Provide a mechanism to supply a CA certificate to use in validation of the SSL endpoint for splicectl-api. This allows use of self-signed certs or certs that are signed by an untrusted CA.
The primary work is done in main.go. Reading from --cacert and SPLICECTL_CACERT. The rest of the edits are all the same, consuming the caBundle set in main.go and passing it to the goresty object.
Motivation and Context
In many on-prem installation we may not have a CA issued for POC and need a way to handle self-signed certificates.
Dependencies
How Has This Been Tested?
The functionality remains exactly the same if --cacert or export SPLICECTL_CACERT= are not specified or set.
Screenshots (if appropriate)
Checklist
If the pull request includes user-facing changes, extra documentation is required:
[x] If the change is user facing, please ensure you add info in one of the Changelog Inclusions sections.
Changelog Inclusions
Additions
added --cacert /path/to/cert.crt to pass in a certificate used as the CA to validate SSL connections
added support to read from SPLICECTL_CACERT=/path/to/cert.crt to auto-set the --cacert option.
Description
Provide a mechanism to supply a CA certificate to use in validation of the SSL endpoint for splicectl-api. This allows use of self-signed certs or certs that are signed by an untrusted CA.
The primary work is done in main.go. Reading from --cacert and SPLICECTL_CACERT. The rest of the edits are all the same, consuming the caBundle set in main.go and passing it to the goresty object.
Motivation and Context
In many on-prem installation we may not have a CA issued for POC and need a way to handle self-signed certificates.
Dependencies
How Has This Been Tested?
The functionality remains exactly the same if
--cacert
orexport SPLICECTL_CACERT=
are not specified or set.Screenshots (if appropriate)
Checklist
If the pull request includes user-facing changes, extra documentation is required:
Changelog Inclusions
Additions
Changes
Fixes
Deprecated
Removed
Breaking Changes