Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for http client configuration via command arguments #64

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added support for http client configuration via command arguments #64

wants to merge 1 commit into from

Conversation

Tecnobutrul
Copy link
Member

This PR adds support for some http client configurations. It adds support to:

  • disable the tls server certificate verification with '--tlsSkipVerify' argument

  • attach a client certificate on http request

@CLAassistant
Copy link

CLAassistant commented Nov 29, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

speatzle
speatzle reviewed Nov 30, 2024
View reviewed changes
Copy link
Collaborator

@speatzle speatzle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
Thanks for the PR. I could only take a quick look and make some comments this Week. Ill see when i can checkout and test your changes soon.

cmd/root.go
@@ -60,6 +60,10 @@ func init() {
rootCmd.PersistentFlags().Uint("mfaRetrys", 3, "How often to retry TOTP Auth, only used in nointeractive modes")
rootCmd.PersistentFlags().Duration("mfaDelay", time.Second*10, "Delay between MFA Attempts, only used in noninteractive modes")

rootCmd.PersistentFlags().Bool("tlsSkipVerify", false, "Allow servers with self-signed certificates")
rootCmd.PersistentFlags().String("tlsClientPrivateKey", "", "Client private key for mtls")
rootCmd.PersistentFlags().String("tlsClientCert", "", "Client certificate for mtls")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably should allow importing the Certificate and Key from a File Path like we do for userPrivateKeyFile.

util/http.go
if !certExists && keyExists {
return tls.Certificate{}, fmt.Errorf("Client TLS cert is empty, but client TLS private key was sent.")
}
return tls.LoadX509KeyPair("client.cert", "client-key.pem")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This always loads the key Pair from these Hardcoded Files instead of from the Flag?

util/http.go
return tls.Certificate{}, nil
}
if certExists && !keyExists {
return tls.Certificate{}, fmt.Errorf("Client TLS private key is empty, but client TLS cert was sent.")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean set instead of sent?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@speatzle speatzle speatzle left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Tecnobutrul @CLAassistant @speatzle