diff --git a/.github/workflows/merge_branch.yaml b/.github/workflows/merge_branch.yaml deleted file mode 100644 index 721f717..0000000 --- a/.github/workflows/merge_branch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: Merge branch -on: - repository_dispatch: - types: curl_request_merge -jobs: - unit-test: - uses: ./.github/workflows/unittests.yaml - - sync-branch: - needs: [unit-test] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Merge branch ${{ github.event.client_payload.source_branch }} -> ${{ github.event.client_payload.target_branch }} - uses: everlytic/branch-merge@1.1.2 - with: - source_ref: ${{ github.event.client_payload.source_branch }} - target_branch: ${{ github.event.client_payload.target_branch }} - github_token: ${{ github.token }} - commit_message_template: '[Automated] Merged {source_ref} into target {target_branch}' \ No newline at end of file diff --git a/.github/workflows/unittests.yaml b/.github/workflows/unittests.yaml old mode 100644 new mode 100755 diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 diff --git a/.golangci.yml b/.golangci.yml old mode 100644 new mode 100755 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md old mode 100644 new mode 100755 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/Makefile b/Makefile old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 index 34285f5..c344d3c --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ # vcluster +TEST +TEST [![Go Reference](https://pkg.go.dev/badge/github.com/vertica/vcluster.svg)](https://pkg.go.dev/github.com/vertica/vcluster) @@ -94,4 +96,4 @@ We can use similar way to set up and call other vcluster-ops commands. ## Licensing -vcluster is open source code and is under the Apache 2.0 license. Please see `LICENSE` for details. \ No newline at end of file +vcluster is open source code and is under the Apache 2.0 license. Please see `LICENSE` for details. diff --git a/commands/cluster_command_launcher.go b/commands/cluster_command_launcher.go old mode 100644 new mode 100755 diff --git a/commands/cluster_command_launcher_test.go b/commands/cluster_command_launcher_test.go old mode 100644 new mode 100755 diff --git a/commands/cmd_add_node.go b/commands/cmd_add_node.go old mode 100644 new mode 100755 diff --git a/commands/cmd_add_subcluster.go b/commands/cmd_add_subcluster.go old mode 100644 new mode 100755 diff --git a/commands/cmd_base.go b/commands/cmd_base.go old mode 100644 new mode 100755 index d883de6..6d1b409 --- a/commands/cmd_base.go +++ b/commands/cmd_base.go @@ -168,7 +168,7 @@ func (c *CmdBase) setConfigFlags(cmd *cobra.Command, flags []string) { configFlag, "c", "", - "The path to the config file. If a configuration file is present in the default location (automatically generated by `create_db`),\n"+ + "The path to the config file. If a configuration file is present in the default location (automatically generated by create_db),\n"+ "you do not need to specify this option.\n"+ "Default: /opt/vertica/config/vertica_cluster.yaml") markFlagsFileName(cmd, map[string][]string{configFlag: {"yaml"}}) diff --git a/commands/cmd_config_recover.go b/commands/cmd_config_recover.go old mode 100644 new mode 100755 diff --git a/commands/cmd_config_show.go b/commands/cmd_config_show.go old mode 100644 new mode 100755 diff --git a/commands/cmd_create_connection.go b/commands/cmd_create_connection.go old mode 100644 new mode 100755 diff --git a/commands/cmd_create_db.go b/commands/cmd_create_db.go old mode 100644 new mode 100755 diff --git a/commands/cmd_drop_db.go b/commands/cmd_drop_db.go old mode 100644 new mode 100755 diff --git a/commands/cmd_install_packages.go b/commands/cmd_install_packages.go old mode 100644 new mode 100755 diff --git a/commands/cmd_list_all_nodes.go b/commands/cmd_list_all_nodes.go old mode 100644 new mode 100755 diff --git a/commands/cmd_manage_config.go b/commands/cmd_manage_config.go old mode 100644 new mode 100755 diff --git a/commands/cmd_promote_sandbox.go b/commands/cmd_promote_sandbox.go old mode 100644 new mode 100755 diff --git a/commands/cmd_re_ip.go b/commands/cmd_re_ip.go old mode 100644 new mode 100755 diff --git a/commands/cmd_remove_node.go b/commands/cmd_remove_node.go old mode 100644 new mode 100755 diff --git a/commands/cmd_remove_subcluster.go