- From: Daniel DeLeo <
>
- To:
- Subject: [chef] Re: Re: Re: Re: http_request resource using client certificates
- Date: Mon, 2 Mar 2015 09:20:08 -0800
On Sunday, March 1, 2015 at 5:53 PM, Mark Selby wrote:
>
I would most definitely like to extend the current http_request resource to
>
allow to use a custom ssl_policy defined outside of the Chef::Config space.
>
>
I will preface all this with the fact that I know enough ruby to write some
>
moderately complex LWRPs but would not consider myself a truly experienced
>
Ruby developer. I may need some pointers along the way.
>
>
Please let me know if you want to go private with this thread while we work
>
though the questions.
Awesome! The chef-dev mailing list would be the right place for this if you
want to stick with an email thread. If you prefer you can start a github pull
request with whatever work you have, and at-me @danielsdeleo in the
description so I get the notifications and we can work through questions
there.
I’ll reply to your questions here, if you want to stick with email, just send
your follow-up reply to
>
>
Here is my first question. I have taken a look at the current
>
http_request.rb provider and see the following requirement model I pasted
>
below.
>
>
I see that the basic_client seems to apply the default policy whenever the
>
scheme is HTTPS and it uses the values from Chef::Config. I am having a
>
little problem following the code path of the http object but I am
>
wondering since the http_request provider actually uses the basic_client
>
library, why is the ssl_policy not getting applied when the HTTPS is in
>
effect for the general http_request resource?
It looks like it would be applied, what makes you say it is not?
>
>
It seems to me that again the best way to get the behavior I want to to use
>
the already existing logic in basic_client.rb but figure out a way to
>
supply an alternate config. Right now it seems that the options from
>
Chef::Config are the only ones that can be used.
Yep, this is what you’ll have to do. Chef’s HTTP code is designed around the
idea that you create a HTTP object for a particular server host and port
(this is the stuff in lib/chef/http.rb) and then the details of a particular
request are handled by a different object (BasicClient). There’s a decent bit
of cruft because everything used to be in lib/chef/rest.rb (which has some
behaviors that are convenient for talking to the server API but are annoying
for general HTTP usage). Anyway, what you’ll need to do is add an option to
Chef:HTTP#initialize that customizes the SSL behavior and thread that through
to BasicClient and then on to DefaultSSLPolicy.
HTH,
--
Daniel DeLeo
Archive powered by MHonArc 2.6.16.