opentofu

IntenseWebs/opentofu

Fork 0

mirror of https://github.com/opentofu/opentofu.git synced 2024-12-26 00:41:27 -06:00

Commit Graph

Author	SHA1	Message	Date
Sheridan C Rawlins	75e5ae27a2	[fixes 31700] Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert. (#31699 ) * Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert. * Fix style. * Skip cert validation to be sure error is related to missing client cert; not untrusted server cert. * Remove misplaced err check. * Fix the size of test using http backend. * Just for correctness, include all certs in the pem encoded cert - sometimes certs come with a chain of their signers. * Adjusted names as recommended in PR comments. * Adjusted names to be full-length and more descriptive. * Added full-fledged testing with mTLS http server * Fix goimports. * Fix the names of the backend config. * Exclusive lock for write and delete. * Revert "Fix goimports." This reverts commit 7d40f6099fbbb675fb2e25e35ee40aeafe3d0a22. * goimports just for server test. * Added the go:generation for the mock. * Move the TLS configuration out to make it more readable - don't replace the HTTPClient as the retryablehttp already creates one - just configure its TLS. * Just switch the client/data params - felt more natural this way. * Update internal/backend/remote-state/http/backend.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/backend/remote-state/http/testdata/gencerts.sh Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/backend/remote-state/http/backend.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/backend/remote-state/http/backend.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/backend/remote-state/http/backend.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/backend/remote-state/http/backend.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * the location of the file name is not sensitive. * Added error if only one of client_certificate_pem and client_private_key_pem are set. * Remove testify from test cases; use t.Error* for assert and t.Fatal* for require. * Fixed import consistency * Just use default openssl. * Since file(...) is so trivial to use, changed the client cert, key, and ca cert to be the data. See also https://github.com/hashicorp/terraform-provider-http/pull/211 Co-authored-by: Sheridan C Rawlins <scr@ouryahoo.com> Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>	2023-01-26 14:08:07 +00:00

Author

SHA1

Message

Date

Sheridan C Rawlins

75e5ae27a2

[fixes 31700] Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert. (#31699 )

* Add mTLS support for http backend by way of client cert & key, as well as enterprise cacert.

* Fix style.

* Skip cert validation to be sure error is related to missing client cert; not untrusted server cert.

* Remove misplaced err check.

* Fix the size of test using http backend.

* Just for correctness, include all certs in the pem encoded cert - sometimes certs come with a chain of their signers.

* Adjusted names as recommended in PR comments.

* Adjusted names to be full-length and more descriptive.

* Added full-fledged testing with mTLS http server

* Fix goimports.

* Fix the names of the backend config.

* Exclusive lock for write and delete.

* Revert "Fix goimports."

This reverts commit 7d40f6099fbbb675fb2e25e35ee40aeafe3d0a22.

* goimports just for server test.

* Added the go:generation for the mock.

* Move the TLS configuration out to make it more readable - don't replace the HTTPClient as the retryablehttp already creates one - just configure its TLS.

* Just switch the client/data params - felt more natural this way.

* Update internal/backend/remote-state/http/backend.go