b/commands/cmd_remove_subcluster.go old mode 100644 new mode 100755 diff --git a/commands/cmd_replication.go b/commands/cmd_replication.go old mode 100644 new mode 100755 diff --git a/commands/cmd_restart_node.go b/commands/cmd_restart_node.go old mode 100644 new mode 100755 diff --git a/commands/cmd_revive_db.go b/commands/cmd_revive_db.go old mode 100644 new mode 100755 diff --git a/commands/cmd_sandbox.go b/commands/cmd_sandbox.go old mode 100644 new mode 100755 diff --git a/commands/cmd_scrutinize.go b/commands/cmd_scrutinize.go old mode 100644 new mode 100755 diff --git a/commands/cmd_show_restore_points.go b/commands/cmd_show_restore_points.go old mode 100644 new mode 100755 diff --git a/commands/cmd_start_db.go b/commands/cmd_start_db.go old mode 100644 new mode 100755 diff --git a/commands/cmd_start_replication.go b/commands/cmd_start_replication.go old mode 100644 new mode 100755 diff --git a/commands/cmd_start_subcluster.go b/commands/cmd_start_subcluster.go old mode 100644 new mode 100755 diff --git a/commands/cmd_stop_db.go b/commands/cmd_stop_db.go old mode 100644 new mode 100755 diff --git a/commands/cmd_stop_node.go b/commands/cmd_stop_node.go old mode 100644 new mode 100755 diff --git a/commands/cmd_stop_subcluster.go b/commands/cmd_stop_subcluster.go old mode 100644 new mode 100755 diff --git a/commands/cmd_unsandbox.go b/commands/cmd_unsandbox.go old mode 100644 new mode 100755 diff --git a/commands/helpers.go b/commands/helpers.go old mode 100644 new mode 100755 diff --git a/commands/init.go b/commands/init.go old mode 100644 new mode 100755 diff --git a/commands/scrutinize_test.go b/commands/scrutinize_test.go old mode 100644 new mode 100755 diff --git a/commands/user_input_test.go b/commands/user_input_test.go old mode 100644 new mode 100755 diff --git a/commands/vcluster_config.go b/commands/vcluster_config.go old mode 100644 new mode 100755 diff --git a/commands/vcluster_connection.go b/commands/vcluster_connection.go old mode 100644 new mode 100755 diff --git a/go.mod b/go.mod old mode 100644 new mode 100755 diff --git a/go.sum b/go.sum old mode 100644 new mode 100755 diff --git a/logging-utils.sh b/logging-utils.sh old mode 100644 new mode 100755 diff --git a/main.go b/main.go old mode 100644 new mode 100755 diff --git a/rfc7807/errors.go b/rfc7807/errors.go old mode 100644 new mode 100755 diff --git a/rfc7807/rfc7807.go b/rfc7807/rfc7807.go old mode 100644 new mode 100755 diff --git a/rfc7807/rfc7807_test.go b/rfc7807/rfc7807_test.go old mode 100644 new mode 100755 index ed4bb51..769eeb0 --- a/rfc7807/rfc7807_test.go +++ b/rfc7807/rfc7807_test.go @@ -51,7 +51,7 @@ func TestHttpResponse(t *testing.T) { p := New(CommunalAccessError). WithDetail("communal endpoint is down"). WithHost("pod-2") - handler := func(w http.ResponseWriter, r *http.Request) { + handler := func(w http.ResponseWriter, _ *http.Request) { p.SendError(w) } @@ -70,7 +70,7 @@ func TestProblemExtraction(t *testing.T) { origProblem := New(CommunalRWAccessError). WithDetail("could not read from communal storage"). WithHost("pod-3") - handler := func(w http.ResponseWriter, r *http.Request) { + handler := func(w http.ResponseWriter, _ *http.Request) { origProblem.SendError(w) } @@ -94,7 +94,7 @@ func TestProblemExtraction(t *testing.T) { } func TestJSONExtractFailure(t *testing.T) { - handler := func(w http.ResponseWriter, r *http.Request) { + handler := func(w http.ResponseWriter, _ *http.Request) { fmt.Fprintln(w, "not json") } req := httptest.NewRequest("GET", "http://vertica.com/bootstrapEndpoint", http.NoBody) diff --git a/vclusterops/adapter_pool.go b/vclusterops/adapter_pool.go old mode 100644 new mode 100755 diff --git a/vclusterops/add_node.go b/vclusterops/add_node.go old mode 100644 new mode 100755 diff --git a/vclusterops/add_subcluster.go b/vclusterops/add_subcluster.go old mode 100644 new mode 100755 diff --git a/vclusterops/alter_subcluster_type.go b/vclusterops/alter_subcluster_type.go old mode 100644 new mode 100755 diff --git a/vclusterops/alter_subcluster_type_test.go b/vclusterops/alter_subcluster_type_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/cluster_op.go b/vclusterops/cluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/cluster_op_engine.go b/vclusterops/cluster_op_engine.go old mode 100644 new mode 