Issue with setting the cert using another profile
Closed this issue · 3 comments
I am using fcli.jar that is downloaded inside the fcli docker containing jdk-17 instead of the fcli docker due to incompatible architecture.
Due to security purposes, I have created a new profile, "fortifyci" with only a limited access. However, I realised that I could not set the cert in the "fortifyci" profile due to AccessDeniedException.
However, I am able to set it in the root user of the docker image, along with being able to access the ssc. When i returned back to see the truststore config in the "fortifyci" profile, it did not set the same cert.
Is there any other way I am able to set the cert in the new profile?
The Java version of fcli will by default use the trust store of the Java installation, so potentially you can just add the necessary certificates in the Java cacerts file.
The non-jar versions of fcli (native executables) don't need/use a Java installation and thus won't use the Java trust store; for those the trust store can be configured through the fcli config truststore commands. This configuration is stored in the user's home directory, hence this configuration won't be visible to other users (i.e., if you configure the trust store using the root user, the fortifyci user won't see this configuration).
If you get an access denied exception when trying to save the trust store configuration using the fortifyci user, this probably means that the fortifyci user doesn't have a proper home directory configured in your Docker image. This would likely also cause issues with other fcli commands, like fcli * session login, as those commands also store data in the user's home directory.
I'd recommend to try to fix the user home directory, making sure that a home directory is configured, and that this home directory exists and is writable by the user. Alternatively, you can use environment variables to configure where fcli should store its configuration and session files; see https://fortify.github.io/fcli/v2.1.0/#_fcli_data_folder. Obviously, these directories should be readable and writable by the fortifyci user.
Thank you for your information. Fixing the user home directory fixed the issue for me (checking the home directory and is usable for the user).
I would have asked in other channels but it seems like asking in github is the only way for this fcli. I will close this issue. Appreciate your help!
Thanks for confirming! Indeed, GitHub is the best place to ask questions/report bugs for fcli (and for various other open-source integrations hosted on github.com).