Add TLS option & insecure flag in admin CLI (#548)

admin/client.go

@@ -19,11 +19,13 @@ package admin
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"strings"
 
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/metadata"
 
@@ -47,13 +49,21 @@ func WithLogger(logger *zap.Logger) Option {
 	return func(o *Options) { o.Logger = logger }
 }
 
+// WithInsecure configures insecure option of the client.
+func WithInsecure(isInsecure bool) Option {
+	return func(o *Options) { o.IsInsecure = isInsecure }
+}
+
 // Options configures how we set up the client.
 type Options struct {
 	// Token is the token of the user.
 	Token string
 
 	// Logger is the Logger of the client.
 	Logger *zap.Logger
+
+	// IsInsecure is whether to disable the TLS connection of the client.
+	IsInsecure bool
 }
 
 // Client is a client for admin service.
@@ -72,8 +82,12 @@ func New(opts ...Option) (*Client, error) {
 		opt(&options)
 	}
 
-	credentials := grpc.WithTransportCredentials(insecure.NewCredentials())
-	dialOptions := []grpc.DialOption{credentials}
+	tlsConfig := credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12})
+	credentialOptions := grpc.WithTransportCredentials(tlsConfig)
+	if options.IsInsecure {
+		credentialOptions = grpc.WithTransportCredentials(insecure.NewCredentials())
+	}
+	dialOptions := []grpc.DialOption{credentialOptions}
 
 	authInterceptor := NewAuthInterceptor(options.Token)
 	dialOptions = append(dialOptions, grpc.WithUnaryInterceptor(authInterceptor.Unary()))

cmd/yorkie/commands.go

@@ -45,4 +45,5 @@ func init() {
 	// TODO(chacha912): set rpcAddr from env using viper.
 	// https://github.com/spf13/cobra/blob/main/user_guide.md#bind-flags-with-config
 	rootCmd.PersistentFlags().StringVar(&config.RPCAddr, "rpc-addr", "localhost:11101", "Address of the rpc server")
+	rootCmd.PersistentFlags().BoolVar(&config.IsInsecure, "insecure", false, "Skip the TLS connection of the client")
 }

cmd/yorkie/config/config.go

@@ -25,8 +25,12 @@ import (
 	"path/filepath"
 )
 
-// RPCAddr is the address of the rpc server.
-var RPCAddr string
+var (
+	// RPCAddr is the address of the rpc server.
+	RPCAddr string
+	// IsInsecure is whether to disable the TLS connection of the client.
+	IsInsecure bool
+)
 
 // ensureYorkieDir ensures that the directory of Yorkie exists.
 func ensureYorkieDir() (string, error) {

cmd/yorkie/document/list.go

@@ -49,7 +49,7 @@ func newListCommand() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token))
+			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token), admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

cmd/yorkie/document/remove.go

@@ -41,7 +41,7 @@ func newRemoveCommand() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token))
+			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token), admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

cmd/yorkie/history.go

@@ -48,7 +48,7 @@ func newHistoryCmd() *cobra.Command {
 				return err
 			}
 
-			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token))
+			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token), admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

cmd/yorkie/login.go

@@ -35,7 +35,7 @@ func newLoginCmd() *cobra.Command {
 		Use:   "login",
 		Short: "Log in to the Yorkie server",
 		RunE: func(cmd *cobra.Command, args []string) error {
-			cli, err := admin.Dial(config.RPCAddr)
+			cli, err := admin.Dial(config.RPCAddr, admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

cmd/yorkie/project/create.go

@@ -45,7 +45,7 @@ func newCreateCommand() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token))
+			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token), admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

cmd/yorkie/project/list.go

@@ -38,7 +38,7 @@ func newListCommand() *cobra.Command {
 				return err
 			}
 
-			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token))
+			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token), admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

cmd/yorkie/project/update.go

@@ -54,7 +54,7 @@ func newUpdateCommand() *cobra.Command {
 				return err
 			}
 
-			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token))
+			cli, err := admin.Dial(config.RPCAddr, admin.WithToken(token), admin.WithInsecure(config.IsInsecure))
 			if err != nil {
 				return err
 			}

test/helper/helper.go

@@ -87,7 +87,7 @@ func TestDBName() string {
 
 // CreateAdminCli returns a new instance of admin cli for testing.
 func CreateAdminCli(t assert.TestingT, rpcAddr string) *adminClient.Client {
-	adminCli, err := adminClient.Dial(rpcAddr)
+	adminCli, err := adminClient.Dial(rpcAddr, adminClient.WithInsecure(true))
 	assert.NoError(t, err)
 
 	_, err = adminCli.LogIn(context.Background(), server.DefaultAdminUser, server.DefaultAdminPassword)

test/integration/admin_test.go

@@ -38,7 +38,7 @@ import (
 func TestAdmin(t *testing.T) {
 	ctx := context.Background()
 
-	adminCli, err := admin.Dial(defaultServer.RPCAddr())
+	adminCli, err := admin.Dial(defaultServer.RPCAddr(), admin.WithInsecure(true))
 	assert.NoError(t, err)
 	_, err = adminCli.LogIn(ctx, "admin", "admin")
 	assert.NoError(t, err)