iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7377 from davividal/vagrant-cloud-disable-ssl-verify 

Ignores SSL verification when on premise vagrant cloud
This commit is contained in:
Megan Marsh 2019-03-06 14:24:42 -08:00 committed by GitHub
parent a7078a1f9b e3618bdedf
commit a6d1d852bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 52 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
post-processor/vagrant-cloud/client.go
View File

@ -2,6 +2,7 @@ package vagrantcloud
import ( import (
"bytes" "bytes"
"crypto/tls"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
@ -37,13 +38,20 @@ func (v VagrantCloudErrors) FormatErrors() string {
return strings.Join(errs, ". ") return strings.Join(errs, ". ")
} }
func (v VagrantCloudClient) New(baseUrl string, token string) (*VagrantCloudClient, error) { func (v VagrantCloudClient) New(baseUrl string, token string, InsecureSkipTLSVerify bool) (*VagrantCloudClient, error) {
c := &VagrantCloudClient{ c := &VagrantCloudClient{
client: commonhelper.HttpClientWithEnvironmentProxy(), client: commonhelper.HttpClientWithEnvironmentProxy(),
BaseURL: baseUrl, BaseURL: baseUrl,
AccessToken: token, AccessToken: token,
} }
if InsecureSkipTLSVerify {
transport := c.client.Transport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
return c, c.ValidateAuthentication() return c, c.ValidateAuthentication()
} }

18
post-processor/vagrant-cloud/post-processor.go
View File

@ -27,8 +27,9 @@ type Config struct {
VersionDescription string `mapstructure:"version_description"` VersionDescription string `mapstructure:"version_description"`
NoRelease bool `mapstructure:"no_release"` NoRelease bool `mapstructure:"no_release"`
AccessToken string `mapstructure:"access_token"` AccessToken string `mapstructure:"access_token"`
VagrantCloudUrl string `mapstructure:"vagrant_cloud_url"` VagrantCloudUrl string `mapstructure:"vagrant_cloud_url"`
InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify"`
BoxDownloadUrl string `mapstructure:"box_download_url"` BoxDownloadUrl string `mapstructure:"box_download_url"`
@ -41,10 +42,11 @@ type boxDownloadUrlTemplate struct {
} }
type PostProcessor struct { type PostProcessor struct {
config Config config Config
client *VagrantCloudClient client *VagrantCloudClient
runner multistep.Runner runner multistep.Runner
warnAtlasToken bool warnAtlasToken bool
insecureSkipTLSVerify bool
} }
func (p *PostProcessor) Configure(raws ...interface{}) error { func (p *PostProcessor) Configure(raws ...interface{}) error {
@ -66,6 +68,8 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
p.config.VagrantCloudUrl = VAGRANT_CLOUD_URL p.config.VagrantCloudUrl = VAGRANT_CLOUD_URL
} }
p.insecureSkipTLSVerify = p.config.InsecureSkipTLSVerify == true && p.config.VagrantCloudUrl != VAGRANT_CLOUD_URL
if p.config.AccessToken == "" { if p.config.AccessToken == "" {
envToken := os.Getenv("VAGRANT_CLOUD_TOKEN") envToken := os.Getenv("VAGRANT_CLOUD_TOKEN")
if envToken == "" { if envToken == "" {
@ -95,7 +99,7 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
} }
// create the HTTP client // create the HTTP client
p.client, err = VagrantCloudClient{}.New(p.config.VagrantCloudUrl, p.config.AccessToken) p.client, err = VagrantCloudClient{}.New(p.config.VagrantCloudUrl, p.config.AccessToken, p.insecureSkipTLSVerify)
if err != nil { if err != nil {
errs = packer.MultiErrorAppend( errs = packer.MultiErrorAppend(
errs, fmt.Errorf("Failed to verify authentication token: %v", err)) errs, fmt.Errorf("Failed to verify authentication token: %v", err))

26
post-processor/vagrant-cloud/post-processor_test.go
View File

@ -41,6 +41,32 @@ func newSecureServer(token string, handler http.HandlerFunc) *httptest.Server {
})) }))
} }
func newSelfSignedSslServer(token string, handler http.HandlerFunc) *httptest.Server {
token = fmt.Sprintf("Bearer %s", token)
return httptest.NewTLSServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
if req.Header.Get("authorization") != token {
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
if handler != nil {
handler(rw, req)
}
}))
}
func TestPostProcessor_Insecure_Ssl(t *testing.T) {
var p PostProcessor
server := newSelfSignedSslServer("foo", nil)
defer server.Close()
config := testGoodConfig()
config["vagrant_cloud_url"] = server.URL
config["insecure_skip_tls_verify"] = true
if err := p.Configure(config); err != nil {
t.Fatalf("Expected TLS to skip certificate validation: %s", err)
}
}
func TestPostProcessor_Configure_fromVagrantEnv(t *testing.T) { func TestPostProcessor_Configure_fromVagrantEnv(t *testing.T) {
var p PostProcessor var p PostProcessor
config := testGoodConfig() config := testGoodConfig()

6
website/source/docs/post-processors/vagrant-cloud.html.md
View File

@ -78,6 +78,12 @@ on Vagrant Cloud, as well as authentication and version information.
This is useful if you're using Vagrant Private Cloud in your own network. This is useful if you're using Vagrant Private Cloud in your own network.
Defaults to `https://vagrantcloud.com/api/v1` Defaults to `https://vagrantcloud.com/api/v1`
- `insecure_skip_tls_verify` (boolean) - If set to true *and* `vagrant_cloud_url`
is set to something different than its default, it will set TLS InsecureSkipVerify
to true. In other words, this will disable security checks of SSL. You may need
to set this option to true if your host at vagrant_cloud_url is using a
self-signed certificate.
- `version_description` (string) - Optionally markdown text used as a - `version_description` (string) - Optionally markdown text used as a
full-length and in-depth description of the version, typically for denoting full-length and in-depth description of the version, typically for denoting
changes introduced changes introduced