use caCertificate and globalCaCertificate in createS3Client

terascope / file-assets

Teraslice processors for working with data stored in files on disk, S3 or HDFS.

MIT License

1 stars 2 forks source link

use caCertificate and globalCaCertificate in createS3Client #974

Closed busma13 closed 7 months ago

busma13 commented 7 months ago

Within createS3Client the createHttpOptions function will create an object of type httpsAgentOptions with an array of CA certificates from the following locations:

S3 connector caCertificate field
terafoundation global_ca_certificate field
nodejs tls.rootCertificates array

etc/ssl/certs/ca-certificates.crt will no longer be used for default root certificates.

godber commented 7 months ago

None of your tests test that actual yaml input, does the following actually work like I expected:

        caCertificate: |
            -----BEGIN CERTIFICATE-----
            MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw
            ...
            -----END CERTIFICATE-----

busma13 commented 7 months ago

It works when running teraslice locally with both caCertificate in the s3 connector and with global_ca_certificate in the terafoundation. In that case I am using a mkcert cert to connect to an encrypted minio.