diff --git a/lib/portainer_cli/client.rb b/lib/portainer_cli/client.rb index 18a5817..192b4a6 100644 --- a/lib/portainer_cli/client.rb +++ b/lib/portainer_cli/client.rb @@ -60,7 +60,7 @@ module PortainerCli http = Net::HTTP.new(uri.host, uri.port) if uri.scheme == 'https' http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.verify_mode = @config.ssl_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE end http.open_timeout = 10 http.read_timeout = 30 diff --git a/lib/portainer_cli/commands/configure.rb b/lib/portainer_cli/commands/configure.rb index 6cc3422..2d5e5c7 100644 --- a/lib/portainer_cli/commands/configure.rb +++ b/lib/portainer_cli/commands/configure.rb @@ -32,6 +32,11 @@ module PortainerCli @config.api_key = prompt_secret("API key", @config.api_key) end + puts + current_verify = @config.ssl_verify.nil? ? true : @config.ssl_verify + verify_choice = prompt("Verify SSL certificates? [y/n]", current_verify ? "y" : "n") + @config.ssl_verify = (verify_choice.downcase != "n") + @config.save puts puts green("Configuration saved to #{Config::CONFIG_FILE}") diff --git a/lib/portainer_cli/commands/console.rb b/lib/portainer_cli/commands/console.rb index 24ac4b4..0e68495 100644 --- a/lib/portainer_cli/commands/console.rb +++ b/lib/portainer_cli/commands/console.rb @@ -42,7 +42,7 @@ module PortainerCli send_resize(endpoint_id, exec_id) if $stdout.tty? trap('SIGWINCH') { send_resize(endpoint_id, exec_id) } if $stdout.tty? - WebsocketExec.new(ws_url, @config.auth_header).run + WebsocketExec.new(ws_url, @config.auth_header, ssl_verify: @config.ssl_verify).run $stderr.puts dim("\r\nSession ended.") rescue PortainerCli::Client::ApiError => e diff --git a/lib/portainer_cli/commands/exec.rb b/lib/portainer_cli/commands/exec.rb index a2a0958..3fdc554 100644 --- a/lib/portainer_cli/commands/exec.rb +++ b/lib/portainer_cli/commands/exec.rb @@ -36,7 +36,7 @@ module PortainerCli send_resize(endpoint_id, exec_id) if $stdout.tty? trap('SIGWINCH') { send_resize(endpoint_id, exec_id) } if $stdout.tty? - WebsocketExec.new(ws_url, @config.auth_header).run + WebsocketExec.new(ws_url, @config.auth_header, ssl_verify: @config.ssl_verify).run $stderr.puts dim("\r\nSession ended.") rescue PortainerCli::Client::ApiError => e diff --git a/lib/portainer_cli/config.rb b/lib/portainer_cli/config.rb index a1c63ec..7714b42 100644 --- a/lib/portainer_cli/config.rb +++ b/lib/portainer_cli/config.rb @@ -8,7 +8,7 @@ module PortainerCli CONFIG_DIR = File.expand_path('~/.portainer-cli').freeze CONFIG_FILE = File.join(CONFIG_DIR, 'config.yml').freeze - attr_accessor :url, :token, :api_key + attr_accessor :url, :token, :api_key, :ssl_verify def self.load new.tap(&:read) @@ -18,17 +18,19 @@ module PortainerCli return unless File.exist?(CONFIG_FILE) data = YAML.safe_load(File.read(CONFIG_FILE), permitted_classes: [], symbolize_names: false) || {} - @url = data['url'] - @token = data['token'] - @api_key = data['api_key'] + @url = data['url'] + @token = data['token'] + @api_key = data['api_key'] + @ssl_verify = data.fetch('ssl_verify', true) end def save FileUtils.mkdir_p(CONFIG_DIR) data = {} - data['url'] = @url if @url - data['token'] = @token if @token - data['api_key'] = @api_key if @api_key + data['url'] = @url if @url + data['token'] = @token if @token + data['api_key'] = @api_key if @api_key + data['ssl_verify'] = @ssl_verify unless @ssl_verify.nil? File.write(CONFIG_FILE, YAML.dump(data)) File.chmod(0o600, CONFIG_FILE) end diff --git a/lib/portainer_cli/websocket_exec.rb b/lib/portainer_cli/websocket_exec.rb index 7840179..6aea79d 100644 --- a/lib/portainer_cli/websocket_exec.rb +++ b/lib/portainer_cli/websocket_exec.rb @@ -10,9 +10,10 @@ module PortainerCli class WebsocketExec READ_SIZE = 4096 - def initialize(url, auth_header) + def initialize(url, auth_header, ssl_verify: true) @url = URI.parse(url) @auth_header = auth_header + @ssl_verify = ssl_verify end def run @@ -33,7 +34,7 @@ module PortainerCli if @url.scheme == 'wss' ctx = OpenSSL::SSL::SSLContext.new - ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER + ctx.verify_mode = @ssl_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE ssl = OpenSSL::SSL::SSLSocket.new(raw, ctx) ssl.hostname = @url.host ssl.sync_close = true