mirror of
https://github.com/ckaczor/azuredatastudio.git
synced 2026-02-16 10:58:30 -05:00
Add config for ignoring SSL errors on BDC queries (#8169)
* Add config for ignoring SSL errors on BDC queries * Fix error handling in write stream * Disable tslint check * Handle promise appropriately * PR comments * Change defaults to true
This commit is contained in:
Charles Gagnon
@@ -3,8 +3,6 @@
|
||||
* Licensed under the Source EULA. See License.txt in the project root for license information.
|
||||
*--------------------------------------------------------------------------------------------*/
|
||||
|
||||
'use strict';
|
||||
|
||||
import * as vscode from 'vscode';
|
||||
|
||||
export enum BdcItemType {
|
||||
|
||||
@@ -4,32 +4,30 @@
|
||||
*--------------------------------------------------------------------------------------------*/
|
||||
|
||||
import * as request from 'request';
|
||||
|
||||
import { authenticateKerberos, getHostAndPortFromEndpoint } from '../auth';
|
||||
import { BdcRouterApi, Authentication, EndpointModel, BdcStatusModel, DefaultApi } from './apiGenerated';
|
||||
import { TokenRouterApi } from './clusterApiGenerated2';
|
||||
import { AuthType } from '../constants';
|
||||
import * as nls from 'vscode-nls';
|
||||
import { ConnectControllerDialog, ConnectControllerModel } from '../dialog/connectControllerDialog';
|
||||
import { getIgnoreSslVerificationConfigSetting } from '../utils';
|
||||
|
||||
const localize = nls.loadMessageBundle();
|
||||
|
||||
class SslAuth implements Authentication {
|
||||
|
||||
constructor(private _ignoreSslVerification: boolean) {
|
||||
}
|
||||
constructor() { }
|
||||
|
||||
applyToRequest(requestOptions: request.Options): void {
|
||||
requestOptions['agentOptions'] = {
|
||||
rejectUnauthorized: !this._ignoreSslVerification
|
||||
rejectUnauthorized: !getIgnoreSslVerificationConfigSetting()
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export class KerberosAuth extends SslAuth implements Authentication {
|
||||
|
||||
constructor(public kerberosToken: string, ignoreSslVerification: boolean) {
|
||||
super(ignoreSslVerification);
|
||||
constructor(public kerberosToken: string) {
|
||||
super();
|
||||
}
|
||||
|
||||
applyToRequest(requestOptions: request.Options): void {
|
||||
@@ -41,8 +39,8 @@ export class KerberosAuth extends SslAuth implements Authentication {
|
||||
}
|
||||
}
|
||||
export class BasicAuth extends SslAuth implements Authentication {
|
||||
constructor(public username: string, public password: string, ignoreSslVerification: boolean) {
|
||||
super(ignoreSslVerification);
|
||||
constructor(public username: string, public password: string) {
|
||||
super();
|
||||
}
|
||||
|
||||
applyToRequest(requestOptions: request.Options): void {
|
||||
@@ -96,17 +94,16 @@ export class ClusterController {
|
||||
constructor(url: string,
|
||||
private _authType: AuthType,
|
||||
private _username?: string,
|
||||
private _password?: string,
|
||||
ignoreSslVerification?: boolean
|
||||
private _password?: string
|
||||
) {
|
||||
if (!url || (_authType === 'basic' && (!_username || !_password))) {
|
||||
throw new Error('Missing required inputs for Cluster controller API (URL, username, password)');
|
||||
}
|
||||
this._url = adjustUrl(url);
|
||||
if (this._authType === 'basic') {
|
||||
this._authPromise = Promise.resolve(new BasicAuth(_username, _password, !!ignoreSslVerification));
|
||||
this._authPromise = Promise.resolve(new BasicAuth(_username, _password));
|
||||
} else {
|
||||
this._authPromise = this.requestTokenUsingKerberos(ignoreSslVerification);
|
||||
this._authPromise = this.requestTokenUsingKerberos();
|
||||
}
|
||||
this._dialog = new ConnectControllerDialog(new ConnectControllerModel(
|
||||
{
|
||||
@@ -133,8 +130,8 @@ export class ClusterController {
|
||||
return this._password;
|
||||
}
|
||||
|
||||
private async requestTokenUsingKerberos(ignoreSslVerification?: boolean): Promise<Authentication> {
|
||||
let supportsKerberos = await this.verifyKerberosSupported(ignoreSslVerification);
|
||||
private async requestTokenUsingKerberos(): Promise<Authentication> {
|
||||
let supportsKerberos = await this.verifyKerberosSupported();
|
||||
if (!supportsKerberos) {
|
||||
throw new Error(localize('error.no.activedirectory', "This cluster does not support Windows authentication"));
|
||||
}
|
||||
@@ -145,9 +142,9 @@ export class ClusterController {
|
||||
let host = getHostAndPortFromEndpoint(this._url).host;
|
||||
let kerberosToken = await authenticateKerberos(host);
|
||||
let tokenApi = new TokenRouterApi(this._url);
|
||||
tokenApi.setDefaultAuthentication(new KerberosAuth(kerberosToken, !!ignoreSslVerification));
|
||||
tokenApi.setDefaultAuthentication(new KerberosAuth(kerberosToken));
|
||||
let result = await tokenApi.apiV1TokenPost();
|
||||
let auth = new OAuthWithSsl(ignoreSslVerification);
|
||||
let auth = new OAuthWithSsl();
|
||||
auth.accessToken = result.body.accessToken;
|
||||
return auth;
|
||||
} catch (error) {
|
||||
@@ -160,9 +157,9 @@ export class ClusterController {
|
||||
}
|
||||
}
|
||||
|
||||
private async verifyKerberosSupported(ignoreSslVerification: boolean): Promise<boolean> {
|
||||
private async verifyKerberosSupported(): Promise<boolean> {
|
||||
let tokenApi = new TokenRouterApi(this._url);
|
||||
tokenApi.setDefaultAuthentication(new SslAuth(!!ignoreSslVerification));
|
||||
tokenApi.setDefaultAuthentication(new SslAuth());
|
||||
try {
|
||||
await tokenApi.apiV1TokenPost();
|
||||
// If we get to here, the route for endpoints doesn't require auth so state this is false
|
||||
|
||||
@@ -70,7 +70,7 @@ export class AddControllerDialogModel {
|
||||
}
|
||||
}
|
||||
// We pre-fetch the endpoints here to verify that the information entered is correct (the user is able to connect)
|
||||
let controller = new ClusterController(url, auth, username, password, true);
|
||||
let controller = new ClusterController(url, auth, username, password);
|
||||
let response = await controller.getEndPoints();
|
||||
if (response && response.endPoints) {
|
||||
if (this._canceled) {
|
||||
|
||||
@@ -31,9 +31,9 @@ export class BdcDashboardModel {
|
||||
public onDidUpdateBdcStatus = this._onDidUpdateBdcStatus.event;
|
||||
public onBdcError = this._onBdcError.event;
|
||||
|
||||
constructor(private _options: BdcDashboardOptions, private _treeDataProvider: ControllerTreeDataProvider, ignoreSslVerification = true) {
|
||||
constructor(private _options: BdcDashboardOptions, private _treeDataProvider: ControllerTreeDataProvider) {
|
||||
try {
|
||||
this._clusterController = new ClusterController(_options.url, _options.auth, _options.username, _options.password, ignoreSslVerification);
|
||||
this._clusterController = new ClusterController(_options.url, _options.auth, _options.username, _options.password);
|
||||
// tslint:disable-next-line:no-floating-promises
|
||||
this.refresh();
|
||||
} catch {
|
||||
|
||||
@@ -80,7 +80,7 @@ export abstract class HdfsDialogModelBase<T extends HdfsDialogProperties, R> {
|
||||
}
|
||||
|
||||
protected createController(): ClusterController {
|
||||
return new ClusterController(this.props.url, this.props.auth, this.props.username, this.props.password, true);
|
||||
return new ClusterController(this.props.url, this.props.auth, this.props.username, this.props.password);
|
||||
}
|
||||
|
||||
protected async createAndVerifyControllerConnection(): Promise<ClusterController> {
|
||||
|
||||
@@ -3,13 +3,11 @@
|
||||
* Licensed under the Source EULA. See License.txt in the project root for license information.
|
||||
*--------------------------------------------------------------------------------------------*/
|
||||
|
||||
'use strict';
|
||||
|
||||
import * as vscode from 'vscode';
|
||||
import * as azdata from 'azdata';
|
||||
import * as nls from 'vscode-nls';
|
||||
const localize = nls.loadMessageBundle();
|
||||
import * as constants from './constants';
|
||||
const localize = nls.loadMessageBundle();
|
||||
|
||||
export enum Endpoint {
|
||||
gateway = 'gateway',
|
||||
@@ -273,3 +271,21 @@ export function getControllerEndpoint(serverInfo: azdata.ServerInfo): string | u
|
||||
export function getBdcStatusErrorMessage(error: Error): string {
|
||||
return localize('endpointsError', "Unexpected error retrieving BDC Endpoints: {0}", error.message);
|
||||
}
|
||||
|
||||
export const bdcConfigSectionName = 'bigDataCluster';
|
||||
export const ignoreSslConfigName = 'ignoreSslVerification';
|
||||
|
||||
/**
|
||||
* Retrieves the current setting for whether to ignore SSL verification errors
|
||||
*/
|
||||
export function getIgnoreSslVerificationConfigSetting(): boolean {
|
||||
try {
|
||||
const config = vscode.workspace.getConfiguration(bdcConfigSectionName);
|
||||
return config.get<boolean>(ignoreSslConfigName) || true;
|
||||
} catch (error) {
|
||||
console.error(`Unexpected error retrieving ${bdcConfigSectionName}.${ignoreSslConfigName} setting : ${error}`);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -75,7 +75,7 @@ function registerCommands(context: vscode.ExtensionContext, treeDataProvider: Co
|
||||
info.rememberPassword);
|
||||
await treeDataProvider.saveControllers();
|
||||
}
|
||||
const dashboard: BdcDashboard = new BdcDashboard(title, new BdcDashboardModel(info, treeDataProvider, /*ignoreSslVerification*/true));
|
||||
const dashboard: BdcDashboard = new BdcDashboard(title, new BdcDashboardModel(info, treeDataProvider));
|
||||
dashboard.showDashboard();
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user