mirror of https://github.com/perkeep/perkeep.git
Merge "pkg/client: auth and (camtool) TLS fixes"
This commit is contained in:
mpl
Gerrit Code Review
commit
52a16e3483
|
|
@ -19,7 +19,9 @@ package main
|
||||||
import (
|
import (
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"camlistore.org/pkg/client"
|
"camlistore.org/pkg/client"
|
||||||
"camlistore.org/pkg/cmdmain"
|
"camlistore.org/pkg/cmdmain"
|
||||||
|
|
@ -28,6 +30,7 @@ import (
|
||||||
type indexCmd struct {
|
type indexCmd struct {
|
||||||
verbose bool
|
verbose bool
|
||||||
wipe bool
|
wipe bool
|
||||||
|
insecureTLS bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -35,6 +38,9 @@ func init() {
|
||||||
cmd := new(indexCmd)
|
cmd := new(indexCmd)
|
||||||
flags.BoolVar(&cmd.verbose, "verbose", false, "Be verbose.")
|
flags.BoolVar(&cmd.verbose, "verbose", false, "Be verbose.")
|
||||||
flags.BoolVar(&cmd.wipe, "wipe", false, "Erase and recreate all discovered indexes. NOOP for now.")
|
flags.BoolVar(&cmd.wipe, "wipe", false, "Erase and recreate all discovered indexes. NOOP for now.")
|
||||||
|
if debug, _ := strconv.ParseBool(os.Getenv("CAMLI_DEBUG")); debug {
|
||||||
|
flags.BoolVar(&cmd.insecureTLS, "insecure", false, "If set, when using TLS, the server's certificates verification is disabled, and they are not checked against the trustedCerts in the client configuration either.")
|
||||||
|
}
|
||||||
return cmd
|
return cmd
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
@ -79,6 +85,10 @@ func (c *indexCmd) sync(from, to string) error {
|
||||||
func (c *indexCmd) discoClient() *client.Client {
|
func (c *indexCmd) discoClient() *client.Client {
|
||||||
var cl *client.Client
|
var cl *client.Client
|
||||||
cl = client.NewOrFail()
|
cl = client.NewOrFail()
|
||||||
|
cl.InsecureTLS = c.insecureTLS
|
||||||
|
cl.SetHTTPClient(&http.Client{
|
||||||
|
Transport: cl.TransportForConfig(nil),
|
||||||
|
})
|
||||||
cl.SetupAuth()
|
cl.SetupAuth()
|
||||||
return cl
|
return cl
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,9 @@ import (
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -43,6 +45,7 @@ type syncCmd struct {
|
||||||
all bool
|
all bool
|
||||||
removeSrc bool
|
removeSrc bool
|
||||||
wipe bool
|
wipe bool
|
||||||
|
insecureTLS bool
|
||||||
|
|
||||||
logger *log.Logger
|
logger *log.Logger
|
||||||
}
|
}
|
||||||
|
|
@ -59,6 +62,10 @@ func init() {
|
||||||
flags.BoolVar(&cmd.wipe, "wipe", false, "If dest is an index, drop it and repopulate it from scratch. NOOP for now.")
|
flags.BoolVar(&cmd.wipe, "wipe", false, "If dest is an index, drop it and repopulate it from scratch. NOOP for now.")
|
||||||
flags.BoolVar(&cmd.all, "all", false, "Discover all sync destinations configured on the source server and run them.")
|
flags.BoolVar(&cmd.all, "all", false, "Discover all sync destinations configured on the source server and run them.")
|
||||||
flags.BoolVar(&cmd.removeSrc, "removesrc", false, "Remove each blob from the source after syncing to the destination; for queue processing.")
|
flags.BoolVar(&cmd.removeSrc, "removesrc", false, "Remove each blob from the source after syncing to the destination; for queue processing.")
|
||||||
|
// TODO(mpl): maybe move this flag up to the client pkg as an AddFlag, as it can be used by all commands.
|
||||||
|
if debug, _ := strconv.ParseBool(os.Getenv("CAMLI_DEBUG")); debug {
|
||||||
|
flags.BoolVar(&cmd.insecureTLS, "insecure", false, "If set, when using TLS, the server's certificates verification is disabled, and they are not checked against the trustedCerts in the client configuration either.")
|
||||||
|
}
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
})
|
})
|
||||||
|
|
@ -163,7 +170,10 @@ func (c *syncCmd) storageFromParam(which storageType, val string) (blobserver.St
|
||||||
return disk, nil
|
return disk, nil
|
||||||
}
|
}
|
||||||
cl := client.New(val)
|
cl := client.New(val)
|
||||||
// TODO(mpl): probably needs the transport setup for trusted certs here.
