Skip to content

Commit a3728ae

Browse files
aaronlew02aaronlew02
authored
Allow disabling Fulcio gRPC testing via flag (#1787)
Signed-off-by: Aaron Lew <[email protected]>
1 parent 3f50591 commit a3728ae

File tree

1 file changed

+21
-14
lines changed

1 file changed

+21
-14
lines changed

cmd/prober/prober.go

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -125,11 +125,11 @@ var (
125125
trPath string
126126
staging bool
127127

128-
frequency int
129-
logStyle string
130-
addr string
131-
grpcPort int
132-
insecure bool
128+
frequency int
129+
logStyle string
130+
addr string
131+
grpcPort int
132+
disableGrpc bool
133133

134134
retries uint
135135
oneTime bool
@@ -152,7 +152,7 @@ func init() {
152152
flag.StringVar(&logStyle, "logStyle", "prod", "Log style to use (dev or prod)")
153153
flag.StringVar(&addr, "addr", ":8080", "Port to expose prometheus to")
154154
flag.IntVar(&grpcPort, "grpc-port", 0, "Port for Fulcio gRPC endpoint")
155-
flag.BoolVar(&insecure, "insecure", false, "Whether to skip TLS verification for gRPC requests")
155+
flag.BoolVar(&disableGrpc, "disable-grpc", false, "Whether to disable Fulcio gRPC testing (overrides grpc-port)")
156156

157157
flag.UintVar(&retries, "retry", 4, "Maximum number of retries before marking HTTP request as failed")
158158
flag.BoolVar(&oneTime, "one-time", false, "Whether to run only one time and exit")
@@ -290,11 +290,15 @@ func main() {
290290
log.Fatal("Failed to select TSA services: ", err)
291291
}
292292

293-
if fulcioClient, err := NewFulcioGrpcClient(fulcioGrpcURL); err != nil {
294-
Logger.Fatalf("error creating fulcio grpc client %v", err)
295-
} else {
296-
go runProbers(ctx, frequency, oneTime, fulcioClient, rekorV1Services, rekorV2Services, fulcioService, fulcioGrpcURL, tsaServices, trustedRoot)
293+
var fulcioClient fulciopb.CAClient
294+
if !disableGrpc {
295+
var err error
296+
fulcioClient, err = NewFulcioGrpcClient(fulcioGrpcURL)
297+
if err != nil {
298+
Logger.Fatalf("error creating fulcio grpc client %v", err)
299+
}
297300
}
301+
go runProbers(ctx, frequency, oneTime, fulcioClient, rekorV1Services, rekorV2Services, fulcioService, fulcioGrpcURL, tsaServices, trustedRoot)
298302
// Expose the registered metrics via HTTP.
299303
http.Handle("/metrics", promhttp.HandlerFor(
300304
reg,
@@ -315,7 +319,8 @@ func NewFulcioGrpcClient(fulcioGrpcURL string) (fulciopb.CAClient, error) {
315319
}
316320
opts := []grpc.DialOption{grpc.WithUserAgent(options.UserAgent())}
317321

318-
if insecure || strings.HasPrefix(grpcHostname, "localhost") {
322+
// Use insecure transport for local testing
323+
if strings.HasPrefix(grpcHostname, "localhost") {
319324
opts = append(opts, grpc.WithTransportCredentials(insec.NewCredentials()))
320325
} else {
321326
transportCreds := credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12, ServerName: grpcHostname})
@@ -385,9 +390,11 @@ func runProbers(ctx context.Context, freq int, runOnce bool, fulcioGrpcClient fu
385390
}
386391

387392
// Performing requests for GetTrustBundle against Fulcio gRPC API
388-
if err := observeGrpcGetTrustBundleRequest(ctx, fulcioGrpcClient, fulcioGrpcURL); err != nil {
389-
hasErr = true
390-
Logger.Errorf("error running request %s: %v", "GetTrustBundle", err)
393+
if fulcioGrpcClient != nil {
394+
if err := observeGrpcGetTrustBundleRequest(ctx, fulcioGrpcClient, fulcioGrpcURL); err != nil {
395+
hasErr = true
396+
Logger.Errorf("error running request %s: %v", "GetTrustBundle", err)
397+
}
391398
}
392399

393400
if runWriteProber {

0 commit comments

Comments
 (0)