преди 9 години · b8fc61bcec
--- a/etcdctlv3/command/global.go
+++ b/etcdctlv3/command/global.go
@@ -30,10 +30,11 @@ import (
 
				 // GlobalFlags are flags that defined globally
			
 
				 // and are inherited to all sub-commands.
			
 
				 type GlobalFlags struct {
			
 
				-	Insecure       bool
			
 
				-	Endpoints      []string
			
 
				-	DialTimeout    time.Duration
			
 
				-	CommandTimeOut time.Duration
			
 
				+	Insecure           bool
			
 
				+	InsecureSkipVerify bool
			
 
				+	Endpoints          []string
			
 
				+	DialTimeout        time.Duration
			
 
				+	CommandTimeOut     time.Duration
			
 
				 
			
 
				 	TLS transport.TLSInfo
			
 
				 
			
@@ -46,7 +47,8 @@ type secureCfg struct {
 
				 	key    string
			
 
				 	cacert string
			
 
				 
			
 
				-	insecureTransport bool
			
 
				+	insecureTransport  bool
			
 
				+	insecureSkipVerify bool
			
 
				 }
			
 
				 
			
 
				 var display printer = &simplePrinter{}
			
@@ -115,6 +117,11 @@ func newClientCfg(endpoints []string, dialTimeout time.Duration, scfg *secureCfg
 
				 		cfg.TLS = &tls.Config{}
			
 
				 	}
			
 
				 
			
 
				+	// If the user wants to skip TLS verification then we should set
			
 
				+	// the InsecureSkipVerify flag in tls configuration.
			
 
				+	if scfg.insecureSkipVerify && cfg.TLS != nil {
			
 
				+		cfg.TLS.InsecureSkipVerify = true
			
 
				+	}
			
 
				 	return cfg, nil
			
 
				 }
			
 
				 
			
@@ -140,13 +147,15 @@ func dialTimeoutFromCmd(cmd *cobra.Command) time.Duration {
 
				 func secureCfgFromCmd(cmd *cobra.Command) *secureCfg {
			
 
				 	cert, key, cacert := keyAndCertFromCmd(cmd)
			
 
				 	insecureTr := insecureTransportFromCmd(cmd)
			
 
				+	skipVerify := insecureSkipVerifyFromCmd(cmd)
			
 
				 
			
 
				 	return &secureCfg{
			
 
				 		cert:   cert,
			
 
				 		key:    key,
			
 
				 		cacert: cacert,
			
 
				 
			
 
				-		insecureTransport: insecureTr,
			
 
				+		insecureTransport:  insecureTr,
			
 
				+		insecureSkipVerify: skipVerify,
			
 
				 	}
			
 
				 }
			
 
				 
			
@@ -158,6 +167,14 @@ func insecureTransportFromCmd(cmd *cobra.Command) bool {
 
				 	return insecureTr
			
 
				 }
			
 
				 
			
 
				+func insecureSkipVerifyFromCmd(cmd *cobra.Command) bool {
			
 
				+	skipVerify, err := cmd.Flags().GetBool("insecure-skip-tls-verify")
			
 
				+	if err != nil {
			
 
				+		ExitWithError(ExitError, err)
			
 
				+	}
			
 
				+	return skipVerify
			
 
				+}
			
 
				+
			
 
				 func keyAndCertFromCmd(cmd *cobra.Command) (cert, key, cacert string) {
			
 
				 	var err error
			
 
				 	if cert, err = cmd.Flags().GetString("cert"); err != nil {
			
--- a/etcdctlv3/main.go
+++ b/etcdctlv3/main.go
@@ -55,6 +55,7 @@ func init() {
 
				 
			
 
				 	// TODO: secure by default when etcd enables secure gRPC by default.
			
 
				 	rootCmd.PersistentFlags().BoolVar(&globalFlags.Insecure, "insecure-transport", true, "disable transport security for client connections")
			
 
				+	rootCmd.PersistentFlags().BoolVar(&globalFlags.InsecureSkipVerify, "insecure-skip-tls-verify", false, "skip server certificate verification")
			
 
				 	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.CertFile, "cert", "", "identify secure client using this TLS certificate file")
			
 
				 	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.KeyFile, "key", "", "identify secure client using this TLS key file")
			
 
				 	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.CAFile, "cacert", "", "verify certificates of TLS-enabled secure servers using this CA bundle")