feat: Support to ory hydra running in secure mode

[fjvierap]

We have a hydra instance running in https and we cannot use hydra-maester to communicate with our hydra instance. Hence we created this extension which allows:

• skip insecure verification in http client by adding insecure-skip-verify argument.
• Use github.com/go-openapi/runtime/clienttls client when a certificate loaded as tls-trust-store argument.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
2 out of 3 committers have signed the CLA.

✅ fjvierap
✅ colunira
❌ ORY Continuous Integration

---

ORY Continuous Integration seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[aeneasr]

Closing due to inactivity

[fjvierap]

@aeneasr for curiosity why is this closed?
It was just pending to review I think... Or is there some question not resolved or the code does not look good and I missed?

[aeneasr]

sorry my bad

[fjvierap]

sorry my bad

No problem ;)

[fjvierap]

@Demonsthere I updated PR based on your comments.

[Demonsthere]

Hi there @fjvierap thanks for the update! I will check as soon as able :)

[Demonsthere]

It's looking great 👍 The only improvement I can think of is a small test maybe here to create a client with and without trustStore.

[aeneasr]

@Demonsthere should I wait for #62 (comment) ?

[Demonsthere]

TBH I'm conflicted here. After some evaluation I see that we do not have any test that verifies if the hydraClient is created correctly, which should be addressed. However, fixing that seems outside of the scope of this PR. Maybe we should accept this PR as is, and define a task with adding the missing tests?

[aeneasr]

According to our contribution guidelines, if it is required for you to verify that the change is doing what it is supposed to do, then asking for a test as a requirement for merging the PR is in scope :)

[fjvierap]

TBH I'm conflicted here. After some evaluation I see that we do not have any test that verifies if the hydraClient is created correctly, which should be addressed. However, fixing that seems outside of the scope of this PR. Maybe we should accept this PR as is, and define a task with adding the missing tests?

For that we will need to move getHydraClientMaker to a separate package... Which package name you suggest to move the function?

[Demonsthere]

imho, getHydraClientMaker is a wrapper for controllers.HydraClientMakerFunc, and we might even be able to get rid of it. Alternatively i'd say helpers package

[fjvierap]

imho, getHydraClientMaker is a wrapper for controllers.HydraClientMakerFunc, and we might even be able to get rid of it. Alternatively i'd say helpers package

Could you please check my last 2 commit and let me know if that is you expect?

[Demonsthere]

It's looking great! Just a few little improvements ;)

[fjvierap]

It's looking great! Just a few little improvements ;)

Hi I added the improvements you suggested ;)

[Demonsthere]

Since we control what error will be returned here, maybe we could check not only if the err is not nil, but if it the one we expect?

[Demonsthere]

I just noticed that the new package is not by default included in the makefile target so the tests for it won't run. Could you please add it there? Then we will see if the test are correct :)

[Demonsthere]

LGTM :)

[aeneasr]

Thank you! Could you please rebase/merge with master? Then we can merge it right away!