From a23ee4794227d230d124f476b63239f6843687d9 Mon Sep 17 00:00:00 2001 From: pmahindrakar-oss Date: Thu, 1 Jul 2021 19:52:57 +0530 Subject: [PATCH] Added InsecureSkipVerify flag (#191) Signed-off-by: Eduardo Apolinario --- flyteidl/clients/go/admin/client.go | 15 +++++++++++++-- flyteidl/clients/go/admin/client_test.go | 2 +- flyteidl/clients/go/admin/config.go | 1 + flyteidl/clients/go/admin/config_flags.go | 1 + flyteidl/clients/go/admin/config_flags_test.go | 14 ++++++++++++++ 5 files changed, 30 insertions(+), 3 deletions(-) diff --git a/flyteidl/clients/go/admin/client.go b/flyteidl/clients/go/admin/client.go index 717cc9a0016..fa9a07cbcde 100644 --- a/flyteidl/clients/go/admin/client.go +++ b/flyteidl/clients/go/admin/client.go @@ -2,6 +2,7 @@ package admin import ( "context" + "crypto/tls" "fmt" "io/ioutil" "strings" @@ -185,7 +186,7 @@ func InitializeAuthMetadataClient(ctx context.Context, cfg *Config) (client serv return service.NewAuthMetadataServiceClient(authMetadataConnection), nil } -func NewAdminConnection(_ context.Context, cfg *Config, opts ...grpc.DialOption) (*grpc.ClientConn, error) { +func NewAdminConnection(ctx context.Context, cfg *Config, opts ...grpc.DialOption) (*grpc.ClientConn, error) { if opts == nil { // Initialize opts list to the potential number of options we will add. Initialization optimizes memory // allocation. @@ -196,7 +197,17 @@ func NewAdminConnection(_ context.Context, cfg *Config, opts ...grpc.DialOption) opts = append(opts, grpc.WithInsecure()) } else { // TODO: as of Go 1.11.4, this is not supported on Windows. https://github.com/golang/go/issues/16736 - creds := credentials.NewClientTLSFromCert(nil, "") + var creds credentials.TransportCredentials + if cfg.InsecureSkipVerify { + logger.Warnf(ctx, "using insecureSkipVerify. Server's certificate chain and host name wont be verified. Caution : shouldn't be used for production usecases") + tlsConfig := &tls.Config{ + InsecureSkipVerify: true, //nolint + + } + creds = credentials.NewTLS(tlsConfig) + } else { + creds = credentials.NewClientTLSFromCert(nil, "") + } opts = append(opts, grpc.WithTransportCredentials(creds)) } diff --git a/flyteidl/clients/go/admin/client_test.go b/flyteidl/clients/go/admin/client_test.go index b8c5866e0a2..c0d0a596285 100644 --- a/flyteidl/clients/go/admin/client_test.go +++ b/flyteidl/clients/go/admin/client_test.go @@ -75,7 +75,7 @@ func TestGetAdditionalAdminClientConfigOptions(t *testing.T) { }) t.Run("legal-from-config", func(t *testing.T) { - clientSet, err := initializeClients(ctx, &Config{}, nil) + clientSet, err := initializeClients(ctx, &Config{InsecureSkipVerify: true}, nil) assert.NoError(t, err) assert.NotNil(t, clientSet) assert.NotNil(t, clientSet.AuthMetadataClient()) diff --git a/flyteidl/clients/go/admin/config.go b/flyteidl/clients/go/admin/config.go index af1d4f9fbe5..5dc96b5ef7b 100644 --- a/flyteidl/clients/go/admin/config.go +++ b/flyteidl/clients/go/admin/config.go @@ -37,6 +37,7 @@ const ( type Config struct { Endpoint config.URL `json:"endpoint" pflag:",For admin types, specify where the uri of the service is located."` UseInsecureConnection bool `json:"insecure" pflag:",Use insecure connection."` + InsecureSkipVerify bool `json:"insecureSkipVerify" pflag:",InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. Caution : shouldn't be use for production usecases'"` MaxBackoffDelay config.Duration `json:"maxBackoffDelay" pflag:",Max delay for grpc backoff"` PerRetryTimeout config.Duration `json:"perRetryTimeout" pflag:",gRPC per retry timeout"` MaxRetries int `json:"maxRetries" pflag:",Max number of gRPC retries"` diff --git a/flyteidl/clients/go/admin/config_flags.go b/flyteidl/clients/go/admin/config_flags.go index 6482dde1928..8dda4a6b5cd 100755 --- a/flyteidl/clients/go/admin/config_flags.go +++ b/flyteidl/clients/go/admin/config_flags.go @@ -52,6 +52,7 @@ func (cfg Config) GetPFlagSet(prefix string) *pflag.FlagSet { cmdFlags := pflag.NewFlagSet("Config", pflag.ExitOnError) cmdFlags.String(fmt.Sprintf("%v%v", prefix, "endpoint"), defaultConfig.Endpoint.String(), "For admin types, specify where the uri of the service is located.") cmdFlags.Bool(fmt.Sprintf("%v%v", prefix, "insecure"), defaultConfig.UseInsecureConnection, "Use insecure connection.") + cmdFlags.Bool(fmt.Sprintf("%v%v", prefix, "insecureSkipVerify"), defaultConfig.InsecureSkipVerify, "InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. Caution : shouldn't be use for production usecases'") cmdFlags.String(fmt.Sprintf("%v%v", prefix, "maxBackoffDelay"), defaultConfig.MaxBackoffDelay.String(), "Max delay for grpc backoff") cmdFlags.String(fmt.Sprintf("%v%v", prefix, "perRetryTimeout"), defaultConfig.PerRetryTimeout.String(), "gRPC per retry timeout") cmdFlags.Int(fmt.Sprintf("%v%v", prefix, "maxRetries"), defaultConfig.MaxRetries, "Max number of gRPC retries") diff --git a/flyteidl/clients/go/admin/config_flags_test.go b/flyteidl/clients/go/admin/config_flags_test.go index deeebfad376..f6055d05fd0 100755 --- a/flyteidl/clients/go/admin/config_flags_test.go +++ b/flyteidl/clients/go/admin/config_flags_test.go @@ -127,6 +127,20 @@ func TestConfig_SetFlags(t *testing.T) { } }) }) + t.Run("Test_insecureSkipVerify", func(t *testing.T) { + + t.Run("Override", func(t *testing.T) { + testValue := "1" + + cmdFlags.Set("insecureSkipVerify", testValue) + if vBool, err := cmdFlags.GetBool("insecureSkipVerify"); err == nil { + testDecodeJson_Config(t, fmt.Sprintf("%v", vBool), &actual.InsecureSkipVerify) + + } else { + assert.FailNow(t, err.Error()) + } + }) + }) t.Run("Test_maxBackoffDelay", func(t *testing.T) { t.Run("Override", func(t *testing.T) {