From ec56304efd5c0cbc7acf6708080c8928fc16ab08 Mon Sep 17 00:00:00 2001 From: Yann Hamon Date: Sun, 8 Nov 2020 13:06:21 +0100 Subject: [PATCH] add -insecure-skip-tls-verify --- Readme.md | 2 ++ cmd/kubeconform/main.go | 2 +- pkg/config/config.go | 2 ++ pkg/registry/kubernetesjsonschema.go | 7 ++++++- pkg/registry/registry.go | 4 ++-- 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/Readme.md b/Readme.md index 51519cf..955ddbc 100644 --- a/Readme.md +++ b/Readme.md @@ -53,6 +53,8 @@ Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]... -h show help information -ignore-missing-schemas skip files with missing schemas instead of failing + -insecure-skip-tls-verify + disable verification of the server's SSL certificate. This will make your HTTPS connections insecure -kubernetes-version string version of Kubernetes to validate against (default "1.18.0") -n int diff --git a/cmd/kubeconform/main.go b/cmd/kubeconform/main.go index a69316f..4a727ed 100644 --- a/cmd/kubeconform/main.go +++ b/cmd/kubeconform/main.go @@ -150,7 +150,7 @@ func realMain() int { registries := []registry.Registry{} for _, schemaLocation := range cfg.SchemaLocations { - registries = append(registries, registry.New(schemaLocation, cfg.Strict)) + registries = append(registries, registry.New(schemaLocation, cfg.Strict, cfg.SkipTLS)) } var o output.Output diff --git a/pkg/config/config.go b/pkg/config/config.go index f8b6d34..1fda330 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -12,6 +12,7 @@ type Config struct { ExitOnError bool Files []string SchemaLocations []string + SkipTLS bool SkipKinds map[string]bool RejectKinds map[string]bool OutputFormat string @@ -69,6 +70,7 @@ func FromFlags(progName string, args []string) (Config, string, error) { flags.BoolVar(&c.Strict, "strict", false, "disallow additional properties not in schema") flags.StringVar(&c.OutputFormat, "output", "text", "output format - text, json") flags.BoolVar(&c.Verbose, "verbose", false, "print results for all resources") + flags.BoolVar(&c.SkipTLS, "insecure-skip-tls-verify", false, "disable verification of the server's SSL certificate. This will make your HTTPS connections insecure") flags.BoolVar(&c.Help, "h", false, "show help information") flags.Usage = func() { fmt.Fprintf(os.Stderr, "Usage: %s [OPTION]... [FILE OR FOLDER]...\n", progName) diff --git a/pkg/registry/kubernetesjsonschema.go b/pkg/registry/kubernetesjsonschema.go index 41fab0c..4970024 100644 --- a/pkg/registry/kubernetesjsonschema.go +++ b/pkg/registry/kubernetesjsonschema.go @@ -1,6 +1,7 @@ package registry import ( + "crypto/tls" "fmt" "io/ioutil" "net/http" @@ -22,7 +23,11 @@ func newDownloadError(err error, isRetryable bool) *downloadError { func (e *downloadError) IsRetryable() bool { return e.isRetryable } func (e *downloadError) Error() string { return e.err.Error() } -func newHTTPRegistry(schemaPathTemplate string, strict bool) *KubernetesRegistry { +func newHTTPRegistry(schemaPathTemplate string, strict bool, skipTLS bool) *KubernetesRegistry { + if skipTLS { + http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + } + return &KubernetesRegistry{ schemaPathTemplate: schemaPathTemplate, strict: strict, diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go index 44814eb..0732355 100644 --- a/pkg/registry/registry.go +++ b/pkg/registry/registry.go @@ -65,13 +65,13 @@ func schemaPath(tpl, resourceKind, resourceAPIVersion, k8sVersion string, strict return buf.String(), nil } -func New(schemaLocation string, strict bool) Registry { +func New(schemaLocation string, strict bool, skipTLS bool) Registry { if !strings.HasSuffix(schemaLocation, "json") { // If we dont specify a full templated path, we assume the paths of kubernetesjsonschema.dev schemaLocation += "/{{ .NormalizedVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json" } if strings.HasPrefix(schemaLocation, "http") { - return newHTTPRegistry(schemaLocation, strict) + return newHTTPRegistry(schemaLocation, strict, skipTLS) } else { return newLocalRegistry(schemaLocation, strict) }