Added --insecure option for configure

ThreeDotsLabs · Dec 2, 2021 · 8f9c166 · 8f9c166
1 parent bd46161
commit 8f9c166
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 5 deletions.
diff --git a/tdl/main.go b/tdl/main.go
@@ -70,6 +70,11 @@ var app = &cli.App{
 							Usage:  "custom server",
 							Hidden: true,
 						},
+						&cli.BoolFlag{
+							Name:   "insecure",
+							Usage:  "do not verify certificate",
+							Hidden: true,
+						},
 						&cli.BoolFlag{
 							Name:  "override",
 							Usage: "if config already exists, it will be overridden",
@@ -87,6 +92,7 @@ var app = &cli.App{
 							token,
 							c.String("server"),
 							c.Bool("override"),
+							c.Bool("insecure"),
 						)
 					},
 				},

diff --git a/trainings/config/global.go b/trainings/config/global.go
@@ -16,6 +16,7 @@ import (
 type GlobalConfig struct {
 	Token      string `toml:"token"`
 	ServerAddr string `toml:"server_addr"`
+	Insecure   bool   `toml:"insecure"`
 }
 
 func globalConfigPath() string {

diff --git a/trainings/configure.go b/trainings/configure.go
@@ -8,12 +8,12 @@ import (
 	"github.com/ThreeDotsLabs/cli/trainings/genproto"
 )
 
-func (h *Handlers) ConfigureGlobally(ctx context.Context, token, serverAddr string, override bool) error {
+func (h *Handlers) ConfigureGlobally(ctx context.Context, token, serverAddr string, override, insecure bool) error {
 	if !override && h.config.ConfiguredGlobally() {
 		return errors.New("trainings are already configured. Please pass --override flag to configure again")
 	}
 
-	if _, err := h.newGrpcClientWithAddr(ctx, serverAddr).Init(
+	if _, err := h.newGrpcClientWithAddr(ctx, serverAddr, insecure).Init(
 		context.Background(),
 		&genproto.InitRequest{Token: token},
 	); err != nil {
@@ -23,5 +23,6 @@ func (h *Handlers) ConfigureGlobally(ctx context.Context, token, serverAddr stri
 	return h.config.WriteGlobalConfig(config.GlobalConfig{
 		Token:      token,
 		ServerAddr: serverAddr,
+		Insecure:   insecure,
 	})
 }
diff --git a/trainings/handlers.go b/trainings/handlers.go
@@ -3,7 +3,9 @@ package trainings
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 
+	"github.com/pkg/errors"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 
@@ -29,12 +31,31 @@ func NewHandlers() *Handlers {
 }
 
 func (h *Handlers) newGrpcClient(ctx context.Context) genproto.ServerClient {
-	return h.newGrpcClientWithAddr(ctx, h.config.GlobalConfig().ServerAddr)
+	globalConfig := h.config.GlobalConfig()
+
+	return h.newGrpcClientWithAddr(ctx, globalConfig.ServerAddr, globalConfig.Insecure)
 }
 
-func (h *Handlers) newGrpcClientWithAddr(ctx context.Context, addr string) genproto.ServerClient {
+func (h *Handlers) newGrpcClientWithAddr(ctx context.Context, addr string, insecure bool) genproto.ServerClient {
 	if h.grpcClient == nil {
-		conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure())
+		var opts []grpc.DialOption
+
+		if insecure {
+			opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{InsecureSkipVerify: true})))
+		} else {
+			systemRoots, err := x509.SystemCertPool()
+			if err != nil {
+				panic(errors.Wrap(err, "cannot load root CA cert"))
+			}
+			creds := credentials.NewTLS(&tls.Config{
+				RootCAs:    systemRoots,
+				MinVersion: tls.VersionTLS12,
+			})
+			opts = append(opts, grpc.WithTransportCredentials(creds))
+		}
+
+		conn, err := grpc.DialContext(ctx, addr, opts...)
+
 		if err != nil {
 			panic(err)
 		}