Feature/insecuretls (#6)

* Rename maintenance error to service unavailable error * Add support for insecure tls * Bump version
ethersphere · May 25, 2020 · b1cfe71 · b1cfe71
1 parent 48e908c
commit b1cfe71
Show file tree

Hide file tree

Showing 12 changed files with 64 additions and 19 deletions.
diff --git a/cmd/beekeeper/cmd/check.go b/cmd/beekeeper/cmd/check.go
@@ -5,16 +5,25 @@ import (
 )
 
 const (
+	optionNameAPIScheme               = "api-scheme"
 	optionNameAPIHostnamePattern      = "api-hostnames"
 	optionNameAPIDomain               = "api-domain"
+	optionNameAPIInsecureTLS          = "api-insecure-tls"
+	optionNameDebugAPIScheme          = "debug-api-scheme"
 	optionNameDebugAPIHostnamePattern = "debug-api-hostnames"
 	optionNameDebugAPIDomain          = "debug-api-domain"
+	optionNameDebugAPIInsecureTLS     = "debug-api-insecure-tls"
 	optionNameDisableNamespace        = "disable-namespace"
+	optionNameInsecureTLS             = "insecure-tls"
 	optionNameNamespace               = "namespace"
 	optionNameNodeCount               = "node-count"
 )
 
-var disableNamespace bool
+var (
+	disableNamespace    bool
+	insecureTLSAPI      bool
+	insecureTLSDebugAPI bool
+)
 
 func (c *command) initCheckCmd() (err error) {
 	cmd := &cobra.Command{
@@ -28,14 +37,18 @@ func (c *command) initCheckCmd() (err error) {
 		},
 	}
 
+	cmd.PersistentFlags().String(optionNameAPIScheme, "https", "API scheme")
 	cmd.PersistentFlags().String(optionNameAPIHostnamePattern, "bee-%d", "API hostname pattern")
 	cmd.PersistentFlags().String(optionNameAPIDomain, "core.internal", "API DNS domain")
+	cmd.PersistentFlags().BoolVar(&insecureTLSAPI, optionNameAPIInsecureTLS, false, "skips TLS verification for API")
+	cmd.PersistentFlags().String(optionNameDebugAPIScheme, "https", "debug API scheme")
 	cmd.PersistentFlags().String(optionNameDebugAPIHostnamePattern, "bee-%d-debug", "debug API hostname pattern")
 	cmd.PersistentFlags().String(optionNameDebugAPIDomain, "core.internal", "debug API DNS domain")
+	cmd.PersistentFlags().BoolVar(&insecureTLSDebugAPI, optionNameDebugAPIInsecureTLS, false, "skips TLS verification for debug API")
 	cmd.PersistentFlags().BoolVar(&disableNamespace, optionNameDisableNamespace, false, "disable Kubernetes namespace")
+	cmd.PersistentFlags().Bool(optionNameInsecureTLS, false, "skips TLS verification for both API and debug API")
 	cmd.PersistentFlags().StringP(optionNameNamespace, "n", "", "Kubernetes namespace, must be set or disabled")
 	cmd.PersistentFlags().IntP(optionNameNodeCount, "c", 1, "node count")
-
 	cmd.AddCommand(c.initCheckFullConnectivity())
 	cmd.AddCommand(c.initCheckPeerCount())
 	cmd.AddCommand(c.initCheckPingPong())
@@ -57,5 +70,11 @@ func (c *command) checkPreRunE(cmd *cobra.Command, args []string) (err error) {
 	if !disableNamespace && len(c.config.GetString(optionNameNamespace)) == 0 {
 		return cmd.Help()
 	}
+
+	if c.config.GetBool(optionNameInsecureTLS) {
+		insecureTLSAPI = true
+		insecureTLSDebugAPI = true
+	}
+
 	return
 }
diff --git a/cmd/beekeeper/cmd/check_fullconnectivity.go b/cmd/beekeeper/cmd/check_fullconnectivity.go
@@ -14,10 +14,14 @@ func (c *command) initCheckFullConnectivity() *cobra.Command {
 		Long:  `Checks if every node has connectivity to all other nodes in the cluster.`,
 		RunE: func(cmd *cobra.Command, args []string) (err error) {
 			cluster, err := bee.NewCluster(bee.ClusterOptions{
+				APIScheme:               c.config.GetString(optionNameAPIScheme),
 				APIHostnamePattern:      c.config.GetString(optionNameAPIHostnamePattern),
 				APIDomain:               c.config.GetString(optionNameAPIDomain),
+				APIInsecureTLS:          insecureTLSAPI,
+				DebugAPIScheme:          c.config.GetString(optionNameDebugAPIScheme),
 				DebugAPIHostnamePattern: c.config.GetString(optionNameDebugAPIHostnamePattern),
 				DebugAPIDomain:          c.config.GetString(optionNameDebugAPIDomain),
+				DebugAPIInsecureTLS:     insecureTLSDebugAPI,
 				Namespace:               c.config.GetString(optionNameNamespace),
 				Size:                    c.config.GetInt(optionNameNodeCount),
 			})

