STAC-22970: Installation scripts support STS_SKIP_SSL, STS_CA_CERT_BASE64_DATA, and STS_CA_CERT_path (#105)

viliakov · web-flow · commit 38fe934fc640 · 2025-07-24T11:55:49.000+02:00
diff --git a/scripts/publish/installers/install.ps1 b/scripts/publish/installers/install.ps1
@@ -16,7 +16,10 @@ new-module -name "StsCliInstaller" -scriptblock {
     param (
         [string]$StsUrl, # url of the StackState instance to configure (empty means don't configure)
         [string]$StsApiToken, # API-TOKEN of the StackState instance to configure (empty means don't configure)
-        [string]$StsCliVersion # version of the CLI to install (empty means latest)
+        [string]$StsCliVersion, # version of the CLI to install (empty means latest)
+        [string]$StsCaCertPath, # Path to CA certificate file for HTTPS verification
+        [string]$StsCaCertBase64Data, # Base64 encoded CA certificate data for HTTPS verification
+        [string]$StsSkipSsl # Skip SSL verification (if set, CA cert options are ignored)
     )
     # Stop on first error
     $ErrorActionPreference = "Stop"
@@ -66,7 +69,15 @@ new-module -name "StsCliInstaller" -scriptblock {
 
     # Configure the CLI if config parameters have been set
     if ($StsUrl -and $StsApiToken) {
-      & sts context save --url $StsUrl --api-token $StsApiToken
+      if ($StsSkipSsl -eq "true") {
+        & sts context save --url $StsUrl --api-token $StsApiToken --skip-ssl $StsSkipSsl
+      } elseif ($StsCaCertPath) {
+        & sts context save --url $StsUrl --api-token $StsApiToken --ca-cert-path $StsCaCertPath
+      } elseif ($StsCaCertBase64Data) {
+        & sts context save --url $StsUrl --api-token $StsApiToken --ca-cert-base64-data $StsCaCertBase64Data
+      } else {
+        & sts context save --url $StsUrl --api-token $StsApiToken
+      }
       if ($LastExitCode -ne 0) {
         return
       }
diff --git a/scripts/publish/installers/install.sh b/scripts/publish/installers/install.sh
@@ -7,6 +7,9 @@
 # STS_URL - url of the StackState instance to configure (empty means don't configure)
 # STS_API_TOKEN - API-TOKEN of the StackState instance to configure (empty means don't configure)
 # STS_CLI_LOCATION - Path you want to install CLI (empty means `/usr/local/bin`)
+# STS_CA_CERT_PATH - Path to CA certificate file for HTTPS verification
+# STS_CA_CERT_BASE64_DATA - Base64 encoded CA certificate data for HTTPS verification
+# STS_SKIP_SSL - Skip SSL verification (if set, CA cert options are ignored)
 #-----------------------------------
 
 #!/usr/bin/env bash
@@ -75,9 +78,32 @@ fi
 # Verify that 'sts' works
 ${TARGET_CLI_PATH}/sts > /dev/null 2>&1
 
+# Validate SSL/CA certificate environment variables
+if [[ -n "${STS_SKIP_SSL}" ]]; then
+  if [[ -n "${STS_CA_CERT_PATH}" || -n "${STS_CA_CERT_BASE64_DATA}" ]]; then
+    printf "${RED}[WARNING]${NO_COLOR} STS_SKIP_SSL is set, ignoring STS_CA_CERT_PATH and STS_CA_CERT_BASE64_DATA\n"
+  fi
+elif [[ -n "${STS_CA_CERT_PATH}" && -n "${STS_CA_CERT_BASE64_DATA}" ]]; then
+  printf "${RED}[WARNING]${NO_COLOR} Both STS_CA_CERT_PATH and STS_CA_CERT_BASE64_DATA are set, STS_CA_CERT_PATH takes precedence\n"
+fi
+
 # Configure the CLI if config parameters have been set
 if [[ -n "${STS_URL}" && -n "${STS_API_TOKEN}" ]]; then
-  ${TARGET_CLI_PATH}/sts context save --url ${STS_URL} --api-token ${STS_API_TOKEN}
+  if [[ -n "${STS_SKIP_SSL}" ]]; then
+    COMMAND="${TARGET_CLI_PATH}/sts context save --url ${STS_URL} --api-token ${STS_API_TOKEN} --skip-ssl"
+  elif [[ -n "${STS_CA_CERT_PATH}" ]]; then
+    COMMAND="${TARGET_CLI_PATH}/sts context save --url ${STS_URL} --api-token ${STS_API_TOKEN} --ca-cert-path ${STS_CA_CERT_PATH}"
+  elif [[ -n "${STS_CA_CERT_BASE64_DATA}" ]]; then
+    COMMAND="${TARGET_CLI_PATH}/sts context save --url ${STS_URL} --api-token ${STS_API_TOKEN} --ca-cert-base64-data ${STS_CA_CERT_BASE64_DATA}"
+  else
+    COMMAND="${TARGET_CLI_PATH}/sts context save --url ${STS_URL} --api-token ${STS_API_TOKEN}"
+  fi
+  ${COMMAND}
+  if [[ $? -ne 0 ]]; then
+    error "Failed to configure the CLI with the provided parameters. Please check your STS_URL and STS_API_TOKEN."
+  else
+    printf "Successfully configured the CLI with the provided parameters.\n"
+  fi
 fi
 
 if [ "$(whereis sts)" == "" ]; then
