Merge "pkg/client: auth and (camtool) TLS fixes"

2014-01-09 19:24:16 +00:00 · 2014-01-09 19:24:16 +00:00 · 52a16e3483
parent 686d4ea445 1db2e7eaf3
commit 52a16e3483
3 changed files with 55 additions and 18 deletions
--- a/cmd/camtool/index.go
+++ b/cmd/camtool/index.go
@ -19,7 +19,9 @@ package main
 import (
 	"flag"
 	"fmt"
+	"net/http"
 	"os"
+	"strconv"

 	"camlistore.org/pkg/client"
 	"camlistore.org/pkg/cmdmain"
@ -28,6 +30,7 @@ import (
 type indexCmd struct {
 	verbose     bool
 	wipe        bool
+	insecureTLS bool
 }

 func init() {
@ -35,6 +38,9 @@ func init() {
 		cmd := new(indexCmd)
 		flags.BoolVar(&cmd.verbose, "verbose", false, "Be verbose.")
 		flags.BoolVar(&cmd.wipe, "wipe", false, "Erase and recreate all discovered indexes. NOOP for now.")
+		if debug, _ := strconv.ParseBool(os.Getenv("CAMLI_DEBUG")); debug {
+			flags.BoolVar(&cmd.insecureTLS, "insecure", false, "If set, when using TLS, the server's certificates verification is disabled, and they are not checked against the trustedCerts in the client configuration either.")
+		}
 		return cmd
 	})
 }
@ -79,6 +85,10 @@ func (c *indexCmd) sync(from, to string) error {
 func (c *indexCmd) discoClient() *client.Client {
 	var cl *client.Client
 	cl = client.NewOrFail()
+	cl.InsecureTLS = c.insecureTLS
+	cl.SetHTTPClient(&http.Client{
+		Transport: cl.TransportForConfig(nil),
+	})
 	cl.SetupAuth()
 	return cl
 }
--- a/cmd/camtool/sync.go
+++ b/cmd/camtool/sync.go
@ -21,7 +21,9 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"net/http"
 	"os"
+	"strconv"
 	"strings"
 	"time"

@ -43,6 +45,7 @@ type syncCmd struct {
 	all         bool
 	removeSrc   bool
 	wipe        bool
+	insecureTLS bool

 	logger *log.Logger
 }
@ -59,6 +62,10 @@ func init() {
 		flags.BoolVar(&cmd.wipe, "wipe", false, "If dest is an index, drop it and repopulate it from scratch. NOOP for now.")
 		flags.BoolVar(&cmd.all, "all", false, "Discover all sync destinations configured on the source server and run them.")
 		flags.BoolVar(&cmd.removeSrc, "removesrc", false, "Remove each blob from the source after syncing to the destination; for queue processing.")
+		// TODO(mpl): maybe move this flag up to the client pkg as an AddFlag, as it can be used by all commands.
+		if debug, _ := strconv.ParseBool(os.Getenv("CAMLI_DEBUG")); debug {
+			flags.BoolVar(&cmd.insecureTLS, "insecure", false, "If set, when using TLS, the server's certificates verification is disabled, and they are not checked against the trustedCerts in the client configuration either.")
+		}

 		return cmd
 	})
@ -163,7 +170,10 @@ func (c *syncCmd) storageFromParam(which storageType, val string) (blobserver.St
 		return disk, nil
 	}
 	cl := client.New(val)
-	// TODO(mpl): probably needs the transport setup for trusted certs here.
+	cl.InsecureTLS = c.insecureTLS
+	cl.SetHTTPClient(&http.Client{
+		Transport: cl.TransportForConfig(nil),
+	})
 	cl.SetupAuth()
 	cl.SetLogger(c.logger)
 	return cl, nil
@ -206,9 +216,17 @@ func (c *syncCmd) syncAll() error {
 	for _, sh := range syncHandlers {
 		from := client.New(sh.From)
 		from.SetLogger(c.logger)
+		from.InsecureTLS = c.insecureTLS
+		from.SetHTTPClient(&http.Client{
+			Transport: from.TransportForConfig(nil),
+		})
 		from.SetupAuth()
 		to := client.New(sh.To)
 		to.SetLogger(c.logger)
+		to.InsecureTLS = c.insecureTLS
+		to.SetHTTPClient(&http.Client{
+			Transport: to.TransportForConfig(nil),
+		})
 		to.SetupAuth()
 		if c.verbose {
 			log.Printf("Now syncing: %v -> %v", sh.From, sh.To)
@ -235,6 +253,11 @@ func (c *syncCmd) discoClient() *client.Client {
 	} else {
 		cl = client.New(c.src)
 	}
+	cl.SetLogger(c.logger)
+	cl.InsecureTLS = c.insecureTLS
+	cl.SetHTTPClient(&http.Client{
+		Transport: cl.TransportForConfig(nil),
+	})
 	cl.SetupAuth()
 	return cl
 }
--- a/pkg/client/config.go
+++ b/pkg/client/config.go
@ -278,9 +278,11 @@ func (c *Client) useTLS() bool {
 	return strings.HasPrefix(c.server, "https://")
 }

-// SetupAuth sets the client's authMode from the client configuration file or from the environment.
+// SetupAuth sets the client's authMode. It tries from the environment first if we're on android or in dev mode, and then from the client configuration.
 func (c *Client) SetupAuth() error {
-	// env var always takes precendence
+	// env var takes precedence, but only if we're in dev mode or on android.
+	// Too risky otherwise.
+	if android.OnAndroid() || os.Getenv("CAMLI_DEV_CAMLI_ROOT") != "" {
 		authMode, err := auth.FromEnv()
 		if err == nil {
 			c.authMode = authMode
@ -289,13 +291,15 @@ func (c *Client) SetupAuth() error {
 		if err != auth.ErrNoAuth {
 			return fmt.Errorf("Could not set up auth from env var CAMLI_AUTH: %v", err)
 		}
+	}
 	if c.server == "" {
-		return fmt.Errorf("CAMLI_AUTH not set and no server defined: can not set up auth.")
+		return fmt.Errorf("No server defined for this client: can not set up auth.")
 	}
 	authConf := serverAuth(c.server)
 	if authConf == "" {
 		return fmt.Errorf("Could not find auth key for server %q in config", c.server)
 	}
+	var err error
 	c.authMode, err = auth.FromConfig(authConf)
 	return err
 }