added ability to use custom cert in cli (#54)

* Added changes for Skipping SSL verify (#49)

Signed-off-by: Jonsy13 <[email protected]>

* Added some fixes for litmusctl (#50)

Signed-off-by: Jonsy13 <[email protected]>

* added ability to use custom cert in cli

Signed-off-by: Soumya Ghosh Dastidar <[email protected]>

Co-authored-by: Vedant Shrotria <[email protected]>

.gitignore

@@ -6,6 +6,7 @@
 *.dylib
 main
 litmusctl
+agent-manifest.yaml
 
 # Test binary, built with `go test -c`
 *.test

go.mod

@@ -4,30 +4,16 @@ go 1.16
 
 require (
 	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
-	github.com/coreos/bbolt v1.3.2 // indirect
-	github.com/coreos/etcd v3.3.13+incompatible // indirect
-	github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e // indirect
-	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
 	github.com/fatih/color v1.12.0
 	github.com/golang-jwt/jwt v3.2.1+incompatible
-	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
-	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
-	github.com/jonboulle/clockwork v0.1.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/prometheus/client_golang v0.9.3 // indirect
-	github.com/soheilhy/cmux v0.1.4 // indirect
 	github.com/spf13/cobra v1.2.1
 	github.com/spf13/viper v1.8.1
-	github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect
-	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
-	go.etcd.io/bbolt v1.3.2 // indirect
 	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad // indirect
 	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect
 	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
 	golang.org/x/text v0.3.6 // indirect
-	gopkg.in/resty.v1 v1.12.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.20.4
 	k8s.io/apimachinery v0.20.4

main.go

@@ -17,8 +17,9 @@ package main
 
 import (
 	"fmt"
-	"github.com/litmuschaos/litmusctl/pkg/cmd/root"
 	"os"
+
+	rootCmd "github.com/litmuschaos/litmusctl/pkg/cmd/root"
 )
 
 var CLIVersion string

pkg/agent/ops.go

@@ -126,6 +126,15 @@ AGENT_NAME:
 	utils.White_B.Print("\nAgent Description: ")
 	newAgent.Description = utils.Scanner()
 
+	utils.White_B.Print("\nDo you want Agent to skip SSL/TLS check (Y/N) (Default: N): ")
+	skipSSLDescision := utils.Scanner()
+
+	if strings.ToLower(skipSSLDescision) == "y" {
+		newAgent.SkipSSL = true
+	} else {
+		newAgent.SkipSSL = false
+	}
+
 	utils.White_B.Print("\nDo you want NodeSelector to be added in the agent deployments (Y/N) (Default: N): ")
 	nodeSelectorDescision := utils.Scanner()
 
@@ -237,7 +246,7 @@ func ValidateSAPermissions(mode string, kubeconfig *string) {
 
 // Summary display the agent details based on input
 func Summary(agent types.Agent, kubeconfig *string) {
-	utils.White_B.Printf("\n📌 Summary \nAgent Name: %s\nAgent Description: %s\nPlatform Name: %s\n", agent.AgentName, agent.Description, agent.PlatformName)
+	utils.White_B.Printf("\n📌 Summary \nAgent Name: %s\nAgent Description: %s\nAgent SSL/TLS Skip: %t\nPlatform Name: %s\n", agent.AgentName, agent.Description, agent.SkipSSL, agent.PlatformName)
 	if ok, _ := k8s.NsExists(agent.Namespace, kubeconfig); ok {
 		utils.White_B.Println("Namespace: ", agent.Namespace)
 	} else {

pkg/apis/agent.go

@@ -51,20 +51,20 @@ func GetAgentList(c types.Credentials, pid string) (AgentData, error) {
 	query := `{"query":"query{\n  getCluster(project_id: \"` + pid + `\"){\n  cluster_id cluster_name is_active \n  }\n}"}`
 	resp, err := SendRequest(SendRequestParams{Endpoint: c.Endpoint + utils.GQLAPIPath, Token: c.Token}, []byte(query), string(types.Post))
 	if err != nil {
-		utils.Red.Println("Error in getting agent list: ", err)
+		return AgentData{}, err
 	}
 
 	bodyBytes, err := ioutil.ReadAll(resp.Body)
 	defer resp.Body.Close()
 	if err != nil {
-		utils.Red.Println("Error in getting agent list: ", err)
+		return AgentData{}, err
 	}
 
 	if resp.StatusCode == http.StatusOK {
 		var agent AgentData
 		err = json.Unmarshal(bodyBytes, &agent)
 		if err != nil {
-			utils.Red.Println("Error in getting agent list: ", err)
+			return AgentData{}, err
 		}
 
 		if len(agent.Errors) > 0 {
@@ -102,18 +102,18 @@ type UserAgentReg struct {
 
 // ConnectAgent connects the agent with the given details
 func ConnectAgent(agent types.Agent, cred types.Credentials) (AgentConnectionData, error) {
-	query := `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n  }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
+	query := `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    skip_ssl: ` + fmt.Sprintf("%t", agent.SkipSSL) + `,\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n  }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
 
