Add option 'insecure' for BasicAuthTransport

Author: jrauh01

cmd/icinga-kubernetes/main.go

@@ -38,7 +38,6 @@ import (
 	"k8s.io/client-go/kubernetes"
 	kclientcmd "k8s.io/client-go/tools/clientcmd"
 	"k8s.io/klog/v2"
-	"net/http"
 	"os"
 	"strings"
 	"sync"
@@ -316,14 +315,15 @@ func main() {
 	}
 
 	if cfg.Prometheus.Url != "" {
-		var basicAuthTransport http.RoundTripper
+		basicAuthTransport := &com.BasicAuthTransport{}
 
-		if cfg.Prometheus.Username != "" && cfg.Prometheus.Password != "" {
-			basicAuthTransport = &com.BasicAuthTransport{
-				RoundTripper: http.DefaultTransport,
-				Username:     cfg.Prometheus.Username,
-				Password:     cfg.Prometheus.Password,
-			}
+		if cfg.Prometheus.Insecure == "true" {
+			basicAuthTransport.Insecure = true
+		}
+
+		if cfg.Prometheus.Username != "" {
+			basicAuthTransport.Username = cfg.Prometheus.Username
+			basicAuthTransport.Password = cfg.Prometheus.Password
 		}
 
 		promClient, err := promapi.NewClient(promapi.Config{

pkg/com/basic_auth_transport.go

@@ -1,6 +1,7 @@
 package com
 
 import (
+	"crypto/tls"
 	"net/http"
 )
 
@@ -9,11 +10,27 @@ type BasicAuthTransport struct {
 	http.RoundTripper
 	Username string
 	Password string
+	Insecure bool
 }
 
 // RoundTrip executes a single HTTP transaction with the basic auth credentials.
 func (t *BasicAuthTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	req.SetBasicAuth(t.Username, t.Password)
+	if t.Username != "" {
+		req.SetBasicAuth(t.Username, t.Password)
+	}
 
-	return t.RoundTripper.RoundTrip(req)
+	rt := t.RoundTripper
+	if rt == nil {
+		rt = http.DefaultTransport
+	}
+
+	if t.Insecure {
+		if transport, ok := rt.(*http.Transport); ok {
+			transportCopy := transport.Clone()
+			transportCopy.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+			rt = transportCopy
+		}
+	}
+
+	return rt.RoundTrip(req)
 }