From e07a53046fbf05c0f749835be2fc0ed3f44462b4 Mon Sep 17 00:00:00 2001 From: Saswat Padhi Date: Mon, 6 Feb 2023 22:20:00 +0000 Subject: [PATCH] [FEAT] Allow insecure certificates on InfluxDB This change allows users to skip TLS certificate verification on their InfluxDB server, if they wish to do so, for instance when using self- signed certificates. Without this change, scrutiny failed to start and paniced with a `x509: certificate signed by unknown authority` error. --- webapp/backend/pkg/config/config.go | 1 + .../pkg/database/scrutiny_repository.go | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/webapp/backend/pkg/config/config.go b/webapp/backend/pkg/config/config.go index 3961373..605de86 100644 --- a/webapp/backend/pkg/config/config.go +++ b/webapp/backend/pkg/config/config.go @@ -49,6 +49,7 @@ func (c *configuration) Init() error { c.SetDefault("web.influxdb.init_username", "admin") c.SetDefault("web.influxdb.init_password", "password12345") c.SetDefault("web.influxdb.token", "scrutiny-default-admin-token") + c.SetDefault("web.influxdb.tls.insecure_skip_verify", false) c.SetDefault("web.influxdb.retention_policy", true) //c.SetDefault("disks.include", []string{}) diff --git a/webapp/backend/pkg/database/scrutiny_repository.go b/webapp/backend/pkg/database/scrutiny_repository.go index b163c2c..da95914 100644 --- a/webapp/backend/pkg/database/scrutiny_repository.go +++ b/webapp/backend/pkg/database/scrutiny_repository.go @@ -2,6 +2,7 @@ package database import ( "context" + "crypto/tls" "encoding/json" "fmt" "github.com/analogj/scrutiny/webapp/backend/pkg/config" @@ -95,11 +96,20 @@ func NewScrutinyRepository(appConfig config.Interface, globalLogger logrus.Field influxdbUrl := fmt.Sprintf("%s://%s:%s", appConfig.GetString("web.influxdb.scheme"), appConfig.GetString("web.influxdb.host"), appConfig.GetString("web.influxdb.port")) globalLogger.Debugf("InfluxDB url: %s", influxdbUrl) - client := influxdb2.NewClient(influxdbUrl, appConfig.GetString("web.influxdb.token")) + tlsConfig := &tls.Config{ + InsecureSkipVerify: appConfig.GetBool("web.influxdb.tls.insecure_skip_verify"), + } + globalLogger.Infof("InfluxDB certificate verification: %t\n", !tlsConfig.InsecureSkipVerify) + + client := influxdb2.NewClientWithOptions( + influxdbUrl, + appConfig.GetString("web.influxdb.token"), + influxdb2.DefaultOptions().SetTLSConfig(tlsConfig), + ) //if !appConfig.IsSet("web.influxdb.token") { globalLogger.Debugf("Determine Influxdb setup status...") - influxSetupComplete, err := InfluxSetupComplete(influxdbUrl) + influxSetupComplete, err := InfluxSetupComplete(influxdbUrl, tlsConfig) if err != nil { return nil, fmt.Errorf("failed to check influxdb setup status - %w", err) } @@ -218,7 +228,7 @@ func (sr *scrutinyRepository) HealthCheck(ctx context.Context) error { } -func InfluxSetupComplete(influxEndpoint string) (bool, error) { +func InfluxSetupComplete(influxEndpoint string, tlsConfig *tls.Config) (bool, error) { influxUri, err := url.Parse(influxEndpoint) if err != nil { return false, err @@ -228,7 +238,8 @@ func InfluxSetupComplete(influxEndpoint string) (bool, error) { return false, err } - res, err := http.Get(influxUri.String()) + client := &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}} + res, err := client.Get(influxUri.String()) if err != nil { return false, err }