[chef] Re: http_request resource using client certificates


Chronological Thread 
  • From: Peter Burkholder < >
  • To: " " < >
  • Subject: [chef] Re: http_request resource using client certificates
  • Date: Fri, 27 Feb 2015 18:37:22 -0500

Would the right solution be extending http_request (https://docs.chef.io/resource_http_request.html) to have attributes for client_cert and client_key?




On Fri, Feb 27, 2015 at 5:11 PM, Mark Selby < " target="_blank"> > wrote:
Something new has popped in my environment whereby I need to make http_requests while supplying client side certificates for authentication. This is relatively easy to do using native Ruby code (snippet below) but no so easy using the existing http_request resource. Using the built in resource would require constructing all of the headers by hand which is a black art as far as I can tell.

Before I write my own LWRP I want to know if anyone else has come across this requirement and solved it with either custom code or figuring out the additional headers that need to be supplied to http_request.

As always, any help is greatly appreciated.


#!/opt/chef/embedded/bin/ruby

require "net/https"
require "openssl"
require "uri"

uri = URI.parse("_SOME_URL_")

cert = File.open("_THE_CERT_") { |file| file.read }
key = File.open("_THE_KEY_") { |file| file.read }

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.cert = OpenSSL::X509::Certificate.new(cert)
http.key = OpenSSL::PKey::RSA.new(key)
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
res = http.get(uri.request_uri)




--

Peter Burkholder — Customer Success Engineer

Unavailability: Travel March 2-3; Vacation March 16-20; ChefConf March 30-April 3

301-204-5767 –  " target="_blank">  – my: Linkedin  Twitter  Calendar

CHEF

CHEF.IO

TM

chef.io   Blog   Facebook   Twitter   Youtube  





Archive powered by MHonArc 2.6.16.

§