Extend wait-for-api to cover unsigned certificate situation

redhat-cop / openshift-applier

Used to apply OpenShift objects to an OpenShift Cluster

Apache License 2.0

102 stars 61 forks source link

Extend wait-for-api to cover unsigned certificate situation #175

Closed jfilipcz closed 1 year ago

jfilipcz commented 1 year ago

What does this PR do?

Improve wait-for-api-role to enable it to catch 'certificate signed by unknown authority' error.

How should this be tested?

Run the role against running Openshift environment, setting ignore_ssl_errors to desired value.

Is there a relevant Issue open for this?

N/A

Who would you like to review this?

cc: @redhat-cop/openshift-applier

oybed commented 1 year ago

I'm never a fan of duplicating the same task twice because of a single option. For this particular functionality, I'd rather we use the --insecure-skip-tls-verify option on line 5. We should also set the default value to false since it should be expected that certs are valid - but let the user override the default value.

jfilipcz commented 1 year ago

Closing that one, another role will be prepared for a sole purpose of waiting for a valid cert on specified route