Added InsecureSkipVerify flag (#191)

flyteorg · Jul 1, 2021 · 064f826 · 064f826
1 parent fe190b4
commit 064f826
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 3 deletions.
diff --git a/flyteidl/clients/go/admin/client.go b/flyteidl/clients/go/admin/client.go
@@ -2,6 +2,7 @@ package admin
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"strings"
@@ -185,7 +186,7 @@ func InitializeAuthMetadataClient(ctx context.Context, cfg *Config) (client serv
 	return service.NewAuthMetadataServiceClient(authMetadataConnection), nil
 }
 
-func NewAdminConnection(_ context.Context, cfg *Config, opts ...grpc.DialOption) (*grpc.ClientConn, error) {
+func NewAdminConnection(ctx context.Context, cfg *Config, opts ...grpc.DialOption) (*grpc.ClientConn, error) {
 	if opts == nil {
 		// Initialize opts list to the potential number of options we will add. Initialization optimizes memory
 		// allocation.
@@ -196,7 +197,17 @@ func NewAdminConnection(_ context.Context, cfg *Config, opts ...grpc.DialOption)
 		opts = append(opts, grpc.WithInsecure())
 	} else {
 		// TODO: as of Go 1.11.4, this is not supported on Windows. https://github.com/golang/go/issues/16736
-		creds := credentials.NewClientTLSFromCert(nil, "")
+		var creds credentials.TransportCredentials
+		if cfg.InsecureSkipVerify {
+			logger.Warnf(ctx, "using insecureSkipVerify. Server's certificate chain and host name wont be verified. Caution : shouldn't be used for production usecases")
+			tlsConfig := &tls.Config{
+				InsecureSkipVerify: true, //nolint
+
+			}
+			creds = credentials.NewTLS(tlsConfig)
+		} else {
+			creds = credentials.NewClientTLSFromCert(nil, "")
+		}
 		opts = append(opts, grpc.WithTransportCredentials(creds))
 	}
 

diff --git a/flyteidl/clients/go/admin/client_test.go b/flyteidl/clients/go/admin/client_test.go
@@ -75,7 +75,7 @@ func TestGetAdditionalAdminClientConfigOptions(t *testing.T) {
 	})
 
 	t.Run("legal-from-config", func(t *testing.T) {
-		clientSet, err := initializeClients(ctx, &Config{}, nil)
+		clientSet, err := initializeClients(ctx, &Config{InsecureSkipVerify: true}, nil)
 		assert.NoError(t, err)
 		assert.NotNil(t, clientSet)
 		assert.NotNil(t, clientSet.AuthMetadataClient())

diff --git a/flyteidl/clients/go/admin/config.go b/flyteidl/clients/go/admin/config.go
@@ -37,6 +37,7 @@ const (
 type Config struct {
 	Endpoint              config.URL      `json:"endpoint" pflag:",For admin types, specify where the uri of the service is located."`
 	UseInsecureConnection bool            `json:"insecure" pflag:",Use insecure connection."`
+	InsecureSkipVerify    bool            `json:"insecureSkipVerify" pflag:",InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. Caution : shouldn't be use for production usecases'"`
 	MaxBackoffDelay       config.Duration `json:"maxBackoffDelay" pflag:",Max delay for grpc backoff"`
 	PerRetryTimeout       config.Duration `json:"perRetryTimeout" pflag:",gRPC per retry timeout"`
 	MaxRetries            int             `json:"maxRetries" pflag:",Max number of gRPC retries"`

diff --git a/flyteidl/clients/go/admin/config_flags.go b/flyteidl/clients/go/admin/config_flags.go
diff --git a/flyteidl/clients/go/admin/config_flags_test.go b/flyteidl/clients/go/admin/config_flags_test.go