Revert "allow self signed certs with insecureSkipVerify (#1769)"

This reverts commit 8e35ce0bde. Signed-off-by: Carlisia <carlisiac@vmware.com>
2019-08-20 10:57:56 -07:00 · 2019-08-20 10:57:56 -07:00 · b25865f5bb
parent 8e35ce0bde
commit b25865f5bb
12 changed files with 43 additions and 89 deletions
--- a/changelogs/unreleased/1769-s12chung
+++ b/changelogs/unreleased/1769-s12chung
@ -1 +0,0 @@
-adds `insecureSkipTLSVerify` server config for AWS storage and `--insecure-skip-tls-verify` flag on client for self-signed certs
--- a/pkg/cloudprovider/aws/object_store.go
+++ b/pkg/cloudprovider/aws/object_store.go
@ -17,9 +17,7 @@ limitations under the License.
 package aws

 import (
-	"crypto/tls"
 	"io"
-	"net/http"
 	"sort"
 	"strconv"
 	"time"
@ -45,7 +43,6 @@ const (
 	bucketKey            = "bucket"
 	signatureVersionKey  = "signatureVersion"
 	credentialProfileKey = "profile"
-	insecureSkipTLSVerifyKey = "insecureSkipTLSVerify"
 )

 type s3Interface interface {
@ -86,7 +83,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
 		s3ForcePathStyleKey,
 		signatureVersionKey,
 		credentialProfileKey,
-		insecureSkipTLSVerifyKey,
 	); err != nil {
 		return err
 	}
@ -99,7 +95,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
 		s3ForcePathStyleVal = config[s3ForcePathStyleKey]
 		signatureVersion    = config[signatureVersionKey]
 		credentialProfile   = config[credentialProfileKey]
-		insecureSkipTLSVerifyVal = config[insecureSkipTLSVerifyKey]

 		// note that bucket is automatically added to the config map
 		// by the server from the ObjectStorageProviderConfig so
@ -107,7 +102,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
 		// config.
 		bucket           = config[bucketKey]
 		s3ForcePathStyle bool
-		insecureSkipTLSVerify bool
 		err              error
 	)

@ -133,20 +127,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
 		return err
 	}

-	if insecureSkipTLSVerifyVal != "" {
-		if insecureSkipTLSVerify, err = strconv.ParseBool(insecureSkipTLSVerifyVal); err != nil {
-			return errors.Wrapf(err, "could not parse %s (expected bool)", insecureSkipTLSVerifyKey)
-		}
-	}
-
-	if insecureSkipTLSVerify {
-		serverConfig.HTTPClient = &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-			},
-		}
-	}
-
 	serverSession, err := getSession(serverConfig, credentialProfile)
 	if err != nil {
 		return err
--- a/pkg/cmd/cli/backup/describe.go
+++ b/pkg/cmd/cli/backup/describe.go
@ -35,7 +35,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
 	var (
 		listOptions metav1.ListOptions
 		details     bool
-		insecureSkipTLSVerify bool
 	)

 	c := &cobra.Command{
@ -72,7 +71,7 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
 					fmt.Fprintf(os.Stderr, "error getting PodVolumeBackups for backup %s: %v\n", backup.Name, err)
 				}

-				s := output.DescribeBackup(&backup, deleteRequestList.Items, podVolumeBackupList.Items, details, veleroClient, insecureSkipTLSVerify)
+				s := output.DescribeBackup(&backup, deleteRequestList.Items, podVolumeBackupList.Items, details, veleroClient)
 				if first {
 					first = false
 					fmt.Print(s)
@ -86,7 +85,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {

 	c.Flags().StringVarP(&listOptions.LabelSelector, "selector", "l", listOptions.LabelSelector, "only show items matching this label selector")
 	c.Flags().BoolVar(&details, "details", details, "display additional detail in the command output")
-	c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")

 	return c
 }
--- a/pkg/cmd/cli/backup/download.go
+++ b/pkg/cmd/cli/backup/download.go
@ -56,7 +56,6 @@ type DownloadOptions struct {
 	Output       string
 	Force        bool
 	Timeout      time.Duration
-	InsecureSkipTLSVerify bool
 	writeOptions int
 }

