feat: Allow insecure TLS (#305)

Author: ankitpokhrel

api/client.go

@@ -28,8 +28,13 @@ func Client(config jira.Config) *jira.Client {
 	if config.APIToken == "" {
 		config.APIToken = viper.GetString("api_token")
 	}
+	config.Insecure = viper.GetBool("insecure")
 
-	jiraClient = jira.NewClient(config, jira.WithTimeout(clientTimeout))
+	jiraClient = jira.NewClient(
+		config,
+		jira.WithTimeout(clientTimeout),
+		jira.WithInsecureTLS(config.Insecure),
+	)
 
 	return jiraClient
 }

internal/cmd/init/init.go

@@ -14,17 +14,31 @@ import (
 
 // NewCmdInit is an init command.
 func NewCmdInit() *cobra.Command {
-	return &cobra.Command{
+	cmd := cobra.Command{
 		Use:     "init",
 		Short:   "Init initializes jira config",
 		Long:    "Init initializes jira configuration required for the tool to work properly.",
 		Aliases: []string{"initialize", "configure", "config", "setup"},
 		Run:     initialize,
 	}
+
+	cmd.Flags().Bool("insecure", false, `If set, the tool will skip TLS certificate verification.
+This can be useful if your server is using self-signed certificates.`)
+
+	return &cmd
 }
 
-func initialize(*cobra.Command, []string) {
-	c := jiraConfig.NewJiraCLIConfig()
+func initialize(cmd *cobra.Command, _ []string) {
+	insecure, err := cmd.Flags().GetBool("insecure")
+	cmdutil.ExitIfError(err)
+
+	c := jiraConfig.NewJiraCLIConfig(jiraConfig.WithInsecureTLS(insecure))
+
+	if insecure {
+		cmdutil.Warn(`You are using --insecure option. In this mode, the client will NOT verify
+server's certificate chain and host name in requests to the jira server.`)
+		fmt.Println()
+	}
 
 	file, err := c.Generate()
 	if err != nil {

internal/cmdutil/utils.go

@@ -71,6 +71,11 @@ func Success(msg string, args ...interface{}) {
 	fmt.Fprintf(os.Stdout, fmt.Sprintf("\n\u001B[0;32m✓\u001B[0m %s\n", msg), args...)
 }
 
+// Warn prints warning message in stderr.
+func Warn(msg string, args ...interface{}) {
+	fmt.Fprintf(os.Stderr, fmt.Sprintf("\u001B[0;33m%s\u001B[0m\n", msg), args...)
+}
+
 // Fail prints failure message in stderr.
 func Fail(msg string, args ...interface{}) {
 	fmt.Fprintf(os.Stderr, fmt.Sprintf("\u001B[0;31m✗\u001B[0m %s\n", msg), args...)

internal/config/generator.go

@@ -48,19 +48,36 @@ type JiraCLIConfig struct {
 		epic         *jira.Epic
 		issueTypes   []*jira.IssueType
 	}
+	insecure           bool
 	jiraClient         *jira.Client
 	projectSuggestions []string
 	boardSuggestions   []string
 	projectsMap        map[string]*projectConf
 	boardsMap          map[string]*jira.Board
 }
 
+// JiraCLIConfigFunc decorates option for JiraCLIConfig.
+type JiraCLIConfigFunc func(*JiraCLIConfig)
+
 // NewJiraCLIConfig creates a new Jira CLI config.
-func NewJiraCLIConfig() *JiraCLIConfig {
-	return &JiraCLIConfig{
+func NewJiraCLIConfig(opts ...JiraCLIConfigFunc) *JiraCLIConfig {
+	cfg := JiraCLIConfig{
 		projectsMap: make(map[string]*projectConf),
 		boardsMap:   make(map[string]*jira.Board),
 	}
+
+	for _, opt := range opts {
+		opt(&cfg)
+	}
+
+	return &cfg
+}
+
+// WithInsecureTLS is a functional opt to set TLS certificate verfication option.
+func WithInsecureTLS(ins bool) JiraCLIConfigFunc {
+	return func(c *JiraCLIConfig) {
+		c.insecure = ins
+	}
 }
 
 // Generate generates the config file.
@@ -223,9 +240,10 @@ func (c *JiraCLIConfig) verifyLoginDetails(server, login string) error {
 	server = strings.TrimRight(server, "/")
 
 	c.jiraClient = api.Client(jira.Config{
-		Server: server,
-		Login:  login,
-		Debug:  viper.GetBool("debug"),
+		Server:   server,
+		Login:    login,
+		Insecure: c.insecure,
+		Debug:    viper.GetBool("debug"),
 	})
 	if _, err := c.jiraClient.Me(); err != nil {
 		return err
@@ -354,6 +372,10 @@ func (c *JiraCLIConfig) write(path string) (string, error) {
 	config.SetConfigName(FileName)
 	config.SetConfigType(FileType)
 
+	if c.insecure {
+		config.Set("insecure", c.insecure)
+	}
+
 	config.Set("installation", c.value.installation)
 	config.Set("server", c.value.server)
 	config.Set("login", c.value.login)

pkg/jira/client.go

@@ -3,6 +3,7 @@ package jira
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net"
@@ -95,12 +96,14 @@ type Config struct {
 	Server   string
 	Login    string
 	APIToken string
+	Insecure bool
 	Debug    bool
 }
 
 // Client is a jira client.
 type Client struct {
 	transport http.RoundTripper
+	insecure  bool
 	server    string
 	login     string
 	token     string
@@ -125,7 +128,8 @@ func NewClient(c Config, opts ...ClientFunc) *Client {
 	}
 
 	client.transport = &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
+		Proxy:           http.ProxyFromEnvironment,
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: client.insecure},
 		DialContext: (&net.Dialer{
 			Timeout: client.timeout,
 		}).DialContext,
@@ -141,6 +145,13 @@ func WithTimeout(to time.Duration) ClientFunc {
 	}
 }
 
+// WithInsecureTLS is a functional opt that allow you to skip TLS certificate verfication.
+func WithInsecureTLS(ins bool) ClientFunc {
+	return func(c *Client) {
+		c.insecure = ins
+	}
+}
+
 // Get sends GET request to v3 version of the jira api.
 func (c *Client) Get(ctx context.Context, path string, headers Header) (*http.Response, error) {
 	return c.request(ctx, http.MethodGet, c.server+baseURLv3+path, nil, headers)