Add CLI flag --skip-tls-verify (#194)

* Add CLI flag `--skip-tls-verify`

* Update README for `--skip-tls-verify`

Author: iwinux

README.md

@@ -37,23 +37,24 @@ Usage:
   spanner-cli [OPTIONS]
 
 spanner:
-  -p, --project=       (required) GCP Project ID. [$SPANNER_PROJECT_ID]
-  -i, --instance=      (required) Cloud Spanner Instance ID [$SPANNER_INSTANCE_ID]
-  -d, --database=      (required) Cloud Spanner Database ID. [$SPANNER_DATABASE_ID]
-  -e, --execute=       Execute SQL statement and quit.
-  -f, --file=          Execute SQL statement from file and quit.
-  -t, --table          Display output in table format for batch mode.
-  -v, --verbose        Display verbose output.
-      --credential=    Use the specific credential file
-      --prompt=        Set the prompt to the specified format
-      --history=       Set the history file to the specified path
-      --priority=      Set default request priority (HIGH|MEDIUM|LOW)
-      --role=          Use the specific database role
-      --directed-read= Directed read option (replica_location:replica_type).
-                       The replicat_type is optional and either READ_ONLY or READ_WRITE.
+  -p, --project=         (required) GCP Project ID. [$SPANNER_PROJECT_ID]
+  -i, --instance=        (required) Cloud Spanner Instance ID [$SPANNER_INSTANCE_ID]
+  -d, --database=        (required) Cloud Spanner Database ID. [$SPANNER_DATABASE_ID]
+  -e, --execute=         Execute SQL statement and quit.
+  -f, --file=            Execute SQL statement from file and quit.
+  -t, --table            Display output in table format for batch mode.
+  -v, --verbose          Display verbose output.
+      --credential=      Use the specific credential file
+      --prompt=          Set the prompt to the specified format
+      --history=         Set the history file to the specified path
+      --priority=        Set default request priority (HIGH|MEDIUM|LOW)
+      --role=            Use the specific database role
+      --endpoint=        Set the Spanner API endpoint (host:port)
+      --directed-read=   Directed read option (replica_location:replica_type). The replicat_type is optional and either READ_ONLY or READ_WRITE
+      --skip-tls-verify  Insecurely skip TLS verify
 
