You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is a special flag in the config for Openshift Client - insecureSkipTlsVerify. A true value means that if the authenticity of the certificate is not established, then the execution will continue anyway (regardless of the type of certificate, self-signed or not). Also, it depends on process.env.NODE_TLS_REJECT_UNAUTHORIZED. So for enabling insecureSkipTlsVerifyprocess.env.NODE_TLS_REJECT_UNAUTHORIZED must be "0". Also, I've added logger.warn in the Client for insecureSkipTlsVerify true value. @aiwilliams, can you comment this? I think the problem is the wrong value of param. Will you have enough logger.warn call from our side for generating warn in UI? Or maybe we need to call another method?
I recall that when I first worked on this, I learned of the NODE_TLS_REJECT_UNAUTHORIZED setting to make Node's native request API accept a self-signed cert. That setting was placed in .env for local development, so that it would not be used in a production environment. I see that process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0' is being used to set insecureSkipTlsVerify for the OpenShift client, which translates it to strictSSL, used in the request library as a setting to ignore certificate errors.
I question whether both of these settings really required. Would you please verify that insecureSkipTlsVerify: true can be set without using NODE_TLS_REJECT_UNAUTHORIZED? Then we can avoid having to set that environment variable, which will affect the Node process/other requests beyond the connection to OpenShift?
@aiwilliams, can you comment this? I think the problem is the wrong value of param. Will you have enough logger.warn call from our side for generating warn in UI? Or maybe we need to call another method?
The SDK needs a mechanism added to allow for reporting to the UI. I think what you have is fine for now.
The reason will be displayed to describe this comment to others. Learn more.
Please check about avoiding the use of NODE_TLS_REJECT_UNAUTHORIZED. The .env will need to be changed to use a different environment variable, to avoid changing all Node requests.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There is a special flag in the config for Openshift Client -
insecureSkipTlsVerify. A true value means that if the authenticity of the certificate is not established, then the execution will continue anyway (regardless of the type of certificate, self-signed or not). Also, it depends onprocess.env.NODE_TLS_REJECT_UNAUTHORIZED. So for enablinginsecureSkipTlsVerifyprocess.env.NODE_TLS_REJECT_UNAUTHORIZEDmust be"0". Also, I've addedlogger.warnin the Client forinsecureSkipTlsVerifytrue value. @aiwilliams, can you comment this? I think the problem is the wrong value of param. Will you have enoughlogger.warncall from our side for generating warn in UI? Or maybe we need to call another method?