Allow the agent to connect to a secure grpc endpoint

Add flags to allow the agent to connect to a secure grpc endpoint.

This can be done by placing nginx in front of the drone-server or updating the
code to accept tls servers for the grpc server.
This commit is contained in:
Ian 2020-05-16 19:56:24 +01:00
parent 6ee3adc72c
commit c26b722736
2 changed files with 19 additions and 1 deletions

View file

@ -16,7 +16,9 @@ package main
import (
"context"
"crypto/tls"
"encoding/json"
grpccredentials "google.golang.org/grpc/credentials"
"io"
"io/ioutil"
"net/http"
@ -83,9 +85,15 @@ func loop(c *cli.Context) error {
// grpc.Dial(target, ))
var transport = grpc.WithInsecure()
if c.Bool("secure-grpc") {
transport = grpc.WithTransportCredentials(grpccredentials.NewTLS(&tls.Config{InsecureSkipVerify: c.Bool("skip-insecure-grpc")}))
}
conn, err := grpc.Dial(
c.String("server"),
grpc.WithInsecure(),
transport,
grpc.WithPerRPCCredentials(&credentials{
username: c.String("username"),
password: c.String("password"),

View file

@ -109,6 +109,16 @@ func main() {
Usage: "after pinging for a keepalive check, the agent waits for a duration of this time before closing the connection if no activity",
Value: time.Second * 20,
},
cli.BoolFlag{
Name: "secure-grpc",
Usage: "should the connection to DRONE_SERVER be made using a secure transport",
EnvVar: "DRONE_GRPC_SECURE",
},
cli.BoolTFlag{
Name: "skip-insecure-grpc",
Usage: "should the grpc server certificate be verified, only valid when DRONE_GRPC_SECURE is true",
EnvVar: "DRONE_GRPC_VERIFY",
},
}
if err := app.Run(os.Args); err != nil {