mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 20:24:18 -06:00
16c5d0e4b7
TLS was not being verified in a number of places: - connections to grafana.com - connections to OAuth providers when TLS client authentication was enabled - connections to self-hosted Grafana installations when using the CLI tool TLS should always be verified unless the user explicitly enables an option to skip verification. Removes some instances where `InsecureSkipVerify` is explicitly set to `false`, the default, to help avoid confusion and make it more difficult to regress on this fix by accident. Adds a `--insecure` flag to `grafana-cli` to skip TLS verification. Adds a `tls_skip_verify_insecure` setting for OAuth. Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]` section. I'm not super happy with the way the global setting is used by `pkg/api/app_routes.go` but that seems to be the existing pattern used.
24 lines
530 B
Go
24 lines
530 B
Go
package setting
|
|
|
|
type OAuthInfo struct {
|
|
ClientId, ClientSecret string
|
|
Scopes []string
|
|
AuthUrl, TokenUrl string
|
|
Enabled bool
|
|
AllowedDomains []string
|
|
HostedDomain string
|
|
ApiUrl string
|
|
AllowSignup bool
|
|
Name string
|
|
TlsClientCert string
|
|
TlsClientKey string
|
|
TlsClientCa string
|
|
TlsSkipVerify bool
|
|
}
|
|
|
|
type OAuther struct {
|
|
OAuthInfos map[string]*OAuthInfo
|
|
}
|
|
|
|
var OAuthService *OAuther
|