diff --git a/cmd/beekeeper/cmd/check_peercount.go b/cmd/beekeeper/cmd/check_peercount.go
@@ -13,10 +13,14 @@ func (c *command) initCheckPeerCount() *cobra.Command {
 		Long:  `Counts peers for all nodes in the cluster`,
 		RunE: func(cmd *cobra.Command, args []string) (err error) {
 			cluster, err := bee.NewCluster(bee.ClusterOptions{
+				APIScheme:               c.config.GetString(optionNameAPIScheme),
 				APIHostnamePattern:      c.config.GetString(optionNameAPIHostnamePattern),
 				APIDomain:               c.config.GetString(optionNameAPIDomain),
+				APIInsecureTLS:          insecureTLSAPI,
+				DebugAPIScheme:          c.config.GetString(optionNameDebugAPIScheme),
 				DebugAPIHostnamePattern: c.config.GetString(optionNameDebugAPIHostnamePattern),
 				DebugAPIDomain:          c.config.GetString(optionNameDebugAPIDomain),
+				DebugAPIInsecureTLS:     insecureTLSDebugAPI,
 				Namespace:               c.config.GetString(optionNameNamespace),
 				Size:                    c.config.GetInt(optionNameNodeCount),
 			})

diff --git a/cmd/beekeeper/cmd/check_pingpong.go b/cmd/beekeeper/cmd/check_pingpong.go
@@ -15,10 +15,14 @@ func (c *command) initCheckPingPong() *cobra.Command {
 and prints round-trip time (RTT) of each ping.`,
 		RunE: func(cmd *cobra.Command, args []string) (err error) {
 			cluster, err := bee.NewCluster(bee.ClusterOptions{
+				APIScheme:               c.config.GetString(optionNameAPIScheme),
 				APIHostnamePattern:      c.config.GetString(optionNameAPIHostnamePattern),
 				APIDomain:               c.config.GetString(optionNameAPIDomain),
+				APIInsecureTLS:          insecureTLSAPI,
+				DebugAPIScheme:          c.config.GetString(optionNameDebugAPIScheme),
 				DebugAPIHostnamePattern: c.config.GetString(optionNameDebugAPIHostnamePattern),
 				DebugAPIDomain:          c.config.GetString(optionNameDebugAPIDomain),
+				DebugAPIInsecureTLS:     insecureTLSDebugAPI,
 				Namespace:               c.config.GetString(optionNameNamespace),
 				Size:                    c.config.GetInt(optionNameNodeCount),
 			})

diff --git a/cmd/beekeeper/cmd/check_pushsync.go b/cmd/beekeeper/cmd/check_pushsync.go
@@ -29,10 +29,14 @@ and checks if chunks are synced to their closest nodes.`,
 			}
 
 			cluster, err := bee.NewCluster(bee.ClusterOptions{
+				APIScheme:               c.config.GetString(optionNameAPIScheme),
 				APIHostnamePattern:      c.config.GetString(optionNameAPIHostnamePattern),
 				APIDomain:               c.config.GetString(optionNameAPIDomain),
+				APIInsecureTLS:          insecureTLSAPI,
+				DebugAPIScheme:          c.config.GetString(optionNameDebugAPIScheme),
 				DebugAPIHostnamePattern: c.config.GetString(optionNameDebugAPIHostnamePattern),
 				DebugAPIDomain:          c.config.GetString(optionNameDebugAPIDomain),
+				DebugAPIInsecureTLS:     insecureTLSDebugAPI,
 				Namespace:               c.config.GetString(optionNameNamespace),
 				Size:                    c.config.GetInt(optionNameNodeCount),
 			})

diff --git a/pkg/bee/cluster.go b/pkg/bee/cluster.go
@@ -8,41 +8,43 @@ import (
 	"github.com/ethersphere/bee/pkg/swarm"
 )
 
-const (
-	scheme = "http"
-)
-
 // Cluster represents cluster of Bee nodes
 type Cluster struct {
 	Nodes []Node
 }
 
 // ClusterOptions represents Bee cluster options
 type ClusterOptions struct {
+	APIScheme               string
 	APIHostnamePattern      string
 	APIDomain               string
+	APIInsecureTLS          bool
+	DebugAPIScheme          string
 	DebugAPIHostnamePattern string
 	DebugAPIDomain          string
+	DebugAPIInsecureTLS     bool
 	Namespace               string
 	Size                    int
 }
 
