feat: carry disable_ssl_verification through to token managers

Author: dpopp07

auth/icp-token-manager.ts

@@ -23,6 +23,7 @@ export type Options = {
   accessToken?: string;
   username?: string;
   password?: string;
+  disableSslVerification?: boolean;
 }
 
 // this interface is a representation of the response
@@ -54,6 +55,7 @@ export class Icp4dTokenManagerV1 extends JwtTokenManager {
    * @param {String} options.password
    * @param {String} options.accessToken - user-managed access token
    * @param {String} options.url - URL for the ICP4D cluster
+   * @param {Boolean} options.disableSslVerification - disable SSL verification for token request
    * @constructor
    */
   constructor(options: Options) {
@@ -98,6 +100,7 @@ export class Icp4dTokenManagerV1 extends JwtTokenManager {
           Authorization:
             this.computeBasicAuthHeader(this.username, this.password),
         },
+        rejectUnauthorized: this.rejectUnauthorized,
       }
     };
     sendRequest(parameters, callback);

auth/jwt-token-manager.ts

@@ -25,12 +25,14 @@ function getCurrentTime(): number {
 export type Options = {
   accessToken?: string;
   url?: string;
+  disableSslVerification?: boolean;
 }
 
 export class JwtTokenManager {
   protected url: string;
   protected tokenName: string;
   protected userAccessToken: string;
+  protected rejectUnauthorized: boolean;
   private tokenInfo: any;
   private timeToLive: number;
   private expireTime: number;
@@ -42,7 +44,8 @@ export class JwtTokenManager {
    *
    * @param {Object} options
    * @param {String} options.url - url of the api to retrieve tokens from
-   * @param {String} options.accessToken
+   * @param {String} [options.accessToken] - user-managed access token
+   * @param {String} [options.disableSslVerification] - pass in to disable SSL verification on requests. defaults to false
    * @constructor
    */
   constructor(options: Options) {
@@ -53,9 +56,12 @@ export class JwtTokenManager {
     if (options.url) {
       this.url = options.url;
     }
+
     if (options.accessToken) {
       this.userAccessToken = options.accessToken;
     }
+
+    this.rejectUnauthorized = !options.disableSslVerification;
   }
 
   /**

iam-token-manager/v1.ts

@@ -42,6 +42,7 @@ export type Options = {
   iamAccessToken?: string;
   iamClientId?: string;
   iamClientSecret?: string;
+  disableSslVerification?: boolean;
 }
 
 // this interface is a representation of the response
@@ -69,6 +70,7 @@ export class IamTokenManagerV1 extends JwtTokenManager {
    * @param {String} options.iamApikey
    * @param {String} options.iamAccessToken
    * @param {String} options.iamUrl - url of the iam api to retrieve tokens from
+   * @param {Boolean} options.disableSslVerification - disable SSL verification for token request
    * @constructor
    */
   constructor(options: Options) {
@@ -151,7 +153,8 @@ export class IamTokenManagerV1 extends JwtTokenManager {
           grant_type: 'urn:ibm:params:oauth:grant-type:apikey',
           apikey: this.iamApikey,
           response_type: 'cloud_iam'
-        }
+        },
+        rejectUnauthorized: this.rejectUnauthorized,
       }
     };
     sendRequest(parameters, callback);

lib/base_service.ts

@@ -16,7 +16,7 @@
 
 import extend = require('extend');
 import vcapServices = require('vcap_services');
-import { IcpTokenManagerV1 } from '../auth/icp-token-manager';
+import { Icp4dTokenManagerV1 } from '../auth/icp-token-manager';
 import { IamTokenManagerV1 } from '../iam-token-manager/v1';
 import { stripTrailingSlash } from './helper';
 import { readCredentialsFile } from './read-credentials-file';
@@ -178,34 +178,38 @@ export class BaseService {
       _options.authentication_type = _options.authentication_type.toLowerCase();
     }
 
+    // rejectUnauthorized should only be false if disable_ssl_verification is true
+    // used to disable ssl checking for icp
+    this._options.rejectUnauthorized = !options.disable_ssl_verification;
+
     if (_options.authentication_type === 'iam' || hasIamCredentials(_options)) {
       this.tokenManager = new IamTokenManagerV1({
         iamApikey: _options.iam_apikey || _options.password,
         accessToken: _options.iam_access_token,
         url: _options.iam_url,
         iamClientId: _options.iam_client_id,
-        iamClientSecret: _options.iam_client_secret
+        iamClientSecret: _options.iam_client_secret,
+        disableSslVerification: options.disable_ssl_verification,
       });
     } else if (usesBasicForIam(_options)) {
       this.tokenManager = new IamTokenManagerV1({
         iamApikey: _options.password,
         url: _options.iam_url,
         iamClientId: _options.iam_client_id,
-        iamClientSecret: _options.iam_client_secret
+        iamClientSecret: _options.iam_client_secret,
+        disableSslVerification: options.disable_ssl_verification,
       });
     } else if (isForICP4D(_options)) {
-      this.tokenManager = new IcpTokenManagerV1({
+      this.tokenManager = new Icp4dTokenManagerV1({
         url: _options.url,
         username: _options.username,
         password: _options.password,
-        accessToken: _options.icp_access_token
+        accessToken: _options.icp_access_token,
+        disableSslVerification: options.disable_ssl_verification,
       });
     } else {
       this.tokenManager = null;
     }
-    // rejectUnauthorized should only be false if disable_ssl_verification is true
-    // used to disable ssl checking for icp
-    this._options.rejectUnauthorized = !options.disable_ssl_verification;
   }
 
   /**
@@ -260,13 +264,15 @@ export class BaseService {
     if (this.tokenManager) {
       this.tokenManager.setAccessToken(access_token);
     } else if (this._options.authentication_type === 'icp4d') {
-      this.tokenManager = new IcpTokenManagerV1({
+      this.tokenManager = new Icp4dTokenManagerV1({
         accessToken: access_token,
-        url: this._options.url
+        url: this._options.url,
+        disableSslVerification: this._options.disable_ssl_verification,
       });
     } else {
       this.tokenManager = new IamTokenManagerV1({
-        accessToken: access_token
+        accessToken: access_token,
+        disableSslVerification: this._options.disable_ssl_verification,
       });
     }
   }