Skip to content
This repository was archived by the owner on Mar 18, 2025. It is now read-only.

Commit c331f6a

Browse files
codebiencodebien
committed
Fix the default value for InsecureSkipTLS option.
There are no reasons to set it to true, the default server URL is HTTP based and if an HTTPS endpoint is added then the client validation is expected to happen with the default path.
1 parent 43e6aab commit c331f6a

File tree

2 files changed

+15
-11
lines changed

2 files changed

+15
-11
lines changed

pkg/remotewrite/config.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ type Config struct {
6161
func NewConfig() Config {
6262
return Config{
6363
ServerURL: null.StringFrom(defaultServerURL),
64-
InsecureSkipTLSVerify: null.BoolFrom(true),
64+
InsecureSkipTLSVerify: null.BoolFrom(false),
6565
Username: null.NewString("", false),
6666
Password: null.NewString("", false),
6767
PushInterval: types.NullDurationFrom(defaultPushInterval),

pkg/remotewrite/config_test.go

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ func TestGetConsolidatedConfig(t *testing.T) {
101101
arg: "",
102102
config: Config{
103103
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
104-
InsecureSkipTLSVerify: null.BoolFrom(true),
104+
InsecureSkipTLSVerify: null.BoolFrom(false),
105105
Username: null.NewString("", false),
106106
Password: null.NewString("", false),
107107
PushInterval: types.NullDurationFrom(5 * time.Second),
@@ -114,7 +114,7 @@ func TestGetConsolidatedConfig(t *testing.T) {
114114
jsonRaw: json.RawMessage(fmt.Sprintf(`{"url":"%s"}`, u.String())),
115115
config: Config{
116116
ServerURL: null.StringFrom(u.String()),
117-
InsecureSkipTLSVerify: null.BoolFrom(true),
117+
InsecureSkipTLSVerify: null.BoolFrom(false),
118118
Username: null.NewString("", false),
119119
Password: null.NewString("", false),
120120
PushInterval: types.NullDurationFrom(defaultPushInterval),
@@ -150,7 +150,7 @@ func TestGetConsolidatedConfig(t *testing.T) {
150150
// arg: "password=arg",
151151
config: Config{
152152
ServerURL: null.StringFrom("http://json:9090"),
153-
InsecureSkipTLSVerify: null.BoolFrom(true),
153+
InsecureSkipTLSVerify: null.BoolFrom(false),
154154
Username: null.StringFrom("env"),
155155
Password: null.StringFrom("env"),
156156
PushInterval: types.NullDurationFrom(defaultPushInterval),
@@ -207,6 +207,10 @@ func TestParseServerURL(t *testing.T) {
207207
assert.Equal(t, map[string]string{"X-Header": "value"}, c.Headers)
208208
}
209209

210+
// TODO: replace all the expconfigs below
211+
// with a function that returns the expected default values,
212+
// then override only the values to expect differently.
213+
210214
func TestOptionServerURL(t *testing.T) {
211215
t.Parallel()
212216

@@ -223,7 +227,7 @@ func TestOptionServerURL(t *testing.T) {
223227

224228
expconfig := Config{
225229
ServerURL: null.StringFrom("http://prometheus:9090/api/v1/write"),
226-
InsecureSkipTLSVerify: null.BoolFrom(true),
230+
InsecureSkipTLSVerify: null.BoolFrom(false),
227231
Username: null.NewString("", false),
228232
Password: null.NewString("", false),
229233
PushInterval: types.NullDurationFrom(5 * time.Second),
@@ -259,7 +263,7 @@ func TestOptionHeaders(t *testing.T) {
259263

260264
expconfig := Config{
261265
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
262-
InsecureSkipTLSVerify: null.BoolFrom(true),
266+
InsecureSkipTLSVerify: null.BoolFrom(false),
263267
PushInterval: types.NullDurationFrom(5 * time.Second),
264268
Headers: map[string]string{
265269
"X-MY-HEADER1": "hval1",
@@ -330,7 +334,7 @@ func TestOptionBasicAuth(t *testing.T) {
330334

331335
expconfig := Config{
332336
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
333-
InsecureSkipTLSVerify: null.BoolFrom(true),
337+
InsecureSkipTLSVerify: null.BoolFrom(false),
334338
Username: null.StringFrom("user1"),
335339
Password: null.StringFrom("pass1"),
336340
PushInterval: types.NullDurationFrom(5 * time.Second),
@@ -367,7 +371,7 @@ func TestOptionTrendAsNativeHistogram(t *testing.T) {
367371

368372
expconfig := Config{
369373
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
370-
InsecureSkipTLSVerify: null.BoolFrom(true),
374+
InsecureSkipTLSVerify: null.BoolFrom(false),
371375
Username: null.NewString("", false),
372376
Password: null.NewString("", false),
373377
PushInterval: types.NullDurationFrom(5 * time.Second),
@@ -405,7 +409,7 @@ func TestOptionPushInterval(t *testing.T) {
405409

406410
expconfig := Config{
407411
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
408-
InsecureSkipTLSVerify: null.BoolFrom(true),
412+
InsecureSkipTLSVerify: null.BoolFrom(false),
409413
Username: null.NewString("", false),
410414
Password: null.NewString("", false),
411415
PushInterval: types.NullDurationFrom((1 * time.Minute) + (2 * time.Second)),
@@ -443,7 +447,7 @@ func TestConfigTrendStats(t *testing.T) {
443447

444448
expconfig := Config{
445449
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
446-
InsecureSkipTLSVerify: null.BoolFrom(true),
450+
InsecureSkipTLSVerify: null.BoolFrom(false),
447451
PushInterval: types.NullDurationFrom(5 * time.Second),
448452
Headers: make(map[string]string),
449453
TrendStats: []string{"max", "p(95)"},
@@ -476,7 +480,7 @@ func TestOptionStaleMarker(t *testing.T) {
476480

477481
expconfig := Config{
478482
ServerURL: null.StringFrom("http://localhost:9090/api/v1/write"),
479-
InsecureSkipTLSVerify: null.BoolFrom(true),
483+
InsecureSkipTLSVerify: null.BoolFrom(false),
480484
PushInterval: types.NullDurationFrom(5 * time.Second),
481485
Headers: make(map[string]string),
482486
TrendStats: []string{"p(99)"},

0 commit comments

Comments
 (0)