 // NewCluster returns new cluster
 func NewCluster(o ClusterOptions) (c Cluster, err error) {
 	for i := 0; i < o.Size; i++ {
-		a, err := createURL(scheme, o.APIHostnamePattern, o.Namespace, o.APIDomain, i)
+		a, err := createURL(o.APIScheme, o.APIHostnamePattern, o.Namespace, o.APIDomain, i)
 		if err != nil {
 			return Cluster{}, err
 		}
 
-		d, err := createURL(scheme, o.DebugAPIHostnamePattern, o.Namespace, o.DebugAPIDomain, i)
+		d, err := createURL(o.DebugAPIScheme, o.DebugAPIHostnamePattern, o.Namespace, o.DebugAPIDomain, i)
 		if err != nil {
 			return Cluster{}, err
 		}
 
 		n := NewNode(NodeOptions{
-			APIURL:   a,
-			DebugURL: d,
+			APIURL:              a,
+			APIInsecureTLS:      o.APIInsecureTLS,
+			DebugAPIURL:         d,
+			DebugAPIInsecureTLS: o.DebugAPIInsecureTLS,
 		})
 
 		c.Nodes = append(c.Nodes, n)

diff --git a/pkg/bee/node.go b/pkg/bee/node.go
@@ -3,6 +3,8 @@ package bee
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
+	"net/http"
 	"net/url"
 
 	"github.com/ethersphere/bee/pkg/swarm"
@@ -18,15 +20,21 @@ type Node struct {
 
 // NodeOptions represents Bee node options
 type NodeOptions struct {
-	APIURL   *url.URL
-	DebugURL *url.URL
+	APIURL              *url.URL
+	APIInsecureTLS      bool
+	DebugAPIURL         *url.URL
+	DebugAPIInsecureTLS bool
 }
 
 // NewNode returns new node
 func NewNode(opts NodeOptions) Node {
 	return Node{
-		api:   api.NewClient(opts.APIURL, nil),
-		debug: debugapi.NewClient(opts.DebugURL, nil),
+		api: api.NewClient(opts.APIURL, &api.ClientOptions{HTTPClient: &http.Client{Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: opts.APIInsecureTLS},
+		}}}),
+		debug: debugapi.NewClient(opts.DebugAPIURL, &debugapi.ClientOptions{HTTPClient: &http.Client{Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: opts.DebugAPIInsecureTLS},
+		}}}),
 	}
 }
 

diff --git a/pkg/beeclient/api/api.go b/pkg/beeclient/api/api.go
@@ -169,7 +169,7 @@ func responseErrorHandler(r *http.Response) (err error) {
 	case http.StatusInternalServerError:
 		return ErrInternalServerError
 	case http.StatusServiceUnavailable:
-		return ErrMaintenance
+		return ErrServiceUnavailable
 	default:
 		return errors.New(strings.ToLower(r.Status))
 	}

diff --git a/pkg/beeclient/api/errors.go b/pkg/beeclient/api/errors.go
@@ -35,5 +35,5 @@ var (
 	ErrMethodNotAllowed    = errors.New("method not allowed")
 	ErrTooManyRequests     = errors.New("too many requests")
 	ErrInternalServerError = errors.New("internal server error")
-	ErrMaintenance         = errors.New("maintenance")
+	ErrServiceUnavailable  = errors.New("service unavailable")
 )
diff --git a/pkg/beeclient/debugapi/debugapi.go b/pkg/beeclient/debugapi/debugapi.go
@@ -167,7 +167,7 @@ func responseErrorHandler(r *http.Response) (err error) {
 	case http.StatusInternalServerError:
 		return ErrInternalServerError
 	case http.StatusServiceUnavailable:
-		return ErrMaintenance
+		return ErrServiceUnavailable
 	default:
 		return errors.New(strings.ToLower(r.Status))
 	}

diff --git a/pkg/beeclient/debugapi/errors.go b/pkg/beeclient/debugapi/errors.go
@@ -35,5 +35,5 @@ var (
 	ErrMethodNotAllowed    = errors.New("method not allowed")
 	ErrTooManyRequests     = errors.New("too many requests")
 	ErrInternalServerError = errors.New("internal server error")
-	ErrMaintenance         = errors.New("maintenance")
+	ErrServiceUnavailable  = errors.New("service unavailable")
 )
diff --git a/version.go b/version.go
@@ -1,7 +1,7 @@
 package beekeeper
 
 var (
-	version = "0.2.0" // manually set semantic version number
+	version = "0.2.1" // manually set semantic version number
 	commit  string    // automatically set git commit hash
 
 	// Version TODO