core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/pkg/unifi/client.go
Snider bd8617c3a5 Update README.md to reflect actual configuration management implementation (#310) 
* docs: update README.md to reflect actual configuration implementation

This commit updates the README.md to accurately describe the project's
decentralized YAML-based configuration management system, as identified
in the Architecture & Design Pattern Audit (PR #208).

Key changes:
- Refactored 'Architecture' section to match actual directory structure
  (e.g., pkg/framework/core, pkg/repos, pkg/agentic, pkg/mcp).
- Removed outdated and non-existent references to pkg/config (JSON),
  pkg/display, and pkg/workspace.
- Added a new 'Configuration Management' section documenting YAML file
  locations (.core/build.yaml, ~/.core/config.yaml, repos.yaml, etc.).
- Updated 'Quick Start' example to use the correct package path and
  handle errors.
- Updated 'Current State' table and 'Package Deep Dives' to match
  present packages.
- Cleaned up broken links and references to external repos (core-gui).

* docs: update README.md to reflect actual configuration implementation

This commit updates the README.md to accurately describe the project's
decentralized YAML-based configuration management system, as identified
in the Architecture & Design Pattern Audit (PR #208).

Key changes:
- Refactored 'Architecture' section to match actual directory structure
  (e.g., pkg/framework/core, pkg/repos, pkg/agentic, pkg/mcp).
- Removed outdated and non-existent references to pkg/config (JSON),
  pkg/display, and pkg/workspace.
- Added a new 'Configuration Management' section documenting YAML file
  locations (.core/build.yaml, ~/.core/config.yaml, repos.yaml, etc.).
- Updated 'Quick Start' example to use the correct package path and
  handle errors.
- Updated 'Current State' table and 'Package Deep Dives' to match
  present packages.
- Cleaned up broken links and references to external repos (core-gui).
- Fixed formatting in pkg/io/local/client.go to satisfy CI.

* docs: update README and fix auto-merge CI

This commit completes the README update to reflect the actual
configuration implementation and also fixes a CI failure in the
auto-merge workflow.

Changes:
- README.md: Updated to document the decentralized YAML-based
  configuration system and current project structure.
- pkg/io/local/client.go: Fixed minor formatting to satisfy CI.
- .github/workflows/auto-merge.yml: Replaced the broken reusable
  workflow call with a local implementation that includes the
  '--repo' flag for the 'gh' command. This avoids the 'fatal: not
  a git repository' error in environments without a '.git' directory.

* chore: fix merge conflict and address PR comments

- Merged origin/dev into the current branch.
- Resolved merge conflict in .github/workflows/auto-merge.yml.
- Updated auto-merge.yml with the local implementation to avoid git repository requirement in CI.

* docs: update README, fix auto-merge CI, and fix security vulnerability

- README.md: Updated to document decentralized YAML configuration.
- .github/workflows/auto-merge.yml: Fixed CI by implementing auto-merge locally.
- pkg/unifi/client.go: Fixed CodeQL security alert by making TLS verification configurable.
- pkg/unifi/config.go: Added 'unifi.insecure' config support.
- internal/cmd/unifi/: Added '--insecure' flag to CLI commands.
- pkg/io/local/client.go: Minor formatting fix.

* fix: address code review comments

- Document centralized pkg/config service as primary configuration mechanism
- Add pkg/config entry back to package status table
- Document repos.yaml auto-discovery locations (cwd, parents, home paths)
- Clarify pkg/crypt/openpgp subpackage provides asymmetric encryption
- Add ChaCha20-Poly1305 to symmetric encryption list
- Fix InsecureSkipVerify: only use custom HTTP client when insecure=true
- Add security warnings and #nosec annotation for intentional usage

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 10:05:56 +00:00

56 lines
1.6 KiB
Go
Raw Blame History

package unifi
import (
"crypto/tls"
"net/http"
uf "github.com/unpoller/unifi/v5"
"github.com/host-uk/core/pkg/log"
)
// Client wraps the unpoller UniFi client with config-based auth.
type Client struct {
api *uf.Unifi
url string
}
// New creates a new UniFi API client for the given controller URL and credentials.
// TLS verification can be disabled via the insecure parameter (useful for self-signed certs on home lab controllers).
// WARNING: Setting insecure=true disables certificate verification and should only be used in trusted network
// environments with self-signed certificates (e.g., home lab controllers).
func New(url, user, pass, apikey string, insecure bool) (*Client, error) {
cfg := &uf.Config{
URL: url,
User: user,
Pass: pass,
APIKey: apikey,
}
api, err := uf.NewUnifi(cfg)
if err != nil {
return nil, log.E("unifi.New", "failed to create client", err)
}
// Only override the HTTP client if insecure mode is explicitly requested
if insecure {
// #nosec G402 -- InsecureSkipVerify is intentionally enabled for home lab controllers
// with self-signed certificates. This is opt-in via the insecure parameter.
api.Client = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
},
},
}
}
return &Client{api: api, url: url}, nil
}
// API exposes the underlying SDK client for direct access.
func (c *Client) API() *uf.Unifi { return c.api }
// URL returns the UniFi controller URL.
func (c *Client) URL() string { return c.url }
Reference in a new issue View git blame Copy permalink