 	if agent.NodeSelector != "" {
-		query = `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  node_selector: \"` + agent.NodeSelector + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n  }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
+		query = `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  node_selector: \"` + agent.NodeSelector + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    skip_ssl: ` + fmt.Sprintf("%t", agent.SkipSSL) + `,\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n  }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
 	}
 
 	if agent.Tolerations != "" {
-		query = `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n tolerations: ` + agent.Tolerations + ` }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
+		query = `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    skip_ssl: ` + fmt.Sprintf("%t", agent.SkipSSL) + `,\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n tolerations: ` + agent.Tolerations + ` }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
 	}
 
 	if agent.NodeSelector != "" && agent.Tolerations != "" {
-		query = `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  node_selector: \"` + agent.NodeSelector + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n tolerations: ` + agent.Tolerations + ` }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
+		query = `{"query":"mutation {\n  userClusterReg(clusterInput: \n    { \n    cluster_name: \"` + agent.AgentName + `\", \n    description: \"` + agent.Description + `\",\n  node_selector: \"` + agent.NodeSelector + `\",\n  \tplatform_name: \"` + agent.PlatformName + `\",\n    project_id: \"` + agent.ProjectId + `\",\n    cluster_type: \"` + agent.ClusterType + `\",\n  agent_scope: \"` + agent.Mode + `\",\n    agent_namespace: \"` + agent.Namespace + `\",\n    skip_ssl: ` + fmt.Sprintf("%t", agent.SkipSSL) + `,\n    serviceaccount: \"` + agent.ServiceAccount + `\",\n    agent_ns_exists: ` + fmt.Sprintf("%t", agent.NsExists) + `,\n    agent_sa_exists: ` + fmt.Sprintf("%t", agent.SAExists) + `,\n tolerations: ` + agent.Tolerations + ` }){\n    cluster_id\n    cluster_name\n    token\n  }\n}"}`
 	}
 
 	resp, err := SendRequest(SendRequestParams{Endpoint: cred.Endpoint + utils.GQLAPIPath, Token: cred.Token}, []byte(query), string(types.Post))

pkg/apis/request.go

@@ -33,8 +33,7 @@ func SendRequest(params SendRequestParams, payload []byte, method string) (*http
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("Authorization", params.Token)
 
-	client := &http.Client{}
-	resp, err := client.Do(req)
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return &http.Response{}, err
 	}

pkg/cmd/config/useAccount.go

@@ -17,11 +17,12 @@ package config
 
 import (
 	"fmt"
+	"os"
+
 	"github.com/litmuschaos/litmusctl/pkg/config"
 	"github.com/litmuschaos/litmusctl/pkg/types"
 	"github.com/litmuschaos/litmusctl/pkg/utils"
 	"github.com/spf13/cobra"
-	"os"
 )
 
 // useAccountCmd represents the useAccount command

pkg/cmd/config/view.go

@@ -17,9 +17,10 @@ package config
 
 import (
 	"fmt"
-	"github.com/litmuschaos/litmusctl/pkg/utils"
 	"io/ioutil"
 
+	"github.com/litmuschaos/litmusctl/pkg/utils"
+
 	"os"
 
 	"github.com/litmuschaos/litmusctl/pkg/config"

pkg/cmd/create/agent.go

@@ -95,6 +95,9 @@ var agentCmd = &cobra.Command{
 			newAgent.AgentName, err = cmd.Flags().GetString("agent-name")
 			utils.PrintError(err)
 
+			newAgent.SkipSSL, err = cmd.Flags().GetBool("skip-agent-ssl")
+			utils.PrintError(err)
+
 			if newAgent.AgentName == "" {
 				utils.Red.Print("Error: --agent-name flag is empty")
 				os.Exit(1)
@@ -283,6 +286,7 @@ func init() {
 	agentCmd.Flags().String("node-selector", "", "Set the node-selector for agent components | Format: \"key1=value1,key2=value2\")")
 	agentCmd.Flags().String("namespace", "litmus", "Set the namespace for the agent installation")
 	agentCmd.Flags().String("service-account", "litmus", "Set the service account to be used by the agent")
+	agentCmd.Flags().Bool("skip-agent-ssl", false, "Set whether agent will skip ssl/tls check (can be used for self-signed certs, if cert is not provided in portal)")
 	agentCmd.Flags().Bool("ns-exists", false, "Set the --ns-exists=false if the namespace mentioned in the --namespace flag is not existed else set it to --ns-exists=true | Note: Always set the boolean flag as --ns-exists=Boolean")
 	agentCmd.Flags().Bool("sa-exists", false, "Set the --sa-exists=false if the service-account mentioned in the --service-account flag is not existed else set it to --sa-exists=true | Note: Always set the boolean flag as --sa-exists=Boolean\"\n")
 }

pkg/cmd/create/project.go

@@ -17,6 +17,7 @@ package create
 
 import (
 	"fmt"
+
 	"github.com/litmuschaos/litmusctl/pkg/apis"
 	"github.com/litmuschaos/litmusctl/pkg/utils"
 

pkg/cmd/get/agents.go

@@ -17,11 +17,12 @@ package get
 
 import (
 	"fmt"
+	"os"
+	"text/tabwriter"
+
 	"github.com/litmuschaos/litmusctl/pkg/apis"
 	"github.com/litmuschaos/litmusctl/pkg/utils"
 	"github.com/spf13/cobra"
-	"os"
-	"text/tabwriter"
 )
 
