diff options
author | Martin Polden <mpolden@mpolden.no> | 2022-03-01 15:54:20 +0100 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2022-03-01 15:54:20 +0100 |
commit | d1dea5bd9338b886b1abcdf7a17a137fd13ca55e (patch) | |
tree | 984233a67882e8d43bb3ae2d7dd38d3e8c6a4f1b /client | |
parent | c8efa8ed2003e9032adad3b4b3acf912800f7247 (diff) |
Use correct certificate/key when generating curl command in hosted
Diffstat (limited to 'client')
-rw-r--r-- | client/go/cmd/curl.go | 24 | ||||
-rw-r--r-- | client/go/cmd/curl_test.go | 18 | ||||
-rw-r--r-- | client/go/cmd/helpers.go | 20 |
3 files changed, 34 insertions, 28 deletions
diff --git a/client/go/cmd/curl.go b/client/go/cmd/curl.go index 65cac223309..289a65465bd 100644 --- a/client/go/cmd/curl.go +++ b/client/go/cmd/curl.go @@ -42,11 +42,11 @@ $ vespa curl -- -v --data-urlencode "yql=select * from music where album contain if err != nil { return err } - app, err := getApplication() + target, err := getTarget() if err != nil { return err } - service, err := getService(curlService, 0, "") + service, err := target.Service(curlService, 0, 0, "") if err != nil { return err } @@ -58,26 +58,14 @@ $ vespa curl -- -v --data-urlencode "yql=select * from music where album contain } switch curlService { case vespa.DeployService: - t, err := getTarget() - if err != nil { - return err - } - if t.Type() == vespa.TargetCloud { - if err := addCloudAuth0Authentication(t.Deployment().System, cfg, c); err != nil { + if target.Type() == vespa.TargetCloud { + if err := addCloudAuth0Authentication(target.Deployment().System, cfg, c); err != nil { return err } } case vespa.DocumentService, vespa.QueryService: - privateKeyFile, err := cfg.PrivateKeyPath(app) - if err != nil { - return err - } - certificateFile, err := cfg.CertificatePath(app) - if err != nil { - return err - } - c.PrivateKey = privateKeyFile - c.Certificate = certificateFile + c.PrivateKey = service.TLSOptions.PrivateKeyFile + c.Certificate = service.TLSOptions.CertificateFile default: return fmt.Errorf("service not found: %s", curlService) } diff --git a/client/go/cmd/curl_test.go b/client/go/cmd/curl_test.go index 253943f2b04..50b837e0d85 100644 --- a/client/go/cmd/curl_test.go +++ b/client/go/cmd/curl_test.go @@ -3,6 +3,7 @@ package cmd import ( "fmt" + "os" "path/filepath" "testing" @@ -13,14 +14,27 @@ import ( func TestCurl(t *testing.T) { homeDir := filepath.Join(t.TempDir(), ".vespa") httpClient := &mock.HTTPClient{} - out, _ := execute(command{homeDir: homeDir, args: []string{"curl", "-n", "-a", "t1.a1.i1", "--", "-v", "--data-urlencode", "arg=with space", "/search"}}, t, httpClient) + _, outErr := execute(command{args: []string{"config", "set", "application", "t1.a1.i1"}, homeDir: homeDir}, t, nil) + assert.Equal(t, "", outErr) + _, outErr = execute(command{args: []string{"config", "set", "target", "cloud"}, homeDir: homeDir}, t, nil) + assert.Equal(t, "", outErr) + _, outErr = execute(command{args: []string{"auth", "api-key"}, homeDir: homeDir}, t, nil) + assert.Equal(t, "", outErr) + _, outErr = execute(command{args: []string{"auth", "cert", "--no-add"}, homeDir: homeDir}, t, nil) + assert.Equal(t, "", outErr) + + os.Setenv("VESPA_CLI_ENDPOINTS", "{\"endpoints\":[{\"cluster\":\"container\",\"url\":\"http://127.0.0.1:8080\"}]}") + out, _ := execute(command{homeDir: homeDir, args: []string{"curl", "-n", "--", "-v", "--data-urlencode", "arg=with space", "/search"}}, t, httpClient) expected := fmt.Sprintf("curl --key %s --cert %s -v --data-urlencode 'arg=with space' http://127.0.0.1:8080/search\n", filepath.Join(homeDir, "t1.a1.i1", "data-plane-private-key.pem"), filepath.Join(homeDir, "t1.a1.i1", "data-plane-public-cert.pem")) assert.Equal(t, expected, out) - out, _ = execute(command{homeDir: homeDir, args: []string{"curl", "-a", "t1.a1.i1", "-s", "deploy", "-n", "/application/v4/tenant/foo"}}, t, httpClient) + _, outErr = execute(command{args: []string{"config", "set", "target", "local"}, homeDir: homeDir}, t, nil) + assert.Equal(t, "", outErr) + out, outErr = execute(command{homeDir: homeDir, args: []string{"curl", "-a", "t1.a1.i1", "-s", "deploy", "-n", "/application/v4/tenant/foo"}}, t, httpClient) + assert.Equal(t, "", outErr) expected = "curl http://127.0.0.1:19071/application/v4/tenant/foo\n" assert.Equal(t, expected, out) } diff --git a/client/go/cmd/helpers.go b/client/go/cmd/helpers.go index 9003a64b33b..eb801b51d97 100644 --- a/client/go/cmd/helpers.go +++ b/client/go/cmd/helpers.go @@ -39,30 +39,30 @@ func athenzPath(filename string) (string, error) { return filepath.Join(userHome, ".athenz", filename), nil } -func athenzKeyPair() (tls.Certificate, error) { +func athenzKeyPair() (KeyPair, error) { certFile, err := athenzPath("cert") if err != nil { - return tls.Certificate{}, err + return KeyPair{}, err } keyFile, err := athenzPath("key") if err != nil { - return tls.Certificate{}, err + return KeyPair{}, err } kp, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { - return tls.Certificate{}, err + return KeyPair{}, err } cert, err := x509.ParseCertificate(kp.Certificate[0]) if err != nil { - return tls.Certificate{}, err + return KeyPair{}, err } now := time.Now() expiredAt := cert.NotAfter if expiredAt.Before(now) { delta := now.Sub(expiredAt).Truncate(time.Second) - return tls.Certificate{}, errHint(fmt.Errorf("certificate %s expired at %s (%s ago)", certFile, cert.NotAfter, delta), "Try renewing certificate with 'athenz-user-cert'") + return KeyPair{}, errHint(fmt.Errorf("certificate %s expired at %s (%s ago)", certFile, cert.NotAfter, delta), "Try renewing certificate with 'athenz-user-cert'") } - return kp, nil + return KeyPair{KeyPair: kp, CertificateFile: certFile, PrivateKeyFile: keyFile}, nil } func vespaCliHome() (string, error) { @@ -255,7 +255,11 @@ func createCloudTarget(targetType string) (vespa.Target, error) { if err != nil { return nil, err } - apiTLSOptions = vespa.TLSOptions{KeyPair: kp} + apiTLSOptions = vespa.TLSOptions{ + KeyPair: kp.KeyPair, + CertificateFile: kp.CertificateFile, + PrivateKeyFile: kp.PrivateKeyFile, + } deploymentTLSOptions = apiTLSOptions } else { return nil, fmt.Errorf("invalid cloud target: %s", targetType) |