Upload to HTTPS S3 - Support self signed certificate
API --- Allow the user to pass the CA public certification or skip the verification AWSCloud -------- Restore the old version of newAwsFromCreds for access to AWS Create a new method newAwsFromCredsWithEndpoint for Generic S3 which sets the endpoint and optionally overrides the CA Bundle or skips the SSL certificate verification jobimpl-osbuild --------------- Update with the new parameters osbuild-upload-generic-s3 ------------------------- Add ca-bunlde and skip-ssl-verification flags tests ----- Split the tests into http, https with certificate and https skip certificate check Create a new base test for S3 over HTTPS for secure and insecure Move the generic S3 test to tools to reuse for secure and insecure connections All S3 tests now use the aws cli tool Update the libvirt test to be able to download over HTTPS Update the RPM spec Kill container with sudo
This commit is contained in:
Ygal Blum
parent
cd49c932a2
commit
8407c97d96
15 changed files with 331 additions and 38 deletions
|
|
@ -15,6 +15,8 @@ func main() {
|
|||
var sessionToken string
|
||||
var region string
|
||||
var endpoint string
|
||||
var caBundle string
|
||||
var skipSSLVerification bool
|
||||
var bucketName string
|
||||
var keyName string
|
||||
var filename string
|
||||
|
|
@ -23,12 +25,14 @@ func main() {
|
|||
flag.StringVar(&sessionToken, "session-token", "", "session token")
|
||||
flag.StringVar(®ion, "region", "", "target region")
|
||||
flag.StringVar(&endpoint, "endpoint", "", "target endpoint")
|
||||
flag.StringVar(&caBundle, "ca-bundle", "", "path to CA bundle for the S3 server")
|
||||
flag.BoolVar(&skipSSLVerification, "skip-ssl-verification", false, "Skip the verification of the server SSL certificate")
|
||||
flag.StringVar(&bucketName, "bucket", "", "target S3 bucket name")
|
||||
flag.StringVar(&keyName, "key", "", "target S3 key name")
|
||||
flag.StringVar(&filename, "image", "", "image file to upload")
|
||||
flag.Parse()
|
||||
|
||||
a, err := awscloud.NewForEndpoint(endpoint, region, accessKeyID, secretAccessKey, sessionToken)
|
||||
a, err := awscloud.NewForEndpoint(endpoint, region, accessKeyID, secretAccessKey, sessionToken, caBundle, skipSSLVerification)
|
||||
if err != nil {
|
||||
println(err.Error())
|
||||
return
|
||||
|
|
|
|||
|
|
@ -53,12 +53,12 @@ func (impl *OSBuildJobImpl) getAWS(region string, accessId string, secret string
|
|||
}
|
||||
}
|
||||
|
||||
func (impl *OSBuildJobImpl) getAWSForEndpoint(endpoint, region, accessId, secret, token string) (*awscloud.AWS, error) {
|
||||
if accessId != "" && secret != "" {
|
||||
return awscloud.NewForEndpoint(endpoint, region, accessId, secret, token)
|
||||
func (impl *OSBuildJobImpl) getAWSForEndpoint(options *target.GenericS3TargetOptions) (*awscloud.AWS, error) {
|
||||
if options.AccessKeyID != "" && options.SecretAccessKey != "" {
|
||||
return awscloud.NewForEndpoint(options.Endpoint, options.Region, options.AccessKeyID, options.SecretAccessKey, options.SessionToken, options.CABundle, options.SkipSSLVerification)
|
||||
}
|
||||
if impl.GenericS3Creds != "" {
|
||||
return awscloud.NewForEndpointFromFile(impl.GenericS3Creds, endpoint, region)
|
||||
return awscloud.NewForEndpointFromFile(impl.GenericS3Creds, options.Endpoint, options.Region, options.CABundle, options.SkipSSLVerification)
|
||||
}
|
||||
return nil, fmt.Errorf("no credentials found")
|
||||
}
|
||||
|
|
@ -437,7 +437,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
|
|||
return nil
|
||||
}
|
||||
case *target.GenericS3TargetOptions:
|
||||
a, err := impl.getAWSForEndpoint(options.Endpoint, options.Region, options.AccessKeyID, options.SecretAccessKey, options.SessionToken)
|
||||
a, err := impl.getAWSForEndpoint(options)
|
||||
if err != nil {
|
||||
osbuildJobResult.JobError = clienterrors.WorkerClientError(clienterrors.ErrorInvalidConfig, err.Error())
|
||||
return nil
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue