Handle trust bundle presence in management endpoint for v4 client (#175)

Set Credentials.Insecure to true in v4 clientCache.GetOrCreate.
v4 SDK doesn't have trust bundle as an input. Until we have a better
solution, we will set Insecure to true if trust bundle is provided
to avoid breaking existing consumers of v3 SDK. This internally
would set VerifySSL property of the http client in the v4 client.

Author: thunderboltsid

CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 - Updated v4 API clients from v4 alpha to v4 beta  APIs
+- Handle trust bundle in v4 client cache GetOrCreate by setting VerifySSL
 
 ## [0.4.0] - 2024-05-03
 ### Added

v4/cache.go

@@ -110,6 +110,12 @@ func (c *ClientCache) GetOrCreate(cachedClientParams CachedClientParams, opts ..
 		SessionAuth: c.useSessionAuth,
 	}
 
+	// TODO(sid): v4 SDK doesn't have trust bundle as an input. Until we have a better solution, we will
+	// set Insecure to true if trust bundle is provided to avoid breaking existing consumers of v3 SDK.
+	if cachedClientParams.ManagementEndpoint().AdditionalTrustBundle != "" {
+		credentials.Insecure = true
+	}
+
 	setDefaultsForCredentials(&credentials)
 	if err := validateCredentials(credentials); err != nil {
 		return nil, fmt.Errorf("failed to validate credentials for cachedClientParams with key %s: %w", cachedClientParams.Key(), err)

v4/cache_test.go

@@ -6,6 +6,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/nutanix-cloud-native/prism-go-client/environment/types"
+	"github.com/nutanix-cloud-native/prism-go-client/internal/testhelpers"
 )
 
 func TestNewClientCacheReturnsNewCache(t *testing.T) {
@@ -93,3 +94,64 @@ func TestDeleteDoesNotErrorIfClientNotPresentInCache(t *testing.T) {
 
 	cache.Delete(&cachedClientParams{name: "cluster1"}) // No error expected
 }
+
+func TestGetOrCreateSetsVerifySSL(t *testing.T) {
+	cache := NewClientCache()
+	mgmtEndpoint := testhelpers.ManagementEndpointFromEnvironment(t)
+	cp := &cachedClientParams{
+		name:         "cluster1",
+		mgmtEndpoint: *mgmtEndpoint,
+	}
+	c, err := cache.GetOrCreate(cp)
+	assert.NoError(t, err)
+	assert.True(t, c.CategoriesApiInstance.ApiClient.VerifySSL)
+	assert.True(t, c.ClustersApiInstance.ApiClient.VerifySSL)
+	assert.True(t, c.ImagesApiInstance.ApiClient.VerifySSL)
+	assert.True(t, c.StorageContainerAPI.ApiClient.VerifySSL)
+	assert.True(t, c.SubnetsApiInstance.ApiClient.VerifySSL)
+	assert.True(t, c.SubnetIPReservationApi.ApiClient.VerifySSL)
+	assert.True(t, c.TasksApiInstance.ApiClient.VerifySSL)
+	assert.True(t, c.VolumeGroupsApiInstance.ApiClient.VerifySSL)
+	assert.True(t, c.VmApiInstance.ApiClient.VerifySSL)
+
+	cache.Delete(cp)
+
+	certBundle := `-----BEGIN CERTIFICATE-----
+MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
+MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
+YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf
+ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu
+zi2rqqlwLwKGyLHQCAeV6irs0Z7kNlw7pja1Q4ur944+ABv/hVlrYgGNguhKujiz
+4MP0bRmn6gXdhGfCZsckAnNate6kGdn8AM62pI3ffr1fsjqdhDFPyGMM5NgNUqN+
+ARvUZ6UYKOsBp4I82Y4d5UcNuotZFKMfH0vq4idGhs6dOcRmQafiFSNrVkfB7cVT
+5NSAH2v6gEaYsgmmD5W+ZoiTAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMCAQYw
+EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUXUayjcRLdBy77fVztjq3OI91
+nn4wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
+Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0
+dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEEMTAv
+MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEw
+HwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQEFBQAD
+ggEBABvgiADHBREc/6stSEJSzSBo53xBjcEnxSxZZ6CaNduzUKcbYumlO/q2IQen
+fPMOK25+Lk2TnLryhj5jiBDYW2FQEtuHrhm70t8ylgCoXtwtI7yw07VKoI5lkS/Z
+9oL2dLLffCbvGSuXL+Ch7rkXIkg/pfcNYNUNUUflWP63n41edTzGQfDPgVRJEcYX
+pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30
+hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o
+wFZUTKiL8IkyhtyTMr5NGvo1dbU=
+-----END CERTIFICATE-----`
+	cp.mgmtEndpoint.AdditionalTrustBundle = certBundle
+	c, err = cache.GetOrCreate(cp)
+	assert.NoError(t, err)
+	assert.False(t, c.CategoriesApiInstance.ApiClient.VerifySSL)
+	assert.False(t, c.ClustersApiInstance.ApiClient.VerifySSL)
+	assert.False(t, c.ImagesApiInstance.ApiClient.VerifySSL)
+	assert.False(t, c.StorageContainerAPI.ApiClient.VerifySSL)
+	assert.False(t, c.SubnetsApiInstance.ApiClient.VerifySSL)
+	assert.False(t, c.SubnetIPReservationApi.ApiClient.VerifySSL)
+	assert.False(t, c.TasksApiInstance.ApiClient.VerifySSL)
+	assert.False(t, c.VolumeGroupsApiInstance.ApiClient.VerifySSL)
+	assert.False(t, c.VmApiInstance.ApiClient.VerifySSL)
+}