[chef] http_request resource using client certificates

[Mark Selby < >]

Something new has popped in my environment whereby I need to make http_requests while supplying client side certificates for authentication. This is relatively easy to do using native Ruby code (snippet below) but no so easy using the existing http_request resource. Using the built in resource would require constructing all of the headers by hand which is a black art as far as I can tell.

Before I write my own LWRP I want to know if anyone else has come across this requirement and solved it with either custom code or figuring out the additional headers that need to be supplied to http_request.

As always, any help is greatly appreciated.

#!/opt/chef/embedded/bin/ruby

require "net/https"

require "openssl"

require "uri"

uri = URI.parse("_SOME_URL_")

cert = File.open("_THE_CERT_") { |file| file.read }

key = File.open("_THE_KEY_") { |file| file.read }

http = Net::HTTP.new(uri.host, uri.port)

http.use_ssl = true

http.cert = OpenSSL::X509::Certificate.new(cert)

http.key = OpenSSL::PKey::RSA.new(key)

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

res = http.get(uri.request_uri)