fix: allow insecure clusters (#800)

* fix: allow insecure clusters Signed-off-by: Francesco Ilario <[email protected]> * Override ca.crt in kubeconfigs Signed-off-by: Francesco Ilario <[email protected]> * Add feature flag to disable TLS Signed-off-by: Francesco Ilario <[email protected]> * Update README Signed-off-by: Francesco Ilario <[email protected]> * Rename util.BuildKubernetesClient to BuildKubernetesRESTConfig Signed-off-by: Francesco Ilario <[email protected]> * Update README.adoc Co-authored-by: Baiju Muthukadan <[email protected]> --------- Signed-off-by: Francesco Ilario <[email protected]> Co-authored-by: Baiju Muthukadan <[email protected]>
codeready-toolchain · Sep 29, 2023 · ff18cca · ff18cca
1 parent aa98d41
commit ff18cca
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 3 deletions.
diff --git a/README.adoc b/README.adoc
@@ -68,6 +68,8 @@ It will also create all required CRDs, role and role bindings for the service ac
 
 NOTE: you can override the default namespace names where the end-to-end tests are going to be executed - eg.: `make test-e2e HOST_NS=my-host MEMBER_NS=my-member` file.
 
+NOTE: you can disable SSL/TLS certificate verification in tests setting the `DISABLE_KUBE_CLIENT_TLS_VERIFY` variable to `true` - eg.: `make test-e2e DISABLE_KUBE_CLIENT_TLS_VERIFY=true`. This flag helps when you test in clusters using Self-Signed Certificates.
+
 === Running/Debugging e2e tests from your IDE
 
 In order to run/debug tests from your IDE you'll need to export some required env variables, those will be used by the test framework to interact with the operator namespaces and the other toolchain resources in you cluster.

diff --git a/testsupport/init.go b/testsupport/init.go
@@ -11,6 +11,7 @@ import (
 	toolchainv1alpha1 "github.com/codeready-toolchain/api/api/v1alpha1"
 	"github.com/codeready-toolchain/toolchain-common/pkg/cluster"
 	appstudiov1 "github.com/codeready-toolchain/toolchain-e2e/testsupport/appstudio/api/v1alpha1"
+	"github.com/codeready-toolchain/toolchain-e2e/testsupport/util"
 	"github.com/codeready-toolchain/toolchain-e2e/testsupport/wait"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/client-go/tools/clientcmd"
@@ -53,7 +54,8 @@ func WaitForDeployments(t *testing.T) wait.Awaitilities {
 
 		apiConfig, err := clientcmd.NewDefaultClientConfigLoadingRules().Load()
 		require.NoError(t, err)
-		kubeconfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &clientcmd.ConfigOverrides{}).ClientConfig()
+
+		kubeconfig, err := util.BuildKubernetesRESTConfig(*apiConfig)
 		require.NoError(t, err)
 
 		cl, err := client.New(kubeconfig, client.Options{

diff --git a/testsupport/space/spacerequest.go b/testsupport/space/spacerequest.go
@@ -106,8 +106,9 @@ func newKubeClientFromSecret(t *testing.T, cl client.Client, secretName, secretN
 	require.False(t, api.IsConfigEmpty(apiConfig))
 
 	// create a new client with the given kubeconfig
-	kubeconfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &clientcmd.ConfigOverrides{}).ClientConfig()
+	kubeconfig, err := util.BuildKubernetesRESTConfig(*apiConfig)
 	require.NoError(t, err)
+
 	s := scheme.Scheme
 	builder := append(runtime.SchemeBuilder{},
 		corev1.AddToScheme,

diff --git a/testsupport/util/kube_client.go b/testsupport/util/kube_client.go
@@ -0,0 +1,30 @@
+package util
+
+import (
+	"os"
+
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/clientcmd/api"
+)
+
+const EnvDisableKubeClientTLSVerify string = "DISABLE_KUBE_CLIENT_TLS_VERIFY"
+
+func BuildKubernetesRESTConfig(apiConfig api.Config) (*rest.Config, error) {
+	if os.Getenv(EnvDisableKubeClientTLSVerify) == "true" {
+		apiConfig = setInsecureSkipTLSVerify(apiConfig)
+	}
+
+	configOverrides := clientcmd.ConfigOverrides{}
+	return clientcmd.NewDefaultClientConfig(apiConfig, &configOverrides).ClientConfig()
+}
+
+func setInsecureSkipTLSVerify(apiConfig api.Config) api.Config {
+	for _, c := range apiConfig.Clusters {
+		if c != nil {
+			c.CertificateAuthorityData = nil
+			c.InsecureSkipTLSVerify = true
+		}
+	}
+	return apiConfig
+}
diff --git a/testsupport/wait/host.go b/testsupport/wait/host.go
@@ -18,6 +18,7 @@ import (
 	"github.com/codeready-toolchain/toolchain-common/pkg/spacebinding"
 	"github.com/codeready-toolchain/toolchain-common/pkg/test"
 	testconfig "github.com/codeready-toolchain/toolchain-common/pkg/test/config"
+	testutil "github.com/codeready-toolchain/toolchain-e2e/testsupport/util"
 
 	"github.com/davecgh/go-spew/spew"
 	"github.com/ghodss/yaml"
@@ -1664,7 +1665,8 @@ func (a *HostAwaitility) GetHostOperatorPod() (corev1.Pod, error) {
 func (a *HostAwaitility) CreateAPIProxyConfig(t *testing.T, usertoken, proxyURL string) *rest.Config {
 	apiConfig, err := clientcmd.NewDefaultClientConfigLoadingRules().Load()
 	require.NoError(t, err)
-	defaultConfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &clientcmd.ConfigOverrides{}).ClientConfig()
+
+	defaultConfig, err := testutil.BuildKubernetesRESTConfig(*apiConfig)
 	require.NoError(t, err)
 
 	return &rest.Config{