added support for using certificate file (redhat-developer#120)

lstocchi · Nov 25, 2019 · f1c21da · f1c21da
1 parent 739ffc9
commit f1c21da
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 13 deletions.
diff --git a/src/oc-auth.ts b/src/oc-auth.ts
@@ -62,19 +62,22 @@ export async function createKubeConfig(
   // parameters:{"username":***,"password":***}, scheme:'UsernamePassword'
   // parameters:{"kubeconfig":***}, scheme:'None'
   let authType = endpoint.scheme;
-  let skip = skipTlsVerify(endpoint);
+  let useCertificateOrSkipTls = getCertificateAuthorityFile(endpoint);
+  if (useCertificateOrSkipTls === '') {
+    useCertificateOrSkipTls = skipTlsVerify(endpoint);
+  }
   switch (authType) {
     case BASIC_AUTHENTICATION:
       let username = endpoint.parameters['username'];
       let password = endpoint.parameters['password'];
       await oc.execOc(
         ocPath,
-        `login ${skip} -u ${username} -p ${password} ${endpoint.serverUrl}`
+        `login ${useCertificateOrSkipTls} -u ${username} -p ${password} ${endpoint.serverUrl}`
       );
       break;
     case TOKEN_AUTHENTICATION:
       let args =
-        `login ${skip} --token ${endpoint.parameters['apitoken']} ` +
+        `login ${useCertificateOrSkipTls} --token ${endpoint.parameters['apitoken']} ` +
         endpoint.serverUrl;
       await oc.execOc(ocPath, args);
       break;
@@ -88,6 +91,20 @@ export async function createKubeConfig(
   exportKubeConfig(osType);
 }
 
+/**
+ * Determines whether certificate authority file should be used.
+ *
+ * @param endpoint the OpenShift endpoint.
+ * @return oc option for using a certificate authority file.
+ */
+function getCertificateAuthorityFile(endpoint: OpenShiftEndpoint): string {
+  let certificateFile = '';
+  if (endpoint.parameters['certificateAuthorityFile']) {
+    certificateFile = `--certificate-authority=${endpoint.parameters['certificateAuthorityFile']}`;
+  }
+  return certificateFile;
+}
+
 /**
  * Determines whether certificate verification should be skipped.
  *

diff --git a/vss-extension.json b/vss-extension.json
@@ -154,16 +154,6 @@
                   "isRequired": true,
                   "dataType": "string"
                 }
-              },
-              {
-                "id": "certificateAuthorityFile",
-                "name": "Certificate Authority File",
-                "description": "The path to a certificate authority file to correctly and securely authenticates with an OpenShift server that uses HTTPS",
-                "inputMode": "textbox",
-                "validation": {
-                  "isRequired": false,
-                  "dataType": "string"
-                }
               }
             ]
           }