Add an option to skip tls verification in HTTPOverRPC action (#356)

Snowflake-Labs · Oct 18, 2023 · 5912494 · 5912494
1 parent ccf262c
commit 5912494
Show file tree

Hide file tree

Showing 6 changed files with 208 additions and 66 deletions.
diff --git a/services/httpoverrpc/client/client.go b/services/httpoverrpc/client/client.go
@@ -201,6 +201,7 @@ type getCmd struct {
 	showResponseHeaders bool
 	protocol            string
 	hostname            string
+	insecureSkipVerify  bool
 }
 
 func (*getCmd) Name() string     { return "get" }
@@ -226,6 +227,7 @@ func (g *getCmd) SetFlags(f *flag.FlagSet) {
 	f.Var(&g.headers, "header", "Header to send in the request, may be specified multiple times.")
 	f.StringVar(&g.body, "body", "", "Body to send in request")
 	f.BoolVar(&g.showResponseHeaders, "show-response-headers", false, "If true, print response code and headers")
+	f.BoolVar(&g.insecureSkipVerify, "insecure-skip-tls-verify", false, "If true, skip TLS cert verification")
 }
 
 func (g *getCmd) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus {
@@ -266,6 +268,9 @@ func (g *getCmd) Execute(ctx context.Context, f *flag.FlagSet, args ...interface
 		Port:     int32(port),
 		Protocol: g.protocol,
 		Hostname: g.hostname,
+		Tlsconfig: &pb.TLSConfig{
+			InsecureSkipVerify: g.insecureSkipVerify,
+		},
 	}
 
 	resp, err := proxy.HostOneMany(ctx, req)

diff --git a/services/httpoverrpc/client/utils.go b/services/httpoverrpc/client/utils.go
@@ -39,12 +39,41 @@ var (
 )
 
 type HTTPTransporter struct {
-	conn *proxy.Conn
+	conn               *proxy.Conn
+	insecureSkipVerify bool
 }
 
-func NewHTTPTransporter(conn *proxy.Conn) *HTTPTransporter {
+type httpTransporterOptions struct {
+	insecureSkipVerify bool
+}
+
+type Option interface {
+	apply(*httpTransporterOptions)
+}
+
+type optionFunc func(*httpTransporterOptions)
+
+func (o optionFunc) apply(opts *httpTransporterOptions) {
+	o(opts)
+}
+
+func WithInsecureSkipVerify(insecureSkipVerify bool) Option {
+	return optionFunc(func(o *httpTransporterOptions) {
+		o.insecureSkipVerify = insecureSkipVerify
+	})
+}
+
+func NewHTTPTransporter(conn *proxy.Conn, opts ...Option) *HTTPTransporter {
+	options := &httpTransporterOptions{
+		insecureSkipVerify: false,
+	}
+
+	for _, opt := range opts {
+		opt.apply(options)
+	}
 	return &HTTPTransporter{
-		conn,
+		conn:               conn,
+		insecureSkipVerify: options.insecureSkipVerify,
 	}
 }
 
@@ -132,6 +161,9 @@ func (c *HTTPTransporter) RoundTrip(req *http.Request) (*http.Response, error) {
 		},
 		Protocol: req.URL.Scheme,
 		Hostname: req.URL.Hostname(),
+		Tlsconfig: &pb.TLSConfig{
+			InsecureSkipVerify: c.insecureSkipVerify,
+		},
 	}
 
 	port, errPort := getPort(req, reqPb.Protocol)

diff --git a/services/httpoverrpc/httpoverrpc.pb.go b/services/httpoverrpc/httpoverrpc.pb.go