Add support for ca cert or skip verification in login handler

[vuil]

The TanzuLoginHandler now leverages ca cert data or skipVerify options provided via command line flags of tamzu login and tanzu context create commands, or cert information store for the issuer host. Upon successful usage of the flags, should they be provided, they will be persisted into corresponding cert information in the CLI configuration file.

What this PR does / why we need it

Which issue(s) this PR fixes

Fixes #

Describe testing done for PR

ran unit tests

additional manual testing:

• tanzu login ad tanzu context create on host requires custom CA now fails with message

./bin/tanzu login --endpoint https://wdc-10-83-114-248.nimbus.eng.vmware.com
[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://testhost/auth/oauth/authorize?client_id=tp_cli_app&code_challenge=CwBul4e8Q_khWPF6IyVVQ2EvL0FDh57YhLaGVJhwFGg&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A62969%2Fcallback&response_type=code&state=33851ac7e4211ffd958b152329dad515

    Optionally, paste your authorization code:
[i] failed to exchange auth code for OAuth tokens, err=Post "https://testhost/auth/oauth/token": tls: failed to verify certificate: x509: certificate signed by unknown authority
[!] Consider using 'tanzu config cert add' to configure certificate verification settings

• same commands with --insecure-skip-tls-verify flag sets successfully creates the context and now also updates the cert config map

> tanzu config cert list
  HOST            CA-CERTIFICATE  SKIP-CERT-VERIFICATION  INSECURE
  localhost:9876  <REDACTED>      false                   false

>  ./bin/tanzu login --endpoint https://testhost --insecure-skip-tls-verify
[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://testhost/auth/oauth/authorize?client_id=tp_cli_app&code_challenge=c4gvt1YqTrvwDn9AUc_BtFJUrICF-3sXg7nGW8LPRBE&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A65416%2Fcallback&response_type=code&state=6303fe5b2965df51565c6f008a1abb81

    Optionally, paste your authorization code: [...]


[ok] Successfully logged in to 'https://testhost' and created a tanzu context
> tanzu config cert list
  HOST                                     CA-CERTIFICATE  SKIP-CERT-VERIFICATION  INSECURE
  localhost:9876                           <REDACTED>      false                   false
  wdc-10-83-114-248.nimbus.eng.vmware.com  Not configured  true                    Not configured

• set cert config with tanzu config cert add --host testhost --skip-cert-verify true. Reran same commands without --insecure-skip-tls-verify and context is now successfully created

• tested with valid invalid ca certs

  tanzu config cert add --host test.host.com --ca-cert ~/good.ca.crt
  tanzu login --endpoint https://test.host.com  (succeeds)

  tanzu config cert update test.host.com --ca-cert ~/bad.ca.crt
  tanzu login --endpoint https://test.host.com  (fails with same "failed to verify certificate" error)

  tanzu config cert delete test.host.com
  tanzu login --endpoint https://test.host.com --endpoint-ca-certificate ~/good.ca.crt  (succeeds)

Release note

Add support for custom CA cert or explicit skipping of cert validation for UAA-based tanzu platform.

Additional information

Special notes for your reviewer

[anujc25]

LGTM

[prkalle]

LGTM. Thanks!