From 78d23641999c50ecff1aa4e484042e16a1b9201d Mon Sep 17 00:00:00 2001 From: divolgin Date: Fri, 14 Feb 2020 22:43:00 +0000 Subject: [PATCH] Don't verify TLS certs on support bundle requests --- cmd/troubleshoot/cli/root.go | 1 + cmd/troubleshoot/cli/run.go | 28 ++++++++++++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/cmd/troubleshoot/cli/root.go b/cmd/troubleshoot/cli/root.go index d2220ac1..1ac814c4 100644 --- a/cmd/troubleshoot/cli/root.go +++ b/cmd/troubleshoot/cli/root.go @@ -44,6 +44,7 @@ from a server that can be used to assist when troubleshooting a server.`, cmd.Flags().String("pullpolicy", "", "the pull policy of the collector image") cmd.Flags().Bool("redact", true, "enable/disable default redactions") cmd.Flags().Bool("collect-without-permissions", false, "always run troubleshoot collectors even if some require permissions that troubleshoot does not have") + cmd.Flags().Bool("allow-insecure-connections", false, "don't verify TLS certs when retrieving spec and reporting results") cmd.Flags().String("serviceaccount", "", "name of the service account to use. if not provided, one will be created") viper.BindPFlags(cmd.Flags()) diff --git a/cmd/troubleshoot/cli/run.go b/cmd/troubleshoot/cli/run.go index 50d8dde5..6774cf7d 100644 --- a/cmd/troubleshoot/cli/run.go +++ b/cmd/troubleshoot/cli/run.go @@ -1,6 +1,7 @@ package cli import ( + "crypto/tls" "encoding/base64" "encoding/json" "fmt" @@ -23,10 +24,22 @@ import ( "github.com/replicatedhq/troubleshoot/pkg/collect" ) +var ( + httpClient *http.Client +) + func runTroubleshoot(v *viper.Viper, arg string) error { fmt.Print(cursor.Hide()) defer fmt.Print(cursor.Show()) + if v.GetBool("allow-insecure-connections") { + httpClient = &http.Client{Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }} + } else { + httpClient = http.DefaultClient + } + collectorContent := "" if !isURL(arg) { if _, err := os.Stat(arg); os.IsNotExist(err) { @@ -45,7 +58,7 @@ func runTroubleshoot(v *viper.Viper, arg string) error { return errors.Wrap(err, "make request") } req.Header.Set("User-Agent", "Replicated_Troubleshoot/v1beta1") - resp, err := http.DefaultClient.Do(req) + resp, err := httpClient.Do(req) if err != nil { return errors.Wrap(err, "execute request") } @@ -120,12 +133,15 @@ the %s Admin Console to begin analysis.` for _, ac := range collector.Spec.AfterCollection { if ac.UploadResultsTo != nil { if err := uploadSupportBundle(ac.UploadResultsTo, archivePath); err != nil { - return errors.Wrap(err, "upload support bundle") + c := color.New(color.FgHiRed) + c.Printf("%s\r * Failed to upload support bundle: %v\n", cursor.ClearEntireLine(), err) + } else { + fileUploaded = true } - fileUploaded = true } else if ac.Callback != nil { if err := callbackSupportBundleAPI(ac.Callback, archivePath); err != nil { - return errors.Wrap(err, "execute callback") + c := color.New(color.FgHiRed) + c.Printf("%s\r * Failed to notify API that support bundle has been uploaded: %v\n", cursor.ClearEntireLine(), err) } } } @@ -299,7 +315,7 @@ func uploadSupportBundle(r *troubleshootv1beta1.ResultRequest, archivePath strin req.Header.Set("Content-Type", contentType) } - resp, err := http.DefaultClient.Do(req) + resp, err := httpClient.Do(req) if err != nil { return errors.Wrap(err, "execute request") } @@ -325,7 +341,7 @@ func callbackSupportBundleAPI(r *troubleshootv1beta1.ResultRequest, archivePath return errors.Wrap(err, "create request") } - resp, err := http.DefaultClient.Do(req) + resp, err := httpClient.Do(req) if err != nil { return errors.Wrap(err, "execute request") }