From 7c28176b2d20e8403f195c1a60d16397beda6b06 Mon Sep 17 00:00:00 2001
From: ricoberger <mail@ricoberger.de>
Date: Wed, 22 Apr 2020 19:26:13 +0200
Subject: [PATCH] Support insecure-skip-tls-verify and timeout

Add support for the insecure-skip-tls-verify parameter from the
Kubeconfig and for custom timeouts.
---
 request/request.go      | 10 ++++++----
 request/request_test.go | 21 ++++++++++++++++-----
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/request/request.go b/request/request.go
index cd746cd..cb74ec4 100644
--- a/request/request.go
+++ b/request/request.go
@@ -36,17 +36,17 @@ type APIError struct {
 }
 
 // Do runs the given HTTP request.
-func Do(method, url, body, certificateAuthorityData, clientCertificateData, clientKeyData, token, username, password string) (string, error) {
+func Do(method, url, body, certificateAuthorityData, clientCertificateData, clientKeyData, token, username, password string, insecureSkipTLSVerify bool, timeout int64) (string, error) {
 	var tlsConfig *tls.Config
 	var err error
 
-	tlsConfig, err = httpClientForRootCAs(certificateAuthorityData, clientCertificateData, clientKeyData)
+	tlsConfig, err = httpClientForRootCAs(certificateAuthorityData, clientCertificateData, clientKeyData, insecureSkipTLSVerify)
 	if err != nil {
 		return "", err
 	}
 
 	client := &http.Client{
-		Timeout: 60 * time.Second,
+		Timeout: time.Duration(timeout) * time.Second,
 		Transport: &http.Transport{
 			TLSClientConfig: tlsConfig,
 			Proxy:           http.ProxyFromEnvironment,
@@ -100,7 +100,7 @@ func Do(method, url, body, certificateAuthorityData, clientCertificateData, clie
 }
 
 // httpClientForRootCAs return an HTTP client which trusts the provided root CAs.
-func httpClientForRootCAs(certificateAuthorityData, clientCertificateData, clientKeyData string) (*tls.Config, error) {
+func httpClientForRootCAs(certificateAuthorityData, clientCertificateData, clientKeyData string, insecureSkipTLSVerify bool) (*tls.Config, error) {
 	tlsConfig := tls.Config{}
 
 	if certificateAuthorityData != "" {
@@ -121,6 +121,8 @@ func httpClientForRootCAs(certificateAuthorityData, clientCertificateData, clien
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
 
+	tlsConfig.InsecureSkipVerify = insecureSkipTLSVerify
+
 	return &tlsConfig, nil
 }
 
diff --git a/request/request_test.go b/request/request_test.go
index 39a18b5..9da0794 100644
--- a/request/request_test.go
+++ b/request/request_test.go
@@ -1,11 +1,12 @@
 // Usage:
 //   export API_URL=
-//   export CERTIFICATE_AUTHORITY_DATA=
-//   export CLIENT_CERTIFICATE_DATA=
-//   export CLIENT_KEY_DATA=
+//   export CERTIFICATE_AUTHORITY_DATA=`echo -n "<BASE64>" | base64 --decode`
+//   export CLIENT_CERTIFICATE_DATA=`echo -n "<BASE64>" | base64 --decode`
+//   export CLIENT_KEY_DATA=`echo -n "<BASE64>" | base64 --decode`
 //   export API_TOKEN=
 //   export API_USERNAME=
 //   export API_PASSWORD=
+//   export INSECURE_SKIP_TLS_VERIFY=
 //
 //   make test
 package request
@@ -24,8 +25,13 @@ func TestDoNamespaces(t *testing.T) {
 	username := os.Getenv("API_USERNAME")
 	password := os.Getenv("API_PASSWORD")
 
+	var insecureSkipTLSVerify bool
+	if os.Getenv("INSECURE_SKIP_TLS_VERIFY") != "" {
+		insecureSkipTLSVerify = true
+	}
+
 	// Get namespaces
-	data, err := Do("GET", url+"/api/v1/namespaces", "", certificateAuthorityData, clientCertificateData, clientKeyData, token, username, password)
+	data, err := Do("GET", url+"/api/v1/namespaces", "", certificateAuthorityData, clientCertificateData, clientKeyData, token, username, password, insecureSkipTLSVerify, 5)
 	if err != nil {
 		t.Errorf("Could not get namespaces: %s", err.Error())
 	}
@@ -42,8 +48,13 @@ func TestDoNonexistingResource(t *testing.T) {
 	username := os.Getenv("API_USERNAME")
 	password := os.Getenv("API_PASSWORD")
 
+	var insecureSkipTLSVerify bool
+	if os.Getenv("INSECURE_SKIP_TLS_VERIFY") != "" {
+		insecureSkipTLSVerify = true
+	}
+
 	// Try to get nonexisting resource
-	_, err := Do("GET", url+"/api/v1/nonexisting-resource", "", certificateAuthorityData, clientCertificateData, clientKeyData, token, username, password)
+	_, err := Do("GET", url+"/api/v1/nonexisting-resource", "", certificateAuthorityData, clientCertificateData, clientKeyData, token, username, password, insecureSkipTLSVerify, 5)
 	if err == nil {
 		t.Errorf("Get resource instead of nonexisting resource error")
 	}