100755 diff --git a/vclusterops/cluster_op_engine_context.go b/vclusterops/cluster_op_engine_context.go old mode 100644 new mode 100755 diff --git a/vclusterops/cluster_op_engine_test.go b/vclusterops/cluster_op_engine_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/cluster_op_test.go b/vclusterops/cluster_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/cmd_type.go b/vclusterops/cmd_type.go old mode 100644 new mode 100755 diff --git a/vclusterops/coordinator_database.go b/vclusterops/coordinator_database.go old mode 100644 new mode 100755 diff --git a/vclusterops/create_db.go b/vclusterops/create_db.go old mode 100644 new mode 100755 diff --git a/vclusterops/create_db_test.go b/vclusterops/create_db_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/drop_db.go b/vclusterops/drop_db.go old mode 100644 new mode 100755 diff --git a/vclusterops/fetch_database.go b/vclusterops/fetch_database.go old mode 100644 new mode 100755 diff --git a/vclusterops/fetch_node_state.go b/vclusterops/fetch_node_state.go old mode 100644 new mode 100755 diff --git a/vclusterops/fetch_nodes_details.go b/vclusterops/fetch_nodes_details.go old mode 100644 new mode 100755 diff --git a/vclusterops/fetch_nodes_details_test.go b/vclusterops/fetch_nodes_details_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/get_config_parameter.go b/vclusterops/get_config_parameter.go old mode 100644 new mode 100755 diff --git a/vclusterops/get_config_parameter_test.go b/vclusterops/get_config_parameter_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/helpers.go b/vclusterops/helpers.go old mode 100644 new mode 100755 diff --git a/vclusterops/helpers_test.go b/vclusterops/helpers_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/http_adapter.go b/vclusterops/http_adapter.go old mode 100644 new mode 100755 index a592e26..32dc199 --- a/vclusterops/http_adapter.go +++ b/vclusterops/http_adapter.go @@ -390,7 +390,7 @@ func (adapter *httpAdapter) setupHTTPClient( // Note that hosts at this point are IP addresses, so verify-full may be impractical // or impossible due to the complications of issuing certificates valid for IPs. // Hence the custom validator skipping hostname validation. - config.VerifyPeerCertificate = adapter.generateTLSVerifyFunc(caCertPool) + config.VerifyPeerCertificate = util.GenerateTLSVerifyFunc(caCertPool) } } } @@ -399,47 +399,6 @@ func (adapter *httpAdapter) setupHTTPClient( return client, nil } -// generateTLSVerifyFunc returns a callback function suitable for use as the VerifyPeerCertificate -// field of a tls.Config struct. It is a slightly less performant but logically equivalent version of -// the validation logic which gets run when InsecureSkipVerify == false in go v1.20.11. The difference -// is that hostname validation is elided, which is not possible without custom verification. -// -// See crypto/x509/verify.go for hostname validation behavior and crypto/tls/handshake_client.go for -// the reference implementation of this function. -func (*httpAdapter) generateTLSVerifyFunc(rootCAs *x509.CertPool) func([][]byte, [][]*x509.Certificate) error { - return func(certificates [][]byte, _ [][]*x509.Certificate) error { - // Reparse certs. The crypto/tls package version does some extra checks, but they're already - // done by this point, so no need to repeat them. It also uses a cache to reduce parsing, which - // isn't included here, but could be if there is a perf issue. - certs := make([]*x509.Certificate, len(certificates)) - for i, asn1Data := range certificates { - cert, err := x509.ParseCertificate(asn1Data) - if err != nil { - return err - } - certs[i] = cert - } - - // construct verification options like reference implementation, minus hostname - opts := x509.VerifyOptions{ - Roots: rootCAs, - CurrentTime: time.Now(), - DNSName: "", - Intermediates: x509.NewCertPool(), - } - - for _, cert := range certs[1:] { - opts.Intermediates.AddCert(cert) - } - _, err := certs[0].Verify(opts) - if err != nil { - return &tls.CertificateVerificationError{UnverifiedCertificates: certs, Err: err} - } - - return nil - } -} - func buildQueryParamString(queryParams map[string]string) string { var queryParamString string if len(queryParams) == 0 { diff --git a/vclusterops/http_adapter_test.go b/vclusterops/http_adapter_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/http_request.go b/vclusterops/http_request.go old mode 100644 new mode 100755 diff --git a/vclusterops/http_request_dispatcher.go b/vclusterops/http_request_dispatcher.