TKC-2161: skip tls verification when saving logs if STORAGE_SKIP_VERI…

…FY is true (#5627)
kubeshop · Jul 10, 2024 · 40e4ee9 · 40e4ee9
1 parent 492446e
commit 40e4ee9
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/cmd/api-server/main.go b/cmd/api-server/main.go
@@ -273,7 +273,11 @@ func main() {
 		configRepository = cloudconfig.NewCloudResultRepository(grpcClient, grpcConn, cfg.TestkubeProAPIKey)
 		// Pro edition only (tcl protected code)
 		testWorkflowResultsRepository = cloudtestworkflow.NewCloudRepository(grpcClient, grpcConn, cfg.TestkubeProAPIKey)
-		testWorkflowOutputRepository = cloudtestworkflow.NewCloudOutputRepository(grpcClient, grpcConn, cfg.TestkubeProAPIKey)
+		var opts []cloudtestworkflow.Option
+		if cfg.StorageSkipVerify {
+			opts = append(opts, cloudtestworkflow.WithSkipVerify())
+		}
+		testWorkflowOutputRepository = cloudtestworkflow.NewCloudOutputRepository(grpcClient, grpcConn, cfg.TestkubeProAPIKey, opts...)
 		triggerLeaseBackend = triggers.NewAcquireAlwaysLeaseBackend()
 		artifactStorage = cloudartifacts.NewCloudArtifactsStorage(grpcClient, grpcConn, cfg.TestkubeProAPIKey)
 	} else {

diff --git a/pkg/cloud/data/testworkflow/output.go b/pkg/cloud/data/testworkflow/output.go
@@ -3,6 +3,7 @@ package testworkflow
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"io"
 	"net/http"
 
@@ -18,11 +19,25 @@ import (
 var _ testworkflow.OutputRepository = (*CloudOutputRepository)(nil)
 
 type CloudOutputRepository struct {
-	executor executor.Executor
+	executor   executor.Executor
+	httpClient *http.Client
 }
 
-func NewCloudOutputRepository(client cloud.TestKubeCloudAPIClient, grpcConn *grpc.ClientConn, apiKey string) *CloudOutputRepository {
-	return &CloudOutputRepository{executor: executor.NewCloudGRPCExecutor(client, grpcConn, apiKey)}
+type Option func(*CloudOutputRepository)
+
+func WithSkipVerify() Option {
+	return func(r *CloudOutputRepository) {
+		transport := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}
+		r.httpClient.Transport = transport
+	}
+}
+
+func NewCloudOutputRepository(client cloud.TestKubeCloudAPIClient, grpcConn *grpc.ClientConn, apiKey string, opts ...Option) *CloudOutputRepository {
+	r := &CloudOutputRepository{executor: executor.NewCloudGRPCExecutor(client, grpcConn, apiKey), httpClient: http.DefaultClient}
+	for _, opt := range opts {
+		opt(r)
+	}
+	return r
 }
 
 // PresignSaveLog builds presigned storage URL to save the output in Cloud
@@ -59,7 +74,7 @@ func (r *CloudOutputRepository) SaveLog(ctx context.Context, id, workflowName st
 	if err != nil {
 		return err
 	}
-	res, err := http.DefaultClient.Do(req)
+	res, err := r.httpClient.Do(req)
 	if err != nil {
 		return errors.Wrap(err, "failed to save file in cloud storage")
 	}
@@ -79,7 +94,7 @@ func (r *CloudOutputRepository) ReadLog(ctx context.Context, id, workflowName st
 	if err != nil {
 		return nil, err
 	}
-	res, err := http.DefaultClient.Do(req)
+	res, err := r.httpClient.Do(req)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get file from cloud storage")
 	}