Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for --insecure-skip-tls-verify option #198

Merged
merged 2 commits into from
Apr 14, 2020
Merged

Add support for --insecure-skip-tls-verify option #198

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c8b9314
fix typo in error message
glb Nov 19, 2019
0b09e3a
Add support for --insecure-skip-tls-verify option
glb Nov 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions kubeval/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ type Config struct {
// Quiet indicates whether non-results output should be emitted to the applications
// log.
Quiet bool

// InsecureSkipTLSVerify controls whether to skip TLS certificate validation
// when retrieving schema content over HTTPS
InsecureSkipTLSVerify bool
}

// NewDefaultConfig creates a Config with default values
Expand All @@ -80,6 +84,7 @@ func AddKubevalFlags(cmd *cobra.Command, config *Config) *cobra.Command {
cmd.Flags().StringVarP(&config.KubernetesVersion, "kubernetes-version", "v", "master", "Version of Kubernetes to validate against")
cmd.Flags().StringVarP(&config.OutputFormat, "output", "o", "", fmt.Sprintf("The format of the output of this script. Options are: %v", validOutputs()))
cmd.Flags().BoolVar(&config.Quiet, "quiet", false, "Silences any output aside from the direct results")
cmd.Flags().BoolVar(&config.InsecureSkipTLSVerify, "insecure-skip-tls-verify", false, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")

return cmd
}
2 changes: 1 addition & 1 deletion kubeval/kubeval.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ func downloadSchema(resource *ValidationResult, schemaCache map[string]*gojsonsc
return schema, nil
}
// We couldn't find a schema for this URL, so take a note, then try the next URL
wrappedErr := fmt.Errorf("Failed initalizing schema %s: %s", schemaRef, err)
wrappedErr := fmt.Errorf("Failed initializing schema %s: %s", schemaRef, err)
errors = multierror.Append(errors, wrappedErr)
}

Expand Down
13 changes: 13 additions & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@ package main
import (
"bufio"
"bytes"
"crypto/tls"
"errors"
"fmt"
"io/ioutil"
"net/http"
"os"
"path/filepath"
"runtime"
Expand Down Expand Up @@ -43,6 +45,17 @@ var RootCmd = &cobra.Command{
if config.IgnoreMissingSchemas && !config.Quiet {
log.Warn("Set to ignore missing schemas")
}

// This is not particularly secure but we highlight that with the name of
// the config item. It would be good to also support a configurable set of
// trusted certificate authorities as in the `--certificate-authority`
// kubectl option.
if config.InsecureSkipTLSVerify {
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}

success := true
windowsStdinIssue := false
outputManager := kubeval.GetOutputManager(config.OutputFormat)
Expand Down