@ -70,7 +69,6 @@ func (o *DownloadOptions) BindFlags(flags *pflag.FlagSet) {
 	flags.StringVarP(&o.Output, "output", "o", o.Output, "path to output file. Defaults to <NAME>-data.tar.gz in the current directory")
 	flags.BoolVar(&o.Force, "force", o.Force, "forces the download and will overwrite file if it exists already")
 	flags.DurationVar(&o.Timeout, "timeout", o.Timeout, "maximum time to wait to process download request")
-	flags.BoolVar(&o.InsecureSkipTLSVerify, "insecure-skip-tls-verify", o.InsecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")
 }

 func (o *DownloadOptions) Validate(c *cobra.Command, args []string, f client.Factory) error {
@ -113,7 +111,7 @@ func (o *DownloadOptions) Run(c *cobra.Command, f client.Factory) error {
 	}
 	defer backupDest.Close()

-	err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), o.Name, v1.DownloadTargetKindBackupContents, backupDest, o.Timeout, o.InsecureSkipTLSVerify)
+	err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), o.Name, v1.DownloadTargetKindBackupContents, backupDest, o.Timeout)
 	if err != nil {
 		os.Remove(o.Output)
 		cmd.CheckError(err)
--- a/pkg/cmd/cli/backup/logs.go
+++ b/pkg/cmd/cli/backup/logs.go
@ -32,7 +32,6 @@ import (

 func NewLogsCommand(f client.Factory) *cobra.Command {
 	timeout := time.Minute
-	insecureSkipTLSVerify := false

 	c := &cobra.Command{
 		Use:   "logs BACKUP",
@ -59,13 +58,12 @@ func NewLogsCommand(f client.Factory) *cobra.Command {
 					"until the backup has a phase of Completed or Failed and try again.", backupName)
 			}

-			err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), backupName, v1.DownloadTargetKindBackupLog, os.Stdout, timeout, insecureSkipTLSVerify)
+			err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), backupName, v1.DownloadTargetKindBackupLog, os.Stdout, timeout)
 			cmd.CheckError(err)
 		},
 	}

 	c.Flags().DurationVar(&timeout, "timeout", timeout, "how long to wait to receive logs")
-	c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")

 	return c
 }
--- a/pkg/cmd/cli/restore/describe.go
+++ b/pkg/cmd/cli/restore/describe.go
@ -34,7 +34,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
 	var (
 		listOptions metav1.ListOptions
 		details     bool
-		insecureSkipTLSVerify bool
 	)

 	c := &cobra.Command{
@ -65,7 +64,7 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
 					fmt.Fprintf(os.Stderr, "error getting PodVolumeRestores for restore %s: %v\n", restore.Name, err)
 				}

-				s := output.DescribeRestore(&restore, podvolumeRestoreList.Items, details, veleroClient, insecureSkipTLSVerify)
+				s := output.DescribeRestore(&restore, podvolumeRestoreList.Items, details, veleroClient)
 				if first {
 					first = false
 					fmt.Print(s)
@ -79,7 +78,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {

 	c.Flags().StringVarP(&listOptions.LabelSelector, "selector", "l", listOptions.LabelSelector, "only show items matching this label selector")
 	c.Flags().BoolVar(&details, "details", details, "display additional detail in the command output")
-	c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")

 	return c
 }
--- a/pkg/cmd/cli/restore/logs.go
+++ b/pkg/cmd/cli/restore/logs.go
@ -32,7 +32,6 @@ import (

 func NewLogsCommand(f client.Factory) *cobra.Command {
 	timeout := time.Minute
-	insecureSkipTLSVerify := false

 	c := &cobra.Command{
 		Use:   "logs RESTORE",
@ -59,13 +58,12 @@ func NewLogsCommand(f client.Factory) *cobra.Command {
 					"until the restore has a phase of Completed or Failed and try again.", restoreName)
 			}

-			err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), restoreName, v1.DownloadTargetKindRestoreLog, os.Stdout, timeout, insecureSkipTLSVerify)
+			err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), restoreName, v1.DownloadTargetKindRestoreLog, os.Stdout, timeout)
 			cmd.CheckError(err)
 		},
 	}

 	c.Flags().DurationVar(&timeout, "timeout", timeout, "how long to wait to receive logs")
-	c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")

 	return c
 }
--- a/pkg/cmd/util/downloadrequest/downloadrequest.go
+++ b/pkg/cmd/util/downloadrequest/downloadrequest.go
@ -18,13 +18,10 @@ package downloadrequest

 import (
 	"compress/gzip"
-	"crypto/tls"
-	"crypto/x509"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
-	"net/url"
 	"time"

