[chef] Re: Re: Re: Re: http_request resource using client certificates

[Daniel DeLeo < >]

On Sunday, March 1, 2015 at 5:53 PM, Mark Selby wrote:

> I would most definitely like to extend the current http_request resource to 
> allow to use a custom ssl_policy defined outside of the Chef::Config space.
>  
> I will preface all this with the fact that I know enough ruby to write some 
> moderately complex LWRPs but would not consider myself a truly experienced 
> Ruby developer. I may need some pointers along the way.
>  
> Please let me know if you want to go private with this thread while we work 
> though the questions.
Awesome! The chef-dev mailing list would be the right place for this if you 
want to stick with an email thread. If you prefer you can start a github pull 
request with whatever work you have, and at-me @danielsdeleo in the 
description so I get the notifications and we can work through questions 
there.

I’ll reply to your questions here, if you want to stick with email, just send 
your follow-up reply to 

 
  
>  
> Here is my first question. I have taken a look at the current 
> http_request.rb provider and see the following requirement model I pasted 
> below.
>  
> I see that the basic_client seems to apply the default policy whenever the 
> scheme is HTTPS and it uses the values from Chef::Config. I am having a 
> little problem following the code path of the http object but I am 
> wondering since the http_request provider actually uses the basic_client 
> library, why is the ssl_policy not getting applied when the HTTPS is in 
> effect for the general http_request resource?
It looks like it would be applied, what makes you say it is not?
  
>  
> It seems to me that again the best way to get the behavior I want to to use 
> the already existing logic in basic_client.rb but figure out a way to 
> supply an alternate config. Right now it seems that the options from 
> Chef::Config are the only ones that can be used.
Yep, this is what you’ll have to do. Chef’s HTTP code is designed around the 
idea that you create a HTTP object for a particular server host and port 
(this is the stuff in lib/chef/http.rb) and then the details of a particular 
request are handled by a different object (BasicClient). There’s a decent bit 
of cruft because everything used to be in lib/chef/rest.rb (which has some 
behaviors that are convenient for talking to the server API but are annoying 
for general HTTP usage). Anyway, what you’ll need to do is add an option to 
Chef:HTTP#initialize that customizes the SSL behavior and thread that through 
to BasicClient and then on to DefaultSSLPolicy.


HTH,

--  
Daniel DeLeo