Merge pull request #1270 from zalando/gh-1185-add-skip-ssl-flag

Add an optional flag to skip SSL request verification
zalando · Jun 29, 2021 · 37fa75b · 37fa75b
2 parents a343dbe + 997339a
commit 37fa75b
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 19 deletions.
diff --git a/cli/zally/app.go b/cli/zally/app.go
@@ -34,6 +34,10 @@ func CreateApp() *cli.App {
 			Usage: "Output format `[pretty|markdown|text]`",
 			Value: "pretty",
 		},
+		cli.BoolFlag{
+			Name:  "skip-ssl-verification",
+			Usage: "Skip SSL certificate verification when sending a request to linter service",
+		},
 	}
 
 	return app

diff --git a/cli/zally/commands/lint.go b/cli/zally/commands/lint.go
@@ -41,10 +41,10 @@ func lint(c *cli.Context) error {
 	if err != nil {
 		return domain.NewAppError(err, domain.ClientError)
 	}
-
+	skipSslVerification := c.Bool("skip-ssl-verification")
 	requestBuilder := utils.NewRequestBuilder(
 		c.GlobalString("linter-service"), c.GlobalString("token"), c.App)
-	violations, err := doRequest(requestBuilder, data)
+	violations, err := doRequest(requestBuilder, data, skipSslVerification)
 	if err != nil {
 		return domain.NewAppError(err, domain.ServerError)
 	}
@@ -100,7 +100,7 @@ func readRemoteFile(url string) ([]byte, error) {
 	return ioutil.ReadAll(response.Body)
 }
 
-func doRequest(requestBuilder *utils.RequestBuilder, data string) (*domain.Violations, error) {
+func doRequest(requestBuilder *utils.RequestBuilder, data string, skipSslVerification bool) (*domain.Violations, error) {
 	var apiViolationsRequest domain.APIViolationsRequest
 	apiViolationsRequest.APIDefinitionString = data
 	requestBody, err := json.MarshalIndent(apiViolationsRequest, "", "  ")
@@ -113,7 +113,7 @@ func doRequest(requestBuilder *utils.RequestBuilder, data string) (*domain.Viola
 		return nil, err
 	}
 
-	response, err := utils.DoHTTPRequest(request)
+	response, err := utils.DoHTTPRequest(request, skipSslVerification)
 	if err != nil {
 		return nil, err
 	}

diff --git a/cli/zally/commands/lint_test.go b/cli/zally/commands/lint_test.go
@@ -64,7 +64,7 @@ func TestDoRequest(t *testing.T) {
 		requestBuilder := utils.NewRequestBuilder(testServer.URL, "", app)
 		data, _ := readFile("testdata/minimal_swagger.json")
 
-		violations, err := doRequest(requestBuilder, data)
+		violations, err := doRequest(requestBuilder, data, false)
 
 		tests.AssertEquals(t, nil, err)
 		tests.AssertEquals(t, "First Violation", violations.Violations[0].Title)
@@ -81,7 +81,7 @@ func TestDoRequest(t *testing.T) {
 		requestBuilder := utils.NewRequestBuilder(testServer.URL, "", app)
 		data, _ := readFile("testdata/minimal_swagger.json")
 
-		violations, err := doRequest(requestBuilder, data)
+		violations, err := doRequest(requestBuilder, data, false)
 
 		tests.AssertEquals(t, "Cannot submit file for linting. HTTP Status: 404, Response: Not Found\n", err.Error())
 		tests.AssertEquals(t, (*domain.Violations)(nil), violations)
@@ -99,7 +99,7 @@ func TestDoRequest(t *testing.T) {
 		requestBuilder := utils.NewRequestBuilder(testServer.URL, "", app)
 		data, _ := readFile("testdata/minimal_swagger.json")
 
-		violations, err := doRequest(requestBuilder, data)
+		violations, err := doRequest(requestBuilder, data, false)
 
 		expectedError := fmt.Sprintf(
 			"Post \"%s/api-violations\": context deadline exceeded"+

diff --git a/cli/zally/commands/supported_rules.go b/cli/zally/commands/supported_rules.go
@@ -43,7 +43,7 @@ func listRules(c *cli.Context) error {
 
 	requestBuilder := utils.NewRequestBuilder(
 		c.GlobalString("linter-service"), c.GlobalString("token"), c.App)
-	rules, err := fetchRules(requestBuilder, ruleType)
+	rules, err := fetchRules(requestBuilder, ruleType, c.Bool("skip-ssl-verification"))
 	if err != nil {
 		return domain.NewAppError(err, domain.ServerError)
 	}
@@ -66,7 +66,7 @@ func validateType(ruleType string) error {
 	return fmt.Errorf("%s is not supported", ruleType)
 }
 
-func fetchRules(requestBuilder *utils.RequestBuilder, rulesType string) (*domain.Rules, error) {
+func fetchRules(requestBuilder *utils.RequestBuilder, rulesType string, skipSslVerification bool) (*domain.Rules, error) {
 	uri := "/supported-rules?is_active=true"
 	if rulesType != "" {
 		uri += "&type=" + rulesType
@@ -76,7 +76,7 @@ func fetchRules(requestBuilder *utils.RequestBuilder, rulesType string) (*domain
 		return nil, err
 	}
 
-	response, err := utils.DoHTTPRequest(request)
+	response, err := utils.DoHTTPRequest(request, skipSslVerification)
 	if err != nil {
 		return nil, err
 	}

diff --git a/cli/zally/commands/supported_rules_test.go b/cli/zally/commands/supported_rules_test.go
@@ -70,7 +70,7 @@ func TestFetchRules(t *testing.T) {
 		defer testServer.Close()
 
 		requestBuilder := utils.NewRequestBuilder(testServer.URL, "", app)
-		rules, err := fetchRules(requestBuilder, "")
+		rules, err := fetchRules(requestBuilder, "", false)
 
 		tests.AssertEquals(t, nil, err)
 		tests.AssertEquals(t, len(rules.Rules), 15)
@@ -90,7 +90,7 @@ func TestFetchRules(t *testing.T) {
 		defer testServer.Close()
 
 		requestBuilder := utils.NewRequestBuilder(testServer.URL, "", app)
-		rules, err := fetchRules(requestBuilder, "")
+		rules, err := fetchRules(requestBuilder, "", false)
 
 		tests.AssertEquals(t, "Cannot submit file for linting. HTTP Status: 400, Response: Something went wrong", err.Error())
 		tests.AssertEquals(t, (*domain.Rules)(nil), rules)
@@ -107,7 +107,7 @@ func TestFetchRules(t *testing.T) {
 		defer testServer.Close()
 
 		requestBuilder := utils.NewRequestBuilder(testServer.URL, "", app)
-		fetchRules(requestBuilder, "must")
+		fetchRules(requestBuilder, "must", false)
 	})
 }
 

diff --git a/cli/zally/utils/http_client.go b/cli/zally/utils/http_client.go
@@ -1,17 +1,30 @@
 package utils
 
 import (
+	"crypto/tls"
 	"net/http"
 	"time"
 )
 
 const httpTimeout = 5 * time.Second
 
 // DoHTTPRequest makes an HTTP request with timeout
-func DoHTTPRequest(request *http.Request) (*http.Response, error) {
-	timeout := time.Duration(httpTimeout)
-	client := &http.Client{
-		Timeout: timeout,
+func DoHTTPRequest(request *http.Request, skipSslVerification bool) (*http.Response, error) {
+	timeout := httpTimeout
+	var client *http.Client
+
+	if skipSslVerification {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+		client = &http.Client{
+			Timeout:   timeout,
+			Transport: tr,
+		}
+	} else {
+		client = &http.Client{
+			Timeout: timeout,
+		}
 	}
 	return client.Do(request)
 }
diff --git a/cli/zally/utils/http_client_test.go b/cli/zally/utils/http_client_test.go
@@ -22,7 +22,7 @@ func TestListRules(t *testing.T) {
 		defer testServer.Close()
 
 		request, err := http.NewRequest("GET", testServer.URL, nil)
-		response, err := DoHTTPRequest(request)
+		response, err := DoHTTPRequest(request, false)
 		assert.Nil(t, err)
 
 		responseBody, _ := ioutil.ReadAll(response.Body)
@@ -40,7 +40,7 @@ func TestListRules(t *testing.T) {
 		defer testServer.Close()
 
 		request, err := http.NewRequest("GET", testServer.URL, nil)
-		response, err := DoHTTPRequest(request)
+		response, err := DoHTTPRequest(request, false)
 
 		expectedError := fmt.Sprintf(
 			"Get \"%s\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)",