 	"github.com/pkg/errors"
@ -39,7 +36,7 @@ import (
 // not found
 var ErrNotFound = errors.New("file not found")

-func Stream(client velerov1client.DownloadRequestsGetter, namespace, name string, kind v1.DownloadTargetKind, w io.Writer, timeout time.Duration, insecureSkipTLSVerify bool) error {
+func Stream(client velerov1client.DownloadRequestsGetter, namespace, name string, kind v1.DownloadTargetKind, w io.Writer, timeout time.Duration) error {
 	req := &v1.DownloadRequest{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: namespace,
@ -108,11 +105,6 @@ Loop:
 	}

 	httpClient := new(http.Client)
-	if insecureSkipTLSVerify {
-		httpClient.Transport = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-		}
-	}

 	httpReq, err := http.NewRequest("GET", req.Status.DownloadURL, nil)
 	if err != nil {
@ -126,11 +118,6 @@ Loop:

 	resp, err := httpClient.Do(httpReq)
 	if err != nil {
-		if urlErr, ok := err.(*url.Error); ok {
-			if _, ok := urlErr.Err.(x509.UnknownAuthorityError); ok {
-				return fmt.Errorf(err.Error() + "\n\nThe --insecure-skip-tls-verify flag can also be used to accept any TLS certificate for the download, but it is susceptible to man-in-the-middle attacks.")
-			}
-		}
 		return err
 	}
 	defer resp.Body.Close()
--- a/pkg/cmd/util/downloadrequest/downloadrequest_test.go
+++ b/pkg/cmd/util/downloadrequest/downloadrequest_test.go
@ -151,7 +151,7 @@ func TestStream(t *testing.T) {
 			output := new(bytes.Buffer)
 			errCh := make(chan error)
 			go func() {
-				err := Stream(client.VeleroV1(), "namespace", "name", test.kind, output, timeout, false)
+				err := Stream(client.VeleroV1(), "namespace", "name", test.kind, output, timeout)
 				errCh <- err
 			}()

--- a/pkg/cmd/util/output/backup_describer.go
+++ b/pkg/cmd/util/output/backup_describer.go
@ -38,7 +38,6 @@ func DescribeBackup(
 	podVolumeBackups []velerov1api.PodVolumeBackup,
 	details bool,
 	veleroClient clientset.Interface,
-	insecureSkipTLSVerify bool,
 ) string {
 	return Describe(func(d *Describer) {
 		d.DescribeMetadata(backup.ObjectMeta)
@ -75,7 +74,7 @@ func DescribeBackup(
 		DescribeBackupSpec(d, backup.Spec)

 		d.Println()
-		DescribeBackupStatus(d, backup, details, veleroClient, insecureSkipTLSVerify)
+		DescribeBackupStatus(d, backup, details, veleroClient)

 		if len(deleteRequests) > 0 {
 			d.Println()
@ -212,7 +211,7 @@ func DescribeBackupSpec(d *Describer, spec velerov1api.BackupSpec) {
 }

 // DescribeBackupStatus describes a backup status in human-readable format.
-func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool, veleroClient clientset.Interface, insecureSkipTLSVerify bool) {
+func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool, veleroClient clientset.Interface) {
 	status := backup.Status

 	d.Printf("Backup Format Version:\t%d\n", status.Version)
@ -235,7 +234,7 @@ func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool
 	d.Println()

 	if details {
-		describeBackupResourceList(d, backup, veleroClient, insecureSkipTLSVerify)
+		describeBackupResourceList(d, backup, veleroClient)
 		d.Println()
 	}

@ -246,7 +245,7 @@ func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool
 		}

 		buf := new(bytes.Buffer)
-		if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupVolumeSnapshots, buf, downloadRequestTimeout, insecureSkipTLSVerify); err != nil {
+		if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupVolumeSnapshots, buf, downloadRequestTimeout); err != nil {
 			d.Printf("Persistent Volumes:\t<error getting volume snapshot info: %v>\n", err)
 			return
 		}
@ -267,9 +266,9 @@ func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool
 	d.Printf("Persistent Volumes: <none included>\n")
 }