 Help Options:
-  -h, --help        Show this help message
+  -h, --help             Show this help message
 ```
 
 ### Authentication

cli.go

@@ -19,6 +19,7 @@ package main
 import (
 	"bufio"
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@@ -33,7 +34,9 @@ import (
 	"github.com/chzyer/readline"
 	"github.com/olekukonko/tablewriter"
 	"google.golang.org/api/option"
+	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
 )
 
 type DisplayMode int
@@ -58,25 +61,26 @@ var (
 )
 
 type Cli struct {
-	Session     *Session
-	Prompt      string
-	HistoryFile string
-	Credential  []byte
-	InStream    io.ReadCloser
-	OutStream   io.Writer
-	ErrStream   io.Writer
-	Verbose     bool
-	Priority    pb.RequestOptions_Priority
-	Endpoint    string
+	Session       *Session
+	Prompt        string
+	HistoryFile   string
+	Credential    []byte
+	InStream      io.ReadCloser
+	OutStream     io.Writer
+	ErrStream     io.Writer
+	Verbose       bool
+	Priority      pb.RequestOptions_Priority
+	Endpoint      string
+	SkipTLSVerify bool
 }
 
 type command struct {
 	Stmt     Statement
 	Vertical bool
 }
 
-func NewCli(projectId, instanceId, databaseId, prompt, historyFile string, credential []byte, inStream io.ReadCloser, outStream io.Writer, errStream io.Writer, verbose bool, priority pb.RequestOptions_Priority, role string, endpoint string, directedRead *pb.DirectedReadOptions) (*Cli, error) {
-	session, err := createSession(projectId, instanceId, databaseId, credential, priority, role, endpoint, directedRead)
+func NewCli(projectId, instanceId, databaseId, prompt, historyFile string, credential []byte, inStream io.ReadCloser, outStream io.Writer, errStream io.Writer, verbose bool, priority pb.RequestOptions_Priority, role string, endpoint string, directedRead *pb.DirectedReadOptions, skipTLSVerify bool) (*Cli, error) {
+	session, err := createSession(projectId, instanceId, databaseId, credential, priority, role, endpoint, directedRead, skipTLSVerify)
 	if err != nil {
 		return nil, err
 	}
@@ -90,15 +94,16 @@ func NewCli(projectId, instanceId, databaseId, prompt, historyFile string, crede
 	}
 
 	return &Cli{
-		Session:     session,
-		Prompt:      prompt,
-		HistoryFile: historyFile,
-		Credential:  credential,
-		InStream:    inStream,
-		OutStream:   outStream,
-		ErrStream:   errStream,
-		Verbose:     verbose,
-		Endpoint:    endpoint,
+		Session:       session,
+		Prompt:        prompt,
+		HistoryFile:   historyFile,
+		Credential:    credential,
+		InStream:      inStream,
+		OutStream:     outStream,
+		ErrStream:     errStream,
+		Verbose:       verbose,
+		Endpoint:      endpoint,
+		SkipTLSVerify: skipTLSVerify,
 	}, nil
 }
 
@@ -148,7 +153,7 @@ func (c *Cli) RunInteractive() int {
 		}
 
 		if s, ok := stmt.(*UseStatement); ok {
-			newSession, err := createSession(c.Session.projectId, c.Session.instanceId, s.Database, c.Credential, c.Priority, s.Role, c.Endpoint, c.Session.directedRead)
+			newSession, err := createSession(c.Session.projectId, c.Session.instanceId, s.Database, c.Credential, c.Priority, s.Role, c.Endpoint, c.Session.directedRead, c.SkipTLSVerify)
 			if err != nil {
 				c.PrintInteractiveError(err)
 				continue
@@ -310,14 +315,18 @@ func (c *Cli) getInterpolatedPrompt() string {
 	return prompt
 }
 
-func createSession(projectId string, instanceId string, databaseId string, credential []byte, priority pb.RequestOptions_Priority, role string, endpoint string, directedRead *pb.DirectedReadOptions) (*Session, error) {
+func createSession(projectId string, instanceId string, databaseId string, credential []byte, priority pb.RequestOptions_Priority, role string, endpoint string, directedRead *pb.DirectedReadOptions, skipTLSVerify bool) (*Session, error) {
 	var opts []option.ClientOption
 	if credential != nil {
 		opts = append(opts, option.WithCredentialsJSON(credential))
 	}
 	if endpoint != "" {
 		opts = append(opts, option.WithEndpoint(endpoint))
 	}
+	if skipTLSVerify {
+		creds := credentials.NewTLS(&tls.Config{InsecureSkipVerify: true})
+		opts = append(opts, option.WithGRPCDialOption(grpc.WithTransportCredentials(creds)))
+	}
 	return NewSession(projectId, instanceId, databaseId, priority, role, directedRead, opts...)
 }
 

main.go

@@ -33,20 +33,21 @@ type globalOptions struct {
 }
 
 type spannerOptions struct {
-	ProjectId    string `short:"p" long:"project" env:"SPANNER_PROJECT_ID" description:"(required) GCP Project ID."`
-	InstanceId   string `short:"i" long:"instance" env:"SPANNER_INSTANCE_ID" description:"(required) Cloud Spanner Instance ID"`
-	DatabaseId   string `short:"d" long:"database" env:"SPANNER_DATABASE_ID" description:"(required) Cloud Spanner Database ID."`
-	Execute      string `short:"e" long:"execute" description:"Execute SQL statement and quit."`
-	File         string `short:"f" long:"file" description:"Execute SQL statement from file and quit."`
-	Table        bool   `short:"t" long:"table" description:"Display output in table format for batch mode."`
-	Verbose      bool   `short:"v" long:"verbose" description:"Display verbose output."`
-	Credential   string `long:"credential" description:"Use the specific credential file"`
-	Prompt       string `long:"prompt" description:"Set the prompt to the specified format"`
-	HistoryFile  string `long:"history" description:"Set the history file to the specified path"`
-	Priority     string `long:"priority" description:"Set default request priority (HIGH|MEDIUM|LOW)"`
-	Role         string `long:"role" description:"Use the specific database role"`
-	Endpoint     string `long:"endpoint" description:"Set the Spanner API endpoint (host:port)"`
-	DirectedRead string `long:"directed-read" description:"Directed read option (replica_location:replica_type). The replicat_type is optional and either READ_ONLY or READ_WRITE"`
+	ProjectId     string `short:"p" long:"project" env:"SPANNER_PROJECT_ID" description:"(required) GCP Project ID."`
+	InstanceId    string `short:"i" long:"instance" env:"SPANNER_INSTANCE_ID" description:"(required) Cloud Spanner Instance ID"`
+	DatabaseId    string `short:"d" long:"database" env:"SPANNER_DATABASE_ID" description:"(required) Cloud Spanner Database ID."`
+	Execute       string `short:"e" long:"execute" description:"Execute SQL statement and quit."`
+	File          string `short:"f" long:"file" description:"Execute SQL statement from file and quit."`
+	Table         bool   `short:"t" long:"table" description:"Display output in table format for batch mode."`
+	Verbose       bool   `short:"v" long:"verbose" description:"Display verbose output."`
+	Credential    string `long:"credential" description:"Use the specific credential file"`
+	Prompt        string `long:"prompt" description:"Set the prompt to the specified format"`
+	HistoryFile   string `long:"history" description:"Set the history file to the specified path"`
+	Priority      string `long:"priority" description:"Set default request priority (HIGH|MEDIUM|LOW)"`
+	Role          string `long:"role" description:"Use the specific database role"`
+	Endpoint      string `long:"endpoint" description:"Set the Spanner API endpoint (host:port)"`
+	DirectedRead  string `long:"directed-read" description:"Directed read option (replica_location:replica_type). The replicat_type is optional and either READ_ONLY or READ_WRITE"`
+	SkipTLSVerify bool   `long:"skip-tls-verify" description:"Insecurely skip TLS verify"`
 }
 
 func main() {