Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Aug 30, 2024. It is now read-only.

Commit 661905d

Browse files
EmyrkEmyrk
committed
Add option to not pull certs.
Only https certs should be pulled
1 parent bc68f30 commit 661905d

File tree

1 file changed

+18
-4
lines changed

1 file changed

+18
-4
lines changed

internal/cmd/agent.go

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ func startCmd() *cobra.Command {
4444
token string
4545
coderURL string
4646
logFile string
47+
pullCert bool
4748
)
4849
cmd := &cobra.Command{
4950
Use: "start --coder-url=<coder_url> --token=<token> --log-file=<path>",
@@ -107,9 +108,11 @@ coder agent start --log-file=/tmp/coder-agent.log
107108
}
108109

109110
// First inject certs
110-
err = writeCoderdCerts(ctx)
111-
if err != nil {
112-
return xerrors.Errorf("trust certs: %w", err)
111+
if pullCert {
112+
err = writeCoderdCerts(ctx)
113+
if err != nil {
114+
return xerrors.Errorf("trust certs: %w", err)
115+
}
113116
}
114117

115118
log.Info(ctx, "starting wsnet listener", slog.F("coder_access_url", u.String()))
@@ -137,6 +140,7 @@ coder agent start --log-file=/tmp/coder-agent.log
137140
cmd.Flags().StringVar(&token, "token", "", "coder agent token")
138141
cmd.Flags().StringVar(&coderURL, "coder-url", "", "coder access url")
139142
cmd.Flags().StringVar(&logFile, "log-file", "", "write a copy of logs to file")
143+
cmd.Flags().BoolVar(&pullCert, "pull-cert", true, "pulls the tls certificate from coderd to ensure the cert is trusted")
140144

141145
return cmd
142146
}
@@ -148,6 +152,11 @@ func writeCoderdCerts(ctx context.Context) error {
148152
return xerrors.Errorf("trust cert: %w", err)
149153
}
150154

155+
// No certs to write
156+
if len(certs) == 0 {
157+
return nil
158+
}
159+
151160
err = os.MkdirAll(coderdCertDir, 0666)
152161
if err != nil {
153162
return xerrors.Errorf("mkdir %s: %w", coderdCertDir, err)
@@ -186,11 +195,16 @@ func trustCertificate(ctx context.Context) ([][]byte, error) {
186195
},
187196
}
188197

189-
c, err := newClient(ctx, true, withHTTPClient(hc))
198+
c, err := newClient(ctx, false, withHTTPClient(hc))
190199
if err != nil {
191200
return nil, xerrors.Errorf("new client: %w", err)
192201
}
193202

203+
// Non-https won't have any tls certs
204+
if c.BaseURL().Scheme != "https" {
205+
return nil, nil
206+
}
207+
194208
id := os.Getenv("CODER_WORKSPACE_ID")
195209
challenge, err := c.TrustEnvironment(ctx, id)
196210
if err != nil {

0 commit comments

Comments
 (0)