 // agentsCmd represents the agents command

pkg/cmd/root/root.go

@@ -16,7 +16,11 @@ limitations under the License.
 package rootCmd
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io/ioutil"
+	"net/http"
 	"os"
 
 	"github.com/litmuschaos/litmusctl/pkg/cmd/upgrade"
@@ -26,6 +30,7 @@ import (
 	"github.com/litmuschaos/litmusctl/pkg/cmd/config"
 	"github.com/litmuschaos/litmusctl/pkg/cmd/create"
 	"github.com/litmuschaos/litmusctl/pkg/cmd/get"
+	config2 "github.com/litmuschaos/litmusctl/pkg/config"
 	"github.com/spf13/cobra"
 
 	"github.com/mitchellh/go-homedir"
@@ -61,6 +66,8 @@ func init() {
 	// will be global for your application.
 
 	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.litmusctl)")
+	rootCmd.PersistentFlags().BoolVar(&config2.SkipSSLVerify, "skipSSL", false, "skipSSL, litmusctl will skip ssl/tls verification while communicating with portal")
+	rootCmd.PersistentFlags().StringVar(&config2.CACert, "cacert", "", "cacert <path_to_crt_file> , custom ca certificate used for communicating with portal")
 }
 
 // initConfig reads in config file and ENV variables if set.
@@ -80,6 +87,16 @@ func initConfig() {
 
 	viper.AutomaticEnv() // read in environment variables that match
 
+	if config2.SkipSSLVerify {
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	} else if config2.CACert != "" {
+		caCert, err := ioutil.ReadFile(config2.CACert)
+		cobra.CheckErr(err)
+		caCertPool := x509.NewCertPool()
+		caCertPool.AppendCertsFromPEM(caCert)
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{RootCAs: caCertPool}
+	}
+
 	// If a config file is found, read it in.
 	if err := viper.ReadInConfig(); err == nil {
 		fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed())

pkg/cmd/version/version.go

@@ -16,9 +16,10 @@ limitations under the License.
 package version
 
 import (
-	"github.com/litmuschaos/litmusctl/pkg/utils"
 	"os"
 
+	"github.com/litmuschaos/litmusctl/pkg/utils"
+
 	"github.com/spf13/cobra"
 )
 

pkg/config/ops.go

@@ -24,6 +24,11 @@ import (
 	"gopkg.in/yaml.v2"
 )
 
+var (
+	SkipSSLVerify bool   = false
+	CACert        string = ""
+)
+
 func CreateNewLitmusCtlConfig(filename string, config types.LitmuCtlConfig) error {
 
 	configByte, err := yaml.Marshal(config)

pkg/k8s/client.go

@@ -16,10 +16,11 @@ limitations under the License.
 package k8s
 
 import (
-	"github.com/litmuschaos/litmusctl/pkg/utils"
 	"os"
 	"path/filepath"
 
+	"github.com/litmuschaos/litmusctl/pkg/utils"
+
 	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/tools/clientcmd"

pkg/k8s/operations.go

@@ -19,7 +19,9 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"log"
+	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -279,12 +281,29 @@ func ApplyYaml(params ApplyYamlPrams, kubeconfig string, isLocal bool) (output s
 	path := params.YamlPath
 	if !isLocal {
 		path = fmt.Sprintf("%s/%s/%s.yaml", params.Endpoint, params.YamlPath, params.Token)
+		req, err := http.NewRequest("GET", path, nil)
+		if err != nil {
+			return "", err
+		}
+		resp, err := http.DefaultClient.Do(req)
+		if err != nil {
+			return "", err
+		}
+		defer resp.Body.Close()
+		resp_body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return "", err
+		}
+		err = ioutil.WriteFile("agent-manifest.yaml", resp_body, 0644)
+		if err != nil {
+			return "", err
+		}
+		path = "agent-manifest.yaml"
 	}
-	var args []string
+
+	args := []string{"kubectl", "apply", "-f", path}
 	if kubeconfig != "" {
-		args = []string{"kubectl", "apply", "-f", path, "--kubeconfig", kubeconfig}
-	} else {
-		args = []string{"kubectl", "apply", "-f", path}
+		args = append(args, []string{"--kubeconfig", kubeconfig}...)
 	}
 
 	stdout, err := exec.Command(args[0], args[1:]...).CombinedOutput()

pkg/types/agent_types.go

@@ -28,6 +28,7 @@ type Agent struct {
 	ServiceAccount string
 	NsExists       bool
 	SAExists       bool
+	SkipSSL        bool
 }
 
 type Toleration struct {