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_add_subcluster_op.go b/vclusterops/https_add_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_check_db_running_op.go b/vclusterops/https_check_db_running_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_check_node_state_op.go b/vclusterops/https_check_node_state_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_check_subcluster_op.go b/vclusterops/https_check_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_check_subcluster_sandbox_op.go b/vclusterops/https_check_subcluster_sandbox_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_convert_sandbox_to_main_op.go b/vclusterops/https_convert_sandbox_to_main_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_create_cluster_depot_op.go b/vclusterops/https_create_cluster_depot_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_create_node_op.go b/vclusterops/https_create_node_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_create_nodes_depot_op.go b/vclusterops/https_create_nodes_depot_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_demote_subcluster_op.go b/vclusterops/https_demote_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_disallow_multiple_namespaces_op.go b/vclusterops/https_disallow_multiple_namespaces_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_drop_node_op.go b/vclusterops/https_drop_node_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_drop_subcluster_op.go b/vclusterops/https_drop_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_find_subcluster_op.go b/vclusterops/https_find_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_get_cluster_info_op.go b/vclusterops/https_get_cluster_info_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_get_local_node_state_op.go b/vclusterops/https_get_local_node_state_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_get_local_storage_locations.go b/vclusterops/https_get_local_storage_locations.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_get_nodes_info_op.go b/vclusterops/https_get_nodes_info_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_get_system_tables_op.go b/vclusterops/https_get_system_tables_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_get_up_nodes_op.go b/vclusterops/https_get_up_nodes_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_install_packages_op.go b/vclusterops/https_install_packages_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_mark_design_ksafe_op.go b/vclusterops/https_mark_design_ksafe_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_mark_nodes_ephemeral_op.go b/vclusterops/https_mark_nodes_ephemeral_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_poll_node_state_op.go b/vclusterops/https_poll_node_state_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_poll_node_state_op_test.go b/vclusterops/https_poll_node_state_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_poll_subcluster_node_state_op.go b/vclusterops/https_poll_subcluster_node_state_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_poll_subscription_state_op.go b/vclusterops/https_poll_subscription_state_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_promote_subcluster_op.go b/vclusterops/https_promote_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_re_ip_op.go b/vclusterops/https_re_ip_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_rebalance_cluster_op.go b/vclusterops/https_rebalance_cluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_rebalance_subcluster_shards_op.go b/vclusterops/https_rebalance_subcluster_shards_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_reload_spread_op.go b/vclusterops/https_reload_spread_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_rename_subcluster_op.go b/vclusterops/https_rename_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_sandbox_subcluster_op.go b/vclusterops/https_sandbox_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_spread_remove_node_op.go b/vclusterops/https_spread_remove_node_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_stage_system_tables_op.go