fix: Add a flag to allow verifying the SSL certificate when connecting with Secure

nestorsalceda · nestorsalceda · commit 8d710625e981 · 2020-09-15T20:24:34.000+02:00
diff --git a/cmd/harbor-scanner-sysdig-secure/main.go b/cmd/harbor-scanner-sysdig-secure/main.go
@@ -43,6 +43,7 @@ func configure() error {
 
 	pflag.String("secure_api_token", "", "Sysdig Secure API Token")
 	pflag.String("secure_url", "https://secure.sysdig.com", "Sysdig Secure URL Endpoint")
+	pflag.Bool("verify_ssl", true, "Verify SSL when connecting to Sysdig Secure URL Endpoint")
 	pflag.Bool("inline_scanning", false, "Use Inline Scanning Adapter")
 	pflag.String("namespace_name", "", "Namespace where inline scanning jobs are spawned")
 	pflag.String("configmap_name", "", "Configmap which keeps the inline scanning settings")
@@ -64,7 +65,7 @@ func configure() error {
 }
 
 func getAdapter() scanner.Adapter {
-	client := secure.NewClient(viper.GetString("secure_api_token"), viper.GetString("secure_url"))
+	client := secure.NewClient(viper.GetString("secure_api_token"), viper.GetString("secure_url"), viper.GetBool("verify_ssl"))
 
 	if viper.GetBool("inline_scanning") {
 		log.Info("Using inline-scanning adapter")
diff --git a/pkg/secure/client.go b/pkg/secure/client.go
@@ -1,6 +1,7 @@
 package secure
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -36,10 +37,17 @@ type Client interface {
 	GetVulnerabilityDescription(vulnerabilityIDs ...string) (map[string]string, error)
 }
 
-func NewClient(apiToken string, secureURL string) Client {
+func NewClient(apiToken string, secureURL string, verifySSL bool) Client {
 	return &client{
 		apiToken:  apiToken,
 		secureURL: secureURL,
+		client: http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: verifySSL,
+				},
+			},
+		},
 	}
 }
 
diff --git a/pkg/secure/client_test.go b/pkg/secure/client_test.go
@@ -20,7 +20,7 @@ var _ = Describe("Sysdig Secure Client", func() {
 	)
 
 	BeforeEach(func() {
-		client = secure.NewClient(os.Getenv("SECURE_API_TOKEN"), os.Getenv("SECURE_URL"))
+		client = secure.NewClient(os.Getenv("SECURE_API_TOKEN"), os.Getenv("SECURE_URL"), true)
 	})
 
 	Context("when adding an image to scanning queue", func() {

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ var _ = Describe("Sysdig Secure Client", func() {`
`20`	`20`	`)`
`21`	`21`
`22`	`22`	`BeforeEach(func() {`
`23`		`- client = secure.NewClient(os.Getenv("SECURE_API_TOKEN"), os.Getenv("SECURE_URL"))`
	`23`	`+ client = secure.NewClient(os.Getenv("SECURE_API_TOKEN"), os.Getenv("SECURE_URL"), true)`
`24`	`24`	`})`
`25`	`25`
`26`	`26`	`Context("when adding an image to scanning queue", func() {`