feat(connect): add -SkipCertificateCheck and -AllowInsecureTransport switches

Adds opt-in insecure-transport controls for pre-production / self-signed scenarios. Configured once on Connect-Infisical and persisted on the InfisicalConnection; every downstream cmdlet inherits via the base class. Connect-Infisical: - [switch] SkipCertificateCheck Disable TLS chain validation per request. - [switch] AllowInsecureTransport Permit http:// BaseUri (else throw). - Logs explicit Warning records when either is enabled. InfisicalConnection: - New SkipCertificateCheck / AllowInsecureTransport bool properties (default false). Persisted on the session for downstream cmdlets. InfisicalCmdletBase: - HttpClient getter now constructs InfisicalHttpClient with the flag derived from a new virtual ShouldSkipCertificateCheck(), which reads the current session. Connect-Infisical overrides it to use its own switch since the session does not yet exist during auth. InfisicalHttpClient: - New skipCertificateCheck ctor parameter; when on, sets HttpWebRequest.ServerCertificateValidationCallback per request via reflection (property is available at runtime on PS 5.1/7 but not surfaced by netstandard2.0). Falls back to ServicePointManager with a warning if reflection is unavailable. Tests: - InfisicalConnection defaults both flags to false. - ShouldSkipCertificateCheck reads from InfisicalSessionManager.Current.
2026-06-05 16:39:56 -04:00
parent 9a13b0567c
commit 1270c9099c
5 changed files with 104 additions and 3 deletions
@@ -84,5 +84,38 @@ namespace PSInfisicalAPI.Tests
            Assert.Equal("explicit-org", cmdlet.CallResolveOrganizationId(ConnectionWithDefaults(), "explicit-org"));
            Assert.Empty(logger.VerboseEntries);
        }
+
+        [Fact]
+        public void InfisicalConnection_Defaults_TransportFlags_To_False()
+        {
+            InfisicalConnection connection = new InfisicalConnection();
+            Assert.False(connection.SkipCertificateCheck);
+            Assert.False(connection.AllowInsecureTransport);
+        }
+
+        [Fact]
+        public void ShouldSkipCertificateCheck_Reads_From_Current_Session()
+        {
+            InfisicalConnection previous = InfisicalSessionManager.Current;
+            try
+            {
+                TestCmdlet cmdlet = CreateCmdletWith(new RecordingLogger());
+                MethodInfo virt = typeof(InfisicalCmdletBase).GetMethod("ShouldSkipCertificateCheck", BindingFlags.NonPublic | BindingFlags.Instance);
+
+                InfisicalSessionManager.SetCurrent(null);
+                Assert.False((bool)virt.Invoke(cmdlet, null));
+
+                InfisicalConnection session = ConnectionWithDefaults();
+                session.IsConnected = true;
+                session.SkipCertificateCheck = true;
+                InfisicalSessionManager.SetCurrent(session);
+
+                Assert.True((bool)virt.Invoke(cmdlet, null));
+            }
+            finally
+            {
+                InfisicalSessionManager.SetCurrent(previous);
+            }
+        }
    }
 }