mirror of
https://github.com/grafana/grafana.git
synced 2025-02-16 18:34:52 -06:00
16c5d0e4b7
TLS was not being verified in a number of places: - connections to grafana.com - connections to OAuth providers when TLS client authentication was enabled - connections to self-hosted Grafana installations when using the CLI tool TLS should always be verified unless the user explicitly enables an option to skip verification. Removes some instances where `InsecureSkipVerify` is explicitly set to `false`, the default, to help avoid confusion and make it more difficult to regress on this fix by accident. Adds a `--insecure` flag to `grafana-cli` to skip TLS verification. Adds a `tls_skip_verify_insecure` setting for OAuth. Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]` section. I'm not super happy with the way the global setting is used by `pkg/api/app_routes.go` but that seems to be the existing pattern used.
85 lines
1.8 KiB
Go
85 lines
1.8 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"runtime"
|
|
|
|
"github.com/codegangsta/cli"
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/commands"
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/logger"
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/services"
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/utils"
|
|
)
|
|
|
|
var version = "master"
|
|
|
|
func main() {
|
|
setupLogging()
|
|
|
|
app := cli.NewApp()
|
|
app.Name = "Grafana cli"
|
|
app.Usage = ""
|
|
app.Author = "Grafana Project"
|
|
app.Email = "https://github.com/grafana/grafana"
|
|
app.Version = version
|
|
app.Flags = []cli.Flag{
|
|
cli.StringFlag{
|
|
Name: "pluginsDir",
|
|
Usage: "path to the grafana plugin directory",
|
|
Value: utils.GetGrafanaPluginDir(runtime.GOOS),
|
|
EnvVar: "GF_PLUGIN_DIR",
|
|
},
|
|
cli.StringFlag{
|
|
Name: "repo",
|
|
Usage: "url to the plugin repository",
|
|
Value: "https://grafana.com/api/plugins",
|
|
EnvVar: "GF_PLUGIN_REPO",
|
|
},
|
|
cli.StringFlag{
|
|
Name: "pluginUrl",
|
|
Usage: "Full url to the plugin zip file instead of downloading the plugin from grafana.com/api",
|
|
Value: "",
|
|
EnvVar: "GF_PLUGIN_URL",
|
|
},
|
|
cli.BoolFlag{
|
|
Name: "insecure",
|
|
Usage: "Skip TLS verification (insecure)",
|
|
},
|
|
cli.BoolFlag{
|
|
Name: "debug, d",
|
|
Usage: "enable debug logging",
|
|
},
|
|
}
|
|
|
|
app.Before = func(c *cli.Context) error {
|
|
services.Init(version, c.GlobalBool("insecure"))
|
|
return nil
|
|
}
|
|
app.Commands = commands.Commands
|
|
app.CommandNotFound = cmdNotFound
|
|
|
|
if err := app.Run(os.Args); err != nil {
|
|
logger.Errorf("%v", err)
|
|
}
|
|
}
|
|
|
|
func setupLogging() {
|
|
for _, f := range os.Args {
|
|
if f == "-D" || f == "--debug" || f == "-debug" {
|
|
logger.SetDebug(true)
|
|
}
|
|
}
|
|
}
|
|
|
|
func cmdNotFound(c *cli.Context, command string) {
|
|
fmt.Printf(
|
|
"%s: '%s' is not a %s command. See '%s --help'.\n",
|
|
c.App.Name,
|
|
command,
|
|
c.App.Name,
|
|
os.Args[0],
|
|
)
|
|
os.Exit(1)
|
|
}
|