|
cl.InsecureTLS = c.insecureTLS
|
||||||
|
cl.SetHTTPClient(&http.Client{
|
||||||
|
Transport: cl.TransportForConfig(nil),
|
||||||
|
})
|
||||||
cl.SetupAuth()
|
cl.SetupAuth()
|
||||||
cl.SetLogger(c.logger)
|
cl.SetLogger(c.logger)
|
||||||
return cl, nil
|
return cl, nil
|
||||||
|
|
@ -206,9 +216,17 @@ func (c *syncCmd) syncAll() error {
|
||||||
for _, sh := range syncHandlers {
|
for _, sh := range syncHandlers {
|
||||||
from := client.New(sh.From)
|
from := client.New(sh.From)
|
||||||
from.SetLogger(c.logger)
|
from.SetLogger(c.logger)
|
||||||
|
from.InsecureTLS = c.insecureTLS
|
||||||
|
from.SetHTTPClient(&http.Client{
|
||||||
|
Transport: from.TransportForConfig(nil),
|
||||||
|
})
|
||||||
from.SetupAuth()
|
from.SetupAuth()
|
||||||
to := client.New(sh.To)
|
to := client.New(sh.To)
|
||||||
to.SetLogger(c.logger)
|
to.SetLogger(c.logger)
|
||||||
|
to.InsecureTLS = c.insecureTLS
|
||||||
|
to.SetHTTPClient(&http.Client{
|
||||||
|
Transport: to.TransportForConfig(nil),
|
||||||
|
})
|
||||||
to.SetupAuth()
|
to.SetupAuth()
|
||||||
if c.verbose {
|
if c.verbose {
|
||||||
log.Printf("Now syncing: %v -> %v", sh.From, sh.To)
|
log.Printf("Now syncing: %v -> %v", sh.From, sh.To)
|
||||||
|
|
@ -235,6 +253,11 @@ func (c *syncCmd) discoClient() *client.Client {
|
||||||
} else {
|
} else {
|
||||||
cl = client.New(c.src)
|
cl = client.New(c.src)
|
||||||
}
|
}
|
||||||
|
cl.SetLogger(c.logger)
|
||||||
|
cl.InsecureTLS = c.insecureTLS
|
||||||
|
cl.SetHTTPClient(&http.Client{
|
||||||
|
Transport: cl.TransportForConfig(nil),
|
||||||
|
})
|
||||||
cl.SetupAuth()
|
cl.SetupAuth()
|
||||||
return cl
|
return cl
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -278,9 +278,11 @@ func (c *Client) useTLS() bool {
|
||||||
return strings.HasPrefix(c.server, "https://")
|
return strings.HasPrefix(c.server, "https://")
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetupAuth sets the client's authMode from the client configuration file or from the environment.
|
// SetupAuth sets the client's authMode. It tries from the environment first if we're on android or in dev mode, and then from the client configuration.
|
||||||
func (c *Client) SetupAuth() error {
|
func (c *Client) SetupAuth() error {
|
||||||
// env var always takes precendence
|
// env var takes precedence, but only if we're in dev mode or on android.
|
||||||
|
// Too risky otherwise.
|
||||||
|
if android.OnAndroid() || os.Getenv("CAMLI_DEV_CAMLI_ROOT") != "" {
|
||||||
authMode, err := auth.FromEnv()
|
authMode, err := auth.FromEnv()
|
||||||
if err == nil {
|
if err == nil {
|
||||||
c.authMode = authMode
|
c.authMode = authMode
|
||||||
|
|
@ -289,13 +291,15 @@ func (c *Client) SetupAuth() error {
|
||||||
if err != auth.ErrNoAuth {
|
if err != auth.ErrNoAuth {
|
||||||
return fmt.Errorf("Could not set up auth from env var CAMLI_AUTH: %v", err)
|
return fmt.Errorf("Could not set up auth from env var CAMLI_AUTH: %v", err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if c.server == "" {
|
if c.server == "" {
|
||||||
return fmt.Errorf("CAMLI_AUTH not set and no server defined: can not set up auth.")
|
return fmt.Errorf("No server defined for this client: can not set up auth.")
|
||||||
}
|
}
|
||||||
authConf := serverAuth(c.server)
|
authConf := serverAuth(c.server)
|
||||||
if authConf == "" {
|
if authConf == "" {
|
||||||
return fmt.Errorf("Could not find auth key for server %q in config", c.server)
|
return fmt.Errorf("Could not find auth key for server %q in config", c.server)
|
||||||
}
|
}
|
||||||
|
var err error
|
||||||
c.authMode, err = auth.FromConfig(authConf)
|
c.authMode, err = auth.FromConfig(authConf)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue