Add insecure-skip-tls-verify option in cluster's secret #17
Add insecure-skip-tls-verify option in cluster's secret #17
Conversation
pkg/clusterclientstore/store.go
Outdated
@@ -332,5 +341,11 @@ func buildConfig(host string, secret *corev1.Secret, restTimeout *time.Duration) | |||
config.KeyData = key | |||
} | |||
|
|||
return config | |||
if insecureSkipTlsVerify, err := util.GetBool(secret, "tls.insecure-skip-tls-verify"); err != nil && util.IsDecodeError(err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems a little funky to filter for IsDecodeError
like this.
I'd hope that in 99% of cases we take the branch that involves insecureSkipTLSVerify
being missing from the Secret: IMO the production secrets should not have this key present at all, since the consequences of it being interpreted as "true" are significant.
The way this is written, it isn't immediately obvious to me what will happen if that key is not present (will we assign "nil" to that field in the config? but the config field is a bool? does this even compile?) -- after reading the inner function I can see its OK, it just seems like it could be clearer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
insecureSkipTlsVerify
is a bool
, and util.GetBool
returns false
in case an error is returned. The check on IsDecodeError
is meant to catch cases where the value exists in the secret but couldn't be decoded (base64.StdEncoding.DecodeString
has failed) or parsed (strconv.ParseBool
has failed).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From our conversation offline earlier, I'll change this implementation to fetch the insecure "flag" from the v1.Secret label instead, since the cluster secret was intended initially to contain only client identification information, which insecure-skip-tls-verify
clearly isn't.
} | ||
} | ||
|
||
return false, &KeyNotFoundError{Key: k} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Following up from the earlier comment, I think KeyNotFoundError
isn't really an error, perhaps -- it seems fine to me to have a secret which does not specify insecureSkipTLSVerify
at all.
It strikes me as a (minor) bug in Docker that it requires this setting to be present in order to work, so I'd like us to be soft about expecting it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another option would be return (*bool, err)
. This would make possible for util.GetBool
to return the nil, nil
tuple, but would still require an extra check on whether *bool
is nil or has a value.
This would require the caller to use it like the following:
if v, err := util.GetBool(secret, "k"); err != nil {
// Decode or ParseBool error
} else if v != nil {
// Do something with v here.
}
aa01098
to
30f3bed
Compare
If the 'tls.insecure-skip-tls-verify' key is found in the cluster secret data, configure the client to allow insecure connections. Having this option makes it easier to develop Shipper against Docker for Desktop's Kubernetes instead of Minikube.
If the 'tls.insecure-skip-tls-verify' key is found in the cluster secret data, configure the e2e client to allow insecure connections.
Refactor the code to extract 'tls.insecure-skip-tls-verify' from multiple places to util.GetBool(v1.Secret, string).
30f3bed
to
17d1878
Compare
I think it should be an annotation, not a label. Perhaps |
I didn't explore this path since it can be easier to search for cluster secrets with this particular label than annotations (as in But yes, after revisiting labels (meant to be consumed by humans) and annotations (meant to be used as internal metadata) I'll use an annotation instead. |
If the 'tls.insecure-skip-tls-verify' key is found in the cluster secret
data, configure the client to allow insecure connections. Having this
option makes it easier to develop Shipper against Docker for Desktop's
Kubernetes instead of Minikube.