-
Notifications
You must be signed in to change notification settings - Fork 53
feat(cli): support inline CA certificates in gRPC connections and config #2721
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
88b337c
0291a3f
a1286ae
6422b1c
739cf62
afe9e55
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| // | ||
| // Copyright 2024-2025 The Chainloop Authors. | ||
| // Copyright 2024-2026 The Chainloop Authors. | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
|
|
@@ -123,8 +123,13 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command { | |
| grpcconn.WithInsecure(apiInsecure()), | ||
| } | ||
|
|
||
| if caFilePath := viper.GetString(confOptions.controlplaneCA.viperKey); caFilePath != "" { | ||
| opts = append(opts, grpcconn.WithCAFile(caFilePath)) | ||
| if caValue := viper.GetString(confOptions.controlplaneCA.viperKey); caValue != "" { | ||
| // Check if the value is a file path, if it is we read the content and encode it to base64, if not we assume it's the content already | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should it use different keys instead of trying to do a
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we use different keys, which would take precedence then?
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. As far as I remember os.Stat is safe to use because it does not open the file descriptor. It calls directly the underlying OS to read just the file attributes |
||
| if _, err := os.Stat(caValue); err == nil { | ||
| opts = append(opts, grpcconn.WithCAFile(caValue)) | ||
| } else { | ||
| opts = append(opts, grpcconn.WithCAContent(caValue)) | ||
| } | ||
| } | ||
|
|
||
| controlplaneURL := viper.GetString(confOptions.controlplaneAPI.viperKey) | ||
|
|
@@ -495,3 +500,24 @@ func isAPITokenPreferred(cmd *cobra.Command) bool { | |
| func getConfigDir(appName string) string { | ||
| return filepath.Join(xdg.ConfigHome, appName) | ||
| } | ||
|
|
||
| // processCAFlag reads CA file content and stores it as PEM if value is a file path | ||
| func processCAFlag(opt *confOpt) error { | ||
| value := viper.GetString(opt.viperKey) | ||
| if value == "" { | ||
| return nil | ||
| } | ||
|
|
||
| // If it's a file path, read and store PEM content directly | ||
| if _, err := os.Stat(value); err == nil { | ||
| content, err := os.ReadFile(value) | ||
| if err != nil { | ||
|
javirln marked this conversation as resolved.
|
||
| return fmt.Errorf("failed to read CA file %s: %w", value, err) | ||
| } | ||
|
|
||
| // Store PEM content directly | ||
| viper.Set(opt.viperKey, string(content)) | ||
| } | ||
|
|
||
| return nil | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
btw, how's is this change gonna affect the platform CLI?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we do in other commands being inherited from OSS, we will extend the
config saveon EE so it handles Platforms' CAs. The changes are in draft already there :)