From 8f9c166706c29b61a284dfdcd0110ca153445b6a Mon Sep 17 00:00:00 2001 From: Robert Laszczak Date: Thu, 2 Dec 2021 22:26:57 +0100 Subject: [PATCH] Added --insecure option for configure --- tdl/main.go | 6 ++++++ trainings/config/global.go | 1 + trainings/configure.go | 5 +++-- trainings/handlers.go | 27 ++++++++++++++++++++++++--- 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/tdl/main.go b/tdl/main.go index c0cab9e..5808d27 100644 --- a/tdl/main.go +++ b/tdl/main.go @@ -70,6 +70,11 @@ var app = &cli.App{ Usage: "custom server", Hidden: true, }, + &cli.BoolFlag{ + Name: "insecure", + Usage: "do not verify certificate", + Hidden: true, + }, &cli.BoolFlag{ Name: "override", Usage: "if config already exists, it will be overridden", @@ -87,6 +92,7 @@ var app = &cli.App{ token, c.String("server"), c.Bool("override"), + c.Bool("insecure"), ) }, }, diff --git a/trainings/config/global.go b/trainings/config/global.go index 99b0738..569840d 100644 --- a/trainings/config/global.go +++ b/trainings/config/global.go @@ -16,6 +16,7 @@ import ( type GlobalConfig struct { Token string `toml:"token"` ServerAddr string `toml:"server_addr"` + Insecure bool `toml:"insecure"` } func globalConfigPath() string { diff --git a/trainings/configure.go b/trainings/configure.go index 96a68ee..7b2a65b 100644 --- a/trainings/configure.go +++ b/trainings/configure.go @@ -8,12 +8,12 @@ import ( "github.com/ThreeDotsLabs/cli/trainings/genproto" ) -func (h *Handlers) ConfigureGlobally(ctx context.Context, token, serverAddr string, override bool) error { +func (h *Handlers) ConfigureGlobally(ctx context.Context, token, serverAddr string, override, insecure bool) error { if !override && h.config.ConfiguredGlobally() { return errors.New("trainings are already configured. Please pass --override flag to configure again") } - if _, err := h.newGrpcClientWithAddr(ctx, serverAddr).Init( + if _, err := h.newGrpcClientWithAddr(ctx, serverAddr, insecure).Init( context.Background(), &genproto.InitRequest{Token: token}, ); err != nil { @@ -23,5 +23,6 @@ func (h *Handlers) ConfigureGlobally(ctx context.Context, token, serverAddr stri return h.config.WriteGlobalConfig(config.GlobalConfig{ Token: token, ServerAddr: serverAddr, + Insecure: insecure, }) } diff --git a/trainings/handlers.go b/trainings/handlers.go index 5b191de..c781ea8 100644 --- a/trainings/handlers.go +++ b/trainings/handlers.go @@ -3,7 +3,9 @@ package trainings import ( "context" "crypto/tls" + "crypto/x509" + "github.com/pkg/errors" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -29,12 +31,31 @@ func NewHandlers() *Handlers { } func (h *Handlers) newGrpcClient(ctx context.Context) genproto.ServerClient { - return h.newGrpcClientWithAddr(ctx, h.config.GlobalConfig().ServerAddr) + globalConfig := h.config.GlobalConfig() + + return h.newGrpcClientWithAddr(ctx, globalConfig.ServerAddr, globalConfig.Insecure) } -func (h *Handlers) newGrpcClientWithAddr(ctx context.Context, addr string) genproto.ServerClient { +func (h *Handlers) newGrpcClientWithAddr(ctx context.Context, addr string, insecure bool) genproto.ServerClient { if h.grpcClient == nil { - conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure()) + var opts []grpc.DialOption + + if insecure { + opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{InsecureSkipVerify: true}))) + } else { + systemRoots, err := x509.SystemCertPool() + if err != nil { + panic(errors.Wrap(err, "cannot load root CA cert")) + } + creds := credentials.NewTLS(&tls.Config{ + RootCAs: systemRoots, + MinVersion: tls.VersionTLS12, + }) + opts = append(opts, grpc.WithTransportCredentials(creds)) + } + + conn, err := grpc.DialContext(ctx, addr, opts...) + if err != nil { panic(err) }