-func describeBackupResourceList(d *Describer, backup *velerov1api.Backup, veleroClient clientset.Interface, insecureSkipTLSVerify bool) {
+func describeBackupResourceList(d *Describer, backup *velerov1api.Backup, veleroClient clientset.Interface) {
 	buf := new(bytes.Buffer)
-	if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupResourceList, buf, downloadRequestTimeout, insecureSkipTLSVerify); err != nil {
+	if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupResourceList, buf, downloadRequestTimeout); err != nil {
 		if err == downloadrequest.ErrNotFound {
 			d.Println("Resource List:\t<backup resource list not found, this could be because this backup was taken prior to Velero 1.1.0>")
 		} else {
--- a/pkg/cmd/util/output/restore_describer.go
+++ b/pkg/cmd/util/output/restore_describer.go
@ -31,7 +31,7 @@ import (
 	pkgrestore "github.com/heptio/velero/pkg/restore"
 )

-func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestore, details bool, veleroClient clientset.Interface, insecureSkipTLSVerify bool) string {
+func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestore, details bool, veleroClient clientset.Interface) string {
 	return Describe(func(d *Describer) {
 		d.DescribeMetadata(restore.ObjectMeta)

@ -56,7 +56,7 @@ func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestor
 			}
 		}

-		describeRestoreResults(d, restore, veleroClient, insecureSkipTLSVerify)
+		describeRestoreResults(d, restore, veleroClient)

 		d.Println()
 		d.Printf("Backup:\t%s\n", restore.Spec.BackupName)
@ -114,7 +114,7 @@ func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestor
 	})
 }

-func describeRestoreResults(d *Describer, restore *v1.Restore, veleroClient clientset.Interface, insecureSkipTLSVerify bool) {
+func describeRestoreResults(d *Describer, restore *v1.Restore, veleroClient clientset.Interface) {
 	if restore.Status.Warnings == 0 && restore.Status.Errors == 0 {
 		return
 	}
@ -122,7 +122,7 @@ func describeRestoreResults(d *Describer, restore *v1.Restore, veleroClient clie
 	var buf bytes.Buffer
 	var resultMap map[string]pkgrestore.Result

-	if err := downloadrequest.Stream(veleroClient.VeleroV1(), restore.Namespace, restore.Name, v1.DownloadTargetKindRestoreResults, &buf, downloadRequestTimeout, insecureSkipTLSVerify); err != nil {
+	if err := downloadrequest.Stream(veleroClient.VeleroV1(), restore.Namespace, restore.Name, v1.DownloadTargetKindRestoreResults, &buf, downloadRequestTimeout); err != nil {
 		d.Printf("Warnings:\t<error getting warnings: %v>\n\nErrors:\t<error getting errors: %v>\n", err, err)
 		return
 	}
--- a/site/docs/master/api-types/backupstoragelocation.md
+++ b/site/docs/master/api-types/backupstoragelocation.md
@ -53,7 +53,6 @@ The configurable parameters are as follows:
 | `kmsKeyId` | string | Empty | *Example*: "502b409c-4da1-419f-a16e-eif453b3i49f" or "alias/`<KMS-Key-Alias-Name>`"<br><br>Specify an [AWS KMS key][10] id or alias to enable encryption of the backups stored in S3. Only works with AWS S3 and may require explicitly granting key usage rights.|
 | `signatureVersion` | string | `"4"` | Version of the signature algorithm used to create signed URLs that are used by velero cli to download backups or fetch logs. Possible versions are "1" and "4". Usually the default version 4 is correct, but some S3-compatible providers like Quobyte only support version 1.|
 | `profile` | string | "default" | AWS profile within the credential file to use for given store |
-| `insecureSkipTLSVerify` | bool | `false` | Set this to `true` if you do not want to verify the TLS certificate for storage requests only--like self-signed certs in Minio. This is susceptible to man-in-the-middle attacks and is not recommended for production. |

 #### Azure
				`@ -1 +0,0 @@`
				adds `insecureSkipTLSVerify` server config for AWS storage and `--insecure-skip-tls-verify` flag on client for self-signed certs