b/vclusterops/https_stage_system_tables_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_start_replication_op.go b/vclusterops/https_start_replication_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_startup_command_op.go b/vclusterops/https_startup_command_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_stop_db_op.go b/vclusterops/https_stop_db_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_stop_node_op.go b/vclusterops/https_stop_node_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_stop_subcluster_op.go b/vclusterops/https_stop_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_sync_catalog_op.go b/vclusterops/https_sync_catalog_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_unsandbox_subcluster_op.go b/vclusterops/https_unsandbox_subcluster_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/https_update_node_state_op.go b/vclusterops/https_update_node_state_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/install_packages.go b/vclusterops/install_packages.go old mode 100644 new mode 100755 diff --git a/vclusterops/manage_connection_draining.go b/vclusterops/manage_connection_draining.go old mode 100644 new mode 100755 diff --git a/vclusterops/manage_connection_draining_test.go b/vclusterops/manage_connection_draining_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/network_adapter.go b/vclusterops/network_adapter.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_bootstrap_catalog_op.go b/vclusterops/nma_bootstrap_catalog_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_clean_communal_storage_op.go b/vclusterops/nma_clean_communal_storage_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_delete_dir_op.go b/vclusterops/nma_delete_dir_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_download_config.go b/vclusterops/nma_download_config.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_download_file_op.go b/vclusterops/nma_download_file_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_download_file_op_test.go b/vclusterops/nma_download_file_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_get_config_parameter_op.go b/vclusterops/nma_get_config_parameter_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_get_config_parameter_op_test.go b/vclusterops/nma_get_config_parameter_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_get_healthy_nodes_op.go b/vclusterops/nma_get_healthy_nodes_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_get_nodes_info_op.go b/vclusterops/nma_get_nodes_info_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_get_scrutinize_tar_op.go b/vclusterops/nma_get_scrutinize_tar_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_health_op.go b/vclusterops/nma_health_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_load_remote_catalog_op.go b/vclusterops/nma_load_remote_catalog_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_manage_connections_op.go b/vclusterops/nma_manage_connections_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_manage_connections_op_test.go b/vclusterops/nma_manage_connections_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_network_profile_op.go b/vclusterops/nma_network_profile_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_prepare_directories_op.go b/vclusterops/nma_prepare_directories_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_prepare_scrutinizer_directories_op.go b/vclusterops/nma_prepare_scrutinizer_directories_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_re_ip_op.go b/vclusterops/nma_re_ip_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_read_catalog_editor_op.go b/vclusterops/nma_read_catalog_editor_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_set_config_parameter_op.go b/vclusterops/nma_set_config_parameter_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_set_config_parameter_op_test.go b/vclusterops/nma_set_config_parameter_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_show_restore_points_op.go b/vclusterops/nma_show_restore_points_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_show_restore_points_op_test.go b/vclusterops/nma_show_restore_points_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_spread_security_op.go b/vclusterops/nma_spread_security_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_spread_security_op_test.go