Fix HTTPS CLI init - Githubissues

cyberark / conjur-quickstart

Start securing your secrets and infrastructure by installing Conjur, using Docker and the official Conjur containers on DockerHub.

Apache License 2.0

33 stars 36 forks source link

Fix HTTPS CLI init #41

Closed JakeQuilty closed 2 years ago

JakeQuilty commented 3 years ago

What does this PR do?

Updates how we init the Conjur CLI to the Conjur Server. Right now we init directly to the Conjur Server over HTTP. This is only possible, because out CLI container is inside the same Docker network as our Conjur Server container. This means all communication between the two is unencrypted, and sets a bad example for how to configure the CLI.

What ticket does this PR close?

N/A

Checklists

Change log

[ ] The CHANGELOG has been updated, or
[x] This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

[x] This PR includes new unit and integration tests to go with the code changes, or
[ ] The changes in this PR do not require tests

Documentation

[x] Docs (e.g. READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or
[ ] This PR does not require updating any documentation

izgeri commented 3 years ago

FYI the workflow is failing right now on:

 Step 6: Connect the Conjur client to the Conjur server
Trust this certificate (yes/no): error: The input stream is exhausted.

SHA1 Fingerprint=58:AA:21:CE:70:48:21:6D:4E:DB:B1:30:36:49:83:6A:C5:D6:13:35

Please verify this certificate on the appliance using command:
              openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem

WORKFLOW FAILED.

Cleanup

This will likely require an update before we can move forward with this change.

izgeri commented 3 years ago

marking as blocked since this will require a website update first

JakeQuilty commented 3 years ago

FYI the workflow is failing right now on:

 Step 6: Connect the Conjur client to the Conjur server
Trust this certificate (yes/no): error: The input stream is exhausted.

SHA1 Fingerprint=58:AA:21:CE:70:48:21:6D:4E:DB:B1:30:36:49:83:6A:C5:D6:13:35

Please verify this certificate on the appliance using command:
              openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem

WORKFLOW FAILED.

Cleanup

This will likely require an update before we can move forward with this change.

@izgeri all set

JakeQuilty commented 3 years ago

We should probably add a subsection to the step this is editing to mention something like "say yes to accepting the cert"

izgeri commented 3 years ago

@JakeQuilty that is a good idea - can you please add that?

JakeQuilty commented 3 years ago

@izgeri Added that note to just accept the cert. I also fixed a bunch of markdown syntax that my IDE was flagging. Let me know if you don't want that commit in this PR