Merge pull request #116 from imduffy15/secure-grpc

Allow the agent to connect to a secure grpc endpoint
This commit is contained in:
Laszlo Fogas 2020-05-19 13:53:07 +02:00 committed by GitHub
commit a9ee3c2296
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions

View file

@ -16,7 +16,9 @@ package main
import (
"context"
"crypto/tls"
"encoding/json"
grpccredentials "google.golang.org/grpc/credentials"
"io"
"io/ioutil"
"net/http"
@ -83,9 +85,15 @@ func loop(c *cli.Context) error {
// grpc.Dial(target, ))
var transport = grpc.WithInsecure()
if c.Bool("secure-grpc") {
transport = grpc.WithTransportCredentials(grpccredentials.NewTLS(&tls.Config{InsecureSkipVerify: c.Bool("skip-insecure-grpc")}))
}
conn, err := grpc.Dial(
c.String("server"),
grpc.WithInsecure(),
transport,
grpc.WithPerRPCCredentials(&credentials{
username: c.String("username"),
password: c.String("password"),

View file

@ -109,6 +109,16 @@ func main() {
Usage: "after pinging for a keepalive check, the agent waits for a duration of this time before closing the connection if no activity",
Value: time.Second * 20,
},
cli.BoolFlag{
Name: "secure-grpc",
Usage: "should the connection to DRONE_SERVER be made using a secure transport",
EnvVar: "DRONE_GRPC_SECURE",
},
cli.BoolTFlag{
Name: "skip-insecure-grpc",
Usage: "should the grpc server certificate be verified, only valid when DRONE_GRPC_SECURE is true",
EnvVar: "DRONE_GRPC_VERIFY",
},
}
if err := app.Run(os.Args); err != nil {