Support NonTLS option for testing purpose only. (#67)

* server changes * remove opts declaration * working server with noTLS * add proper spaceing * fix build failure
sonic-net · Feb 3, 2021 · c9a0cb2 · c9a0cb2
1 parent 915c71f
commit c9a0cb2
Showing 1 changed file with 31 additions and 26 deletions.
diff --git a/telemetry/telemetry.go b/telemetry/telemetry.go
@@ -21,6 +21,7 @@ var (
 	serverCert        = flag.String("server_crt", "", "TLS server certificate")
 	serverKey         = flag.String("server_key", "", "TLS server private key")
 	insecure          = flag.Bool("insecure", false, "Skip providing TLS cert and key, for testing only!")
+	noTLS             = flag.Bool("noTLS", false, "disable TLS, for testing only!")
 	allowNoClientCert = flag.Bool("allow_no_client_auth", false, "When set, telemetry server will request but not require a client certificate.")
 )
 
@@ -32,46 +33,50 @@ func main() {
 		log.Errorf("port must be > 0.")
 		return
 	}
-	var certificate tls.Certificate
-	var err error
 
-	if *insecure {
-		certificate, err = testcert.NewCert()
-		if err != nil {
-			log.Exitf("could not load server key pair: %s", err)
-		}
-	} else {
-		switch {
-		case *serverCert == "":
-			log.Errorf("serverCert must be set.")
-			return
-		case *serverKey == "":
-			log.Errorf("serverKey must be set.")
-			return
-		}
-		certificate, err = tls.LoadX509KeyPair(*serverCert, *serverKey)
-		if err != nil {
-			log.Exitf("could not load server key pair: %s", err)
+	cfg := &gnmi.Config{}
+	cfg.Port = int64(*port)
+	var opts []grpc.ServerOption
+
+	if !*noTLS {
+		var certificate tls.Certificate
+		var err error
+		if *insecure {
+			certificate, err = testcert.NewCert()
+			if err != nil {
+				log.Exitf("could not load server key pair: %s", err)
+			}
+		} else {
+			 switch {
+			   case *serverCert == "":
+				  log.Errorf("serverCert must be set.")
+				  return
+			   case *serverKey == "":
+				  log.Errorf("serverKey must be set.")
+				  return
+			}
+			certificate, err = tls.LoadX509KeyPair(*serverCert, *serverKey)
+			if err != nil {
+				log.Exitf("could not load server key pair: %s", err)
+			}
 		}
-	}
 
-	tlsCfg := &tls.Config{
+		tlsCfg := &tls.Config{
 		ClientAuth:   tls.RequireAndVerifyClientCert,
 		Certificates: []tls.Certificate{certificate},
 		MinVersion:               tls.VersionTLS12,
 		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		PreferServerCipherSuites: true,
 		CipherSuites: []uint16{
-
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		},
-
 	}
+
 	if *allowNoClientCert {
 		// RequestClientCert will ask client for a certificate but won't
 		// require it to proceed. If certificate is provided, it will be
@@ -91,9 +96,9 @@ func main() {
 		tlsCfg.ClientCAs = certPool
 	}
 
-	opts := []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))}
-	cfg := &gnmi.Config{}
-	cfg.Port = int64(*port)
+	opts = []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))}
+}
+
 	s, err := gnmi.NewServer(cfg, opts)
 	if err != nil {
 		log.Errorf("Failed to create gNMI server: %v", err)