b/vclusterops/nma_spread_security_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_stage_commands_op.go b/vclusterops/nma_stage_commands_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_stage_dc_tables_op.go b/vclusterops/nma_stage_dc_tables_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_stage_files_op.go b/vclusterops/nma_stage_files_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_stage_vertica_logs_op.go b/vclusterops/nma_stage_vertica_logs_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_start_node_op.go b/vclusterops/nma_start_node_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_start_node_op_test.go b/vclusterops/nma_start_node_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_upload_config.go b/vclusterops/nma_upload_config.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_vertica_version_op.go b/vclusterops/nma_vertica_version_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/nma_vertica_version_op_test.go b/vclusterops/nma_vertica_version_op_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/node_info.go b/vclusterops/node_info.go old mode 100644 new mode 100755 diff --git a/vclusterops/node_info_test.go b/vclusterops/node_info_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/promote_sandbox_to_main.go b/vclusterops/promote_sandbox_to_main.go old mode 100644 new mode 100755 diff --git a/vclusterops/promote_sandbox_to_main_test.go b/vclusterops/promote_sandbox_to_main_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/re_ip.go b/vclusterops/re_ip.go old mode 100644 new mode 100755 diff --git a/vclusterops/re_ip_test.go b/vclusterops/re_ip_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/remove_node.go b/vclusterops/remove_node.go old mode 100644 new mode 100755 diff --git a/vclusterops/remove_subcluster.go b/vclusterops/remove_subcluster.go old mode 100644 new mode 100755 diff --git a/vclusterops/remove_subcluster_test.go b/vclusterops/remove_subcluster_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/rename_subcluster.go b/vclusterops/rename_subcluster.go old mode 100644 new mode 100755 diff --git a/vclusterops/rename_subcluster_test.go b/vclusterops/rename_subcluster_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/replication.go b/vclusterops/replication.go old mode 100644 new mode 100755 diff --git a/vclusterops/restore_points.go b/vclusterops/restore_points.go old mode 100644 new mode 100755 diff --git a/vclusterops/restore_points_test.go b/vclusterops/restore_points_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/revive_db.go b/vclusterops/revive_db.go old mode 100644 new mode 100755 diff --git a/vclusterops/revive_db_test.go b/vclusterops/revive_db_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/sandbox.go b/vclusterops/sandbox.go old mode 100644 new mode 100755 diff --git a/vclusterops/scrutinize.go b/vclusterops/scrutinize.go old mode 100644 new mode 100755 diff --git a/vclusterops/scrutinize_op.go b/vclusterops/scrutinize_op.go old mode 100644 new mode 100755 diff --git a/vclusterops/scrutinize_test.go b/vclusterops/scrutinize_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/set_config_parameter.go b/vclusterops/set_config_parameter.go old mode 100644 new mode 100755 diff --git a/vclusterops/set_config_parameter_test.go b/vclusterops/set_config_parameter_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/sql_endpoint_common.go b/vclusterops/sql_endpoint_common.go old mode 100644 new mode 100755 diff --git a/vclusterops/start_db.go b/vclusterops/start_db.go old mode 100644 new mode 100755 diff --git a/vclusterops/start_node.go b/vclusterops/start_node.go old mode 100644 new mode 100755 diff --git a/vclusterops/start_subcluster.go b/vclusterops/start_subcluster.go old mode 100644 new mode 100755 diff --git a/vclusterops/state_poller.go b/vclusterops/state_poller.go old mode 100644 new mode 100755 diff --git a/vclusterops/stop_db.go b/vclusterops/stop_db.go old mode 100644 new mode 100755 diff --git a/vclusterops/stop_node.go b/vclusterops/stop_node.go old mode 100644 new mode 100755 diff --git a/vclusterops/stop_subcluster.go b/vclusterops/stop_subcluster.go old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/re_ip_v4.json b/vclusterops/test_data/re_ip_v4.json old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/re_ip_v4_wrong.json b/vclusterops/test_data/re_ip_v4_wrong.json old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/re_ip_v6.json b/vclusterops/test_data/re_ip_v6.json old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/re_ip_v6_wrong.json b/vclusterops/test_data/re_ip_v6_wrong.json old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/rootca.pem b/vclusterops/test_data/rootca.pem old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/test.key b/vclusterops/test_data/test.key old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/test.pem b/vclusterops/test_data/test.pem old mode 100644 new mode 100755 diff --git a/vclusterops/test_data/vertica_cluster.yaml b/vclusterops/test_data/vertica_cluster.yaml old mode 100644 new mode 100755 diff --git a/vclusterops/unsandbox.go b/vclusterops/unsandbox.go old mode 100644 new mode 100755 diff --git a/vclusterops/util/README.md b/vclusterops/util/README.md old mode 100644 new mode 100755 diff --git a/vclusterops/util/defaults.go b/vclusterops/util/defaults.go old mode 100644 new mode 100755 diff --git a/vclusterops/util/time.go b/vclusterops/util/time.go old mode 100644 new mode 100755 diff --git a/vclusterops/util/time_test.go b/vclusterops/util/time_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/util/tls.go b/vclusterops/util/tls.go new file mode 100755 index 0000000..d15472b --- /dev/null +++ b/vclusterops/util/tls.go @@ -0,0 +1,48 @@ +package util + +import ( + "crypto/tls" + "crypto/x509" + "time" +) + +// generateTLSVerifyFunc returns a callback function suitable for use as the VerifyPeerCertificate +// field of a tls.Config struct. It is a slightly less performant but logically equivalent version of +// the validation logic which gets run when InsecureSkipVerify == false in go v1.20.11. The difference +// is that hostname validation is elided, which is not possible without custom verification. +// +// See crypto/x509/verify.go for hostname validation behavior and crypto/tls/handshake_client.go for +// the reference implementation of this function. +func GenerateTLSVerifyFunc(rootCAs *x509.CertPool) func([][]byte, [][]*x509.Certificate) error { + return func(certificates [][]byte, _ [][]*x509.Certificate) error { + // Reparse certs. The crypto/tls package version does some extra checks, but they're already + // done by this point, so no need to repeat them. It also uses a cache to reduce parsing, which + // isn't included here, but could be if there is a perf issue. + certs := make([]*x509.Certificate, len(certificates)) + for i, asn1Data := range certificates { + cert, err := x509.ParseCertificate(asn1Data) + if err != nil { + return err + } + certs[i] = cert + } + + // construct verification options like reference implementation, minus hostname + opts := x509.VerifyOptions{ + Roots: rootCAs, + CurrentTime: time.Now(), + DNSName: "", + Intermediates: x509.NewCertPool(), + } + + for _, cert := range certs[1:] { + opts.Intermediates.AddCert(cert) + } + _, err := certs[0].Verify(opts) + if err != nil { + return &tls.CertificateVerificationError{UnverifiedCertificates: certs, Err: err} + } + + return nil + } +} diff --git a/vclusterops/util/util.go b/vclusterops/util/util.go old mode 100644 new mode 100755 diff --git a/vclusterops/util/util_test.go b/vclusterops/util/util_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/vcluster_database_options.go b/vclusterops/vcluster_database_options.go old mode 100644 new mode 100755 diff --git a/vclusterops/vcluster_database_options_test.go b/vclusterops/vcluster_database_options_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/vcluster_version.go b/vclusterops/vcluster_version.go old mode 100644 new mode 100755 diff --git a/vclusterops/vcluster_version_test.go b/vclusterops/vcluster_version_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/vlog/README.md b/vclusterops/vlog/README.md old mode 100644 new mode 100755 diff --git a/vclusterops/vlog/printer.go b/vclusterops/vlog/printer.go old mode 100644 new mode 100755 diff --git a/vclusterops/vlog/printer_test.go b/vclusterops/vlog/printer_test.go old mode 100644 new mode 100755 diff --git a/vclusterops/vstruct/vstruct.go b/vclusterops/vstruct/vstruct.go old mode 100644 new mode 100755