY_FILE)
-    DeleteFile(TEST_CERT_FILE)
-}
diff --git a/whisk/testUtils.go b/whisk/testUtils.go
deleted file mode 100644
index 60152fc..0000000
--- a/whisk/testUtils.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package whisk
-
-import (
-    "os"
-    "fmt"
-    "bufio"
-)
-
-func CreateFile(lines []string, path string) error {
-    file, err := os.Create(path)
-    if err != nil {
-        return err
-    }
-    defer file.Close()
-
-    w := bufio.NewWriter(file)
-    for _, line := range lines {
-        fmt.Fprintln(w, line)
-    }
-    return w.Flush()
-}
-
-func DeleteFile(path string) error {
-    return os.Remove(path)
-}
diff --git a/whisk/wskprops_test.go b/whisk/wskprops_test.go
index eff7dbb..ce2b890 100644
--- a/whisk/wskprops_test.go
+++ b/whisk/wskprops_test.go
@@ -1,4 +1,4 @@
-// +build unit
+//// +build unit
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -23,6 +23,8 @@ import (
     "testing"
     "github.com/stretchr/testify/assert"
     "os"
+    "fmt"
+    "bufio"
 )
 
 const (
@@ -140,6 +142,24 @@ func (pi FakePropertiesImp) GetPropsFromWhiskProperties() *Wskprops {
     return &dep
 }
 
+func CreateFile(lines []string, path string) error {
+    file, err := os.Create(path)
+    if err != nil {
+        return err
+    }
+    defer file.Close()
+
+    w := bufio.NewWriter(file)
+    for _, line := range lines {
+        fmt.Fprintln(w, line)
+    }
+    return w.Flush()
+}
+
+func DeleteFile(path string) error {
+    return os.Remove(path)
+}
+
 func TestGetPropsFromWhiskProperties(t *testing.T) {
     lines := []string{ EXPECTED_TEST_AUTH_KEY }
     CreateFile(lines, TEST_FILE)
diff --git a/wski18n/i18n_resources.go b/wski18n/i18n_resources.go
index df2cfa8..206cd63 100644
--- a/wski18n/i18n_resources.go
+++ b/wski18n/i18n_resources.go
@@ -109,12 +109,12 @@ func wski18nResourcesDe_deAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/de_DE.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
 
-var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x58\x5f\x6f\xdb\x36\x10\x7f\xf7\xa7\x38\xf8\xc5\x19\xe0\xea\x03\x74\x4f\xc1\x66\xcc\xc1\xba\xc6\x58\x9d\xf5\x61\x19\x06\x5a\x3c\x47\x87\xc8\x3c\x95\xa4\x9c\xb9\x86\xbe\xfb\x70\x94\x5c\x67\x8d\x65\xfd\xb1\xda\xe5\xc9\x02\xcd\xfb\xdd\x8f\x77\xc7\xfb\xc3\x3f\x47\x00\xfb\x11\x00\xc0\x98\xf4\xf8\x2d\x8c\xef\x8c\x5a\xa5\x08\x9e\x41\x69\x0d\x96\x73\x8f\xc0\x99\x27\x36\x0e\x26\xfb\x7d\x54\x7d\x17\xc5\x64\x3c
[...]
+var _wski18nResourcesEn_usAllJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x98\x51\x6f\xdb\x36\x10\xc7\xdf\xfd\x29\x0e\x7a\x71\x06\xb8\xfa\x00\xdd\x53\xb0\x19\x73\xb0\xae\x31\x56\x67\x7d\x58\x86\x81\x16\xcf\xd6\x21\x12\xc9\x92\x94\x3d\xd7\xd0\x77\x1f\x48\xd9\xb5\xd7\x48\x96\x44\x2b\x59\x9e\x62\x30\xbc\xff\xfd\x78\x3c\x1e\x8f\xfa\x73\x04\xb0\x1f\x01\x00\x44\xc4\xa3\xf7\x10\x3d\x08\xb6\xcc\x10\xac\x04\xc6\x39\x68\x59\x58\x04\xa9\x2c\x49\x61\x60\xbc\xdf\xc7\x87\xdf\x65\x39\x8e
[...]
 
 func wski18nResourcesEn_usAllJsonBytes() ([]byte, error) {
     return bindataRead(
@@ -129,7 +129,7 @@ func wski18nResourcesEn_usAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 6974, mode: os.FileMode(420),
modTime: time.Unix(1506610567, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/en_US.all.json", size: 6538, mode: os.FileMode(420),
modTime: time.Unix(1506031828, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -149,7 +149,7 @@ func wski18nResourcesEs_esAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/es_ES.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -169,7 +169,7 @@ func wski18nResourcesFr_frAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/fr_FR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -189,7 +189,7 @@ func wski18nResourcesIt_itAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/it_IT.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -209,7 +209,7 @@ func wski18nResourcesJa_jaAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/ja_JA.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -229,7 +229,7 @@ func wski18nResourcesKo_krAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/ko_KR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -249,7 +249,7 @@ func wski18nResourcesPt_brAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/pt_BR.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -269,7 +269,7 @@ func wski18nResourcesZh_hansAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/zh_Hans.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
@@ -289,7 +289,7 @@ func wski18nResourcesZh_hantAllJson() (*asset, error) {
         return nil, err
     }
 
-    info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1500156160, 0)}
+    info := bindataFileInfo{name: "wski18n/resources/zh_Hant.all.json", size: 0, mode: os.FileMode(420),
modTime: time.Unix(1506031186, 0)}
     a := &asset{bytes: bytes, info: info}
     return a, nil
 }
diff --git a/wski18n/resources/en_US.all.json b/wski18n/resources/en_US.all.json
index bd878a1..775cf4f 100644
--- a/wski18n/resources/en_US.all.json
+++ b/wski18n/resources/en_US.all.json
@@ -140,14 +140,6 @@
     "translation": "Unable to create request URL, because the api host '{{.host}}' is invalid:
{{.err}}"
   },
   {
-    "id": "Unable to enable the certificate checking due to the reason: {{.err}}.\n",
-    "translation": "Unable to enable the certificate checking due to the reason: {{.err}}.\n"
-  },
-  {
-    "id": "Unable to enable the certificate checking, because both of the certificate and
the key are missing.\n",
-    "translation": "Unable to enable the certificate checking, because both of the certificate
and the key are missing.\n"
-  },
-  {
     "id": "OpenWhisk API host is missing (Please configure WHISK_APIHOST in .wskprops under
the system HOME directory.)",
     "translation": "OpenWhisk API host is missing (Please configure WHISK_APIHOST in .wskprops
under the system HOME directory.)"
   },

-- 
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <commits@openwhisk.apache.org>'].

Mime
View raw message