add -insecure-skip-tls-verify

2026-02-11 14:09:21 +00:00 · 2020-11-08 13:06:21 +01:00 · 2020-11-08 13:06:21 +01:00 · ec56304efd
commit ec56304efd
parent b162c5b6f5
5 changed files with 13 additions and 4 deletions
--- a/Readme.md
+++ b/Readme.md
@ -53,6 +53,8 @@ Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]...
  -h    show help information
  -ignore-missing-schemas
        skip files with missing schemas instead of failing
+  -insecure-skip-tls-verify
+        disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
  -kubernetes-version string
        version of Kubernetes to validate against (default "1.18.0")
  -n int
--- a/cmd/kubeconform/main.go
+++ b/cmd/kubeconform/main.go
@ -150,7 +150,7 @@ func realMain() int {

 	registries := []registry.Registry{}
 	for _, schemaLocation := range cfg.SchemaLocations {
-		registries = append(registries, registry.New(schemaLocation, cfg.Strict))
+		registries = append(registries, registry.New(schemaLocation, cfg.Strict, cfg.SkipTLS))
 	}

 	var o output.Output
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -12,6 +12,7 @@ type Config struct {
 	ExitOnError          bool
 	Files                []string
 	SchemaLocations      []string
+	SkipTLS              bool
 	SkipKinds            map[string]bool
 	RejectKinds          map[string]bool
 	OutputFormat         string
@ -69,6 +70,7 @@ func FromFlags(progName string, args []string) (Config, string, error) {
 	flags.BoolVar(&c.Strict, "strict", false, "disallow additional properties not in schema")
 	flags.StringVar(&c.OutputFormat, "output", "text", "output format - text, json")
 	flags.BoolVar(&c.Verbose, "verbose", false, "print results for all resources")
+	flags.BoolVar(&c.SkipTLS, "insecure-skip-tls-verify", false, "disable verification of the server's SSL certificate. This will make your HTTPS connections insecure")
 	flags.BoolVar(&c.Help, "h", false, "show help information")
 	flags.Usage = func() {
 		fmt.Fprintf(os.Stderr, "Usage: %s [OPTION]... [FILE OR FOLDER]...\n", progName)
--- a/pkg/registry/kubernetesjsonschema.go
+++ b/pkg/registry/kubernetesjsonschema.go
@ -1,6 +1,7 @@
 package registry

 import (
+	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@ -22,7 +23,11 @@ func newDownloadError(err error, isRetryable bool) *downloadError {
 func (e *downloadError) IsRetryable() bool { return e.isRetryable }
 func (e *downloadError) Error() string     { return e.err.Error() }

-func newHTTPRegistry(schemaPathTemplate string, strict bool) *KubernetesRegistry {
+func newHTTPRegistry(schemaPathTemplate string, strict bool, skipTLS bool) *KubernetesRegistry {
+	if skipTLS {
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	return &KubernetesRegistry{
 		schemaPathTemplate: schemaPathTemplate,
 		strict:             strict,
--- a/pkg/registry/registry.go
+++ b/pkg/registry/registry.go
@ -65,13 +65,13 @@ func schemaPath(tpl, resourceKind, resourceAPIVersion, k8sVersion string, strict
 	return buf.String(), nil
 }

-func New(schemaLocation string, strict bool) Registry {
+func New(schemaLocation string, strict bool, skipTLS bool) Registry {
 	if !strings.HasSuffix(schemaLocation, "json") { // If we dont specify a full templated path, we assume the paths of kubernetesjsonschema.dev
 		schemaLocation += "/{{ .NormalizedVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json"
 	}

 	if strings.HasPrefix(schemaLocation, "http") {
-		return newHTTPRegistry(schemaLocation, strict)
+		return newHTTPRegistry(schemaLocation, strict, skipTLS)
 	} else {
 		return newLocalRegistry(schemaLocation, strict)
 	}