Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Use Powershell instead of chef api for api call #122

Closed
wants to merge 6 commits into from

Conversation

eelco-de-boer
Copy link

Description

For Windows Servers change from the builtin Chef Chef::HTTP to Powershell Invoke-RestMethod. This makes it easier to use Self signed Certificates(on the Octopus Server) from the Windows Local Machine certificate store. Alternative is to add your generated cert to "C:\opscode\chef\embedded\ssl\certs\cacert.pem" to make OpenSSL happy, but we would rather manage root certs in one place(windows cert store) not two.

Issues Resolved

Contribution Check List

  • All tests pass.
  • New functionality includes testing.
  • New functionality has been documented in the README.

@codecov-io
Copy link

codecov-io commented Oct 30, 2017

Codecov Report

Merging #122 into master will decrease coverage by 71.94%.
The diff coverage is 20%.

Impacted file tree graph

@@             Coverage Diff             @@
##           master     #122       +/-   ##
===========================================
- Coverage     100%   28.05%   -71.95%     
===========================================
  Files           5        5               
  Lines         136      139        +3     
===========================================
- Hits          136       39       -97     
- Misses          0      100      +100
Impacted Files Coverage Δ
libraries/tentacle.rb 14.7% <20%> (-85.3%) ⬇️
spec/unit/lib_tentacle_spec.rb 4.25% <0%> (-95.75%) ⬇️
spec/unit/lib_shared_spec.rb 50% <0%> (-50%) ⬇️
libraries/shared.rb 57.14% <0%> (-42.86%) ⬇️
libraries/server.rb 66.66% <0%> (-33.34%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8be7144...f446a1b. Read the comment docs.

@brentm5
Copy link
Member

brentm5 commented Nov 2, 2017

I would prefer not to implement it within powershell as it's harder to test this functionality. Also it brings in another set of dependencies on powershell functions to exist. I believe by default windows 2008 does not include this method unless you upgrade to powershell 3.0.

One thing you could do in the short term is to set the following in your chef client configs to disable tls checking for all ssl certs that chef talks to (this will however do the same for calls to the chef server which does open you up to a possible security concerns).

:ssl_verify_mode = :verify_none

The approach that I would take would be to make the following changes to the library so that you could ignore just the octo ssl cert

options = { headers: { 'X-Octopus-ApiKey' => api_key } }

ssl_verify_mode = Chef::Config[:ssl_verify_mode]
Chef::Config[:ssl_verify_mode] = :verify_none

client = Chef::HTTP.new("#{server}/api", options)

Chef::Config[:ssl_verify_mode] = ssl_verify_mode

client

Ill go ahead and close this PR and open up a ticket for the use of self signed certificates with the register action.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants