Merge pull request #29 from arcalot/insecure_skip_tls

[CHAOS] Added support for insecure-skip-tls-verify

config.go

@@ -29,14 +29,15 @@ type Connection struct {
 
 	ServerName string `json:"serverName,omitempty" yaml:"serverName,omitempty"`
 
-	CertData string `json:"cert,omitempty" yaml:"cert,omitempty"`
-	KeyData  string `json:"key,omitempty" yaml:"key,omitempty"`
-	CAData   string `json:"cacert,omitempty" yaml:"cacert,omitempty"`
+	CertData *string `json:"cert,omitempty" yaml:"cert,omitempty"`
+	KeyData  *string `json:"key,omitempty" yaml:"key,omitempty"`
+	CAData   *string `json:"cacert,omitempty" yaml:"cacert,omitempty"`
 
 	BearerToken string `json:"bearerToken,omitempty" yaml:"bearerToken,omitempty"`
 
-	QPS   float64 `json:"qps,omitempty" yaml:"qps,omitempty"`
-	Burst int64   `json:"burst,omitempty" yaml:"burst,omitempty"`
+	QPS      float64 `json:"qps,omitempty" yaml:"qps,omitempty"`
+	Burst    int64   `json:"burst,omitempty" yaml:"burst,omitempty"`
+	Insecure bool    `json:"insecure,omitempty" yaml:"insecure,omitempty"`
 }
 
 // Pod describes the pod to launch.

connector.go

@@ -53,7 +53,9 @@ func (c connector) Deploy(ctx context.Context, image string) (deployer.Plugin, e
 	if meta.Name == "" && meta.GenerateName == "" {
 		meta.GenerateName = "arcaflow-plugin-"
 	}
-
+	if c.config.Connection.Insecure {
+		c.logger.Warningf("Deploying without TLS verification, do it at your own risk.")
+	}
 	c.logger.Infof("Deploying pod from image %s...", image)
 	pod, err := c.cli.CoreV1().Pods(c.config.Pod.Metadata.Namespace).Create(
 		ctx,

connector_test.go

@@ -111,16 +111,35 @@ func getConfigStruct(t *testing.T) kubernetes.Config {
 		t.Skipf("Skipping test, load kubeconfig file from user home directory (%v)", err)
 	}
 
+	var certData *string
+	var keyData *string
+	var caData *string
+	if kubeconfig.CertData != nil {
+		certDataStr := string(kubeconfig.CertData)
+		certData = &certDataStr
+	}
+
+	if kubeconfig.KeyData != nil {
+		keyDataStr := string(kubeconfig.KeyData)
+		keyData = &keyDataStr
+	}
+
+	if kubeconfig.CAData != nil {
+		caDataStr := string(kubeconfig.CAData)
+		caData = &caDataStr
+	}
+
 	configStruct := kubernetes.Config{
 		Connection: kubernetes.Connection{
 			Host:        kubeconfig.Host,
 			APIPath:     kubeconfig.APIPath,
 			Username:    kubeconfig.Username,
 			Password:    kubeconfig.Password,
 			ServerName:  kubeconfig.ServerName,
-			CertData:    string(kubeconfig.CertData),
-			KeyData:     string(kubeconfig.KeyData),
-			CAData:      string(kubeconfig.CAData),
+			Insecure:    kubeconfig.Insecure,
+			CertData:    certData,
+			KeyData:     keyData,
+			CAData:      caData,
 			BearerToken: kubeconfig.BearerToken,
 			QPS:         float64(kubeconfig.QPS),
 			Burst:       int64(kubeconfig.Burst),

factory.go

@@ -55,6 +55,18 @@ func (f factory) Create(config *Config, logger log.Logger) (deployer.Connector,
 }
 
 func (f factory) createConnectionConfig(config *Config) restclient.Config {
+	caData := []byte("")
+	keyData := []byte("")
+	certData := []byte("")
+	if config.Connection.CAData != nil {
+		caData = []byte(*config.Connection.CAData)
+	}
+	if config.Connection.KeyData != nil {
+		keyData = []byte(*config.Connection.KeyData)
+	}
+	if config.Connection.CertData != nil {
+		certData = []byte(*config.Connection.CertData)
+	}
 	return restclient.Config{
 		Host:    config.Connection.Host,
 		APIPath: config.Connection.APIPath,
@@ -68,9 +80,10 @@ func (f factory) createConnectionConfig(config *Config) restclient.Config {
 		Impersonate: restclient.ImpersonationConfig{},
 		TLSClientConfig: restclient.TLSClientConfig{
 			ServerName: config.Connection.ServerName,
-			CertData:   []byte(config.Connection.CertData),
-			KeyData:    []byte(config.Connection.KeyData),
-			CAData:     []byte(config.Connection.CAData),
+			CertData:   certData,
+			KeyData:    keyData,
+			CAData:     caData,
+			Insecure:   config.Connection.Insecure,
 		},
 		UserAgent: "Arcaflow",
 		QPS:       float32(config.Connection.QPS),

schema.go

@@ -1104,6 +1104,20 @@ var Schema = schema.NewTypedScopeSchema[*Config](
 				schema.PointerTo(`10`),
 				nil,
 			).TreatEmptyAsDefaultValue(),
+			"insecure": schema.NewPropertySchema(
+				schema.NewBoolSchema(),
+				schema.NewDisplayValue(
+					schema.PointerTo("Insecure Connection"),
+					schema.PointerTo("Skip TLS certificate validation"),
+					nil,
+				),
+				false,
+				nil,
+				nil,
+				nil,
+				nil,
+				nil,
+			).TreatEmptyAsDefaultValue(),
 		},
 	),
 	// endregion