Add SSL to test CLI-Svc

Signed-off-by: Marc Khouzam <marc.khouzam@broadcom.com>

Author: marckhouzam

Makefile

@@ -318,15 +318,27 @@ stop-airgapped-local-registry:
 	@docker stop temp-airgapped-local-registry temp-airgapped-local-registry-with-auth > /dev/null 2>&1 && \
 	  echo "Stopping docker test airgapped repo if running..." || true
 
+
+.PHONY: setup-custom-cert-for-test-cli-service
+setup-custom-cert-for-test-cli-service: ## Setup up the custom ca cert for the test cli service in the config file
+	@if [ ! -d $(ROOT_DIR)/hack/central-repo/certs ]; then \
+		wget https://storage.googleapis.com/tanzu-cli/data/testcerts/local-central-repo-testcontent.bz2 -O $(ROOT_DIR)/hack/central-repo/local-central-repo-testcontent.bz2;\
+		tar xjf $(ROOT_DIR)/hack/central-repo/local-central-repo-testcontent.bz2 -C $(ROOT_DIR)/hack/central-repo/;\
+	fi
+	@echo "Adding docker test cli service cert to the config file"
+	@TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER="No" TANZU_CLI_EULA_PROMPT_ANSWER="Yes" $(ROOT_DIR)/bin/tanzu config cert delete localhost:9443 &> /dev/null || true
+	$(ROOT_DIR)/bin/tanzu config cert add --host localhost:9443 --ca-cert $(ROOT_DIR)/hack/central-repo/certs/localhost.crt
+
 .PHONY: start-test-cli-service
-start-test-cli-service: stop-test-cli-service ## Starts a test CLI service locally with docker
-	@docker run -d --rm --name cli-service -p 8080:80 \
+start-test-cli-service: stop-test-cli-service setup-custom-cert-for-test-cli-service ## Starts a test CLI service locally with docker
+	@docker run -d --rm --name cli-service -p 9443:443 \
+		-v $(ROOT_DIR)/hack/central-repo/certs:/certs \
 		-v $(ROOT_DIR)/hack/service/install.sh:/var/www/html/cli/v1/install/install.txt \
 		-v $(ROOT_DIR)/hack/service/discovery:/var/www/html/cli/v1/plugin/discovery \
 		-v $(ROOT_DIR)/hack/service/binaries:/var/www/html/cli/v1/binary \
 		-v $(ROOT_DIR)/hack/service/cli-service.conf:/etc/nginx/conf.d/cli-service.conf \
-		nginx:alpine && \
-	echo "Started docker test cli service at 'localhost:8080'"
+		nginx:alpine > /dev/null && \
+	echo "Started docker test cli service at 'localhost:9443'"
 
 .PHONY: stop-test-cli-service
 stop-test-cli-service: ## Stops and removes the local test CLI service

hack/service/README.md

@@ -4,11 +4,11 @@ This mock allows to run an nginx docker image which serves the same endpoints as
 the ones the real CLI-Svc serves.  It allows to test the CLI without using the
 real CLI-Svc.
 
-The endpoints being mocked are:
+The endpoints being mocked use SSL and are:
 
-- localhost:8080/cli/v1/install
-- localhost:8080/cli/v1/plugin/discovery
-- localhost:8080/cli/v1/binary
+- localhost:9443/cli/v1/install
+- localhost:9443/cli/v1/plugin/discovery
+- localhost:9443/cli/v1/binary
 
 ## Using the test CLI-Svc
 
@@ -19,19 +19,21 @@ To access the endpoints manually, e.g.,:
 
 ```console
 # NOTE: the trailing / is essential
-curl localhost:8080/cli/v1/plugin/discovery/
+curl https://localhost:9443/cli/v1/plugin/discovery/ --cacert hack/central-repo/certs/localhost.crt
+# or
+curl https://localhost:9443/cli/v1/plugin/discovery/ -k
 ```
 
 ## Testing plugin discovery
 
-If testing plugin discovery (localhost:8080/cli/v1/plugin/discovery/), the
+If testing plugin discovery (localhost:9443/cli/v1/plugin/discovery/), the
 test CLI-Svc will randomly serve different discovery data which is configured in
 `hack/service/cli-service.conf`.
 
 To tell the CLI to use the test CLI-Svc we must execute:
 
 ```console
-export TANZU_CLI_PLUGIN_DISCOVERY_HOST_FOR_TANZU_CONTEXT=http://localhost:8080
+export TANZU_CLI_PLUGIN_DISCOVERY_HOST_FOR_TANZU_CONTEXT=http://localhost:9443
 ```
 
 To allow testing using different central repositories the endpoint serves some

hack/service/cli-service.conf

@@ -9,9 +9,11 @@ split_clients "${msec}" $discovery {
 }
 
 server {
-    listen 80;
+    listen 443 ssl;
     server_name localhost;
     root /var/www/html;
+    ssl_certificate     /certs/localhost.crt;
+    ssl_certificate_key /certs/localhost.key;
 
     location /cli/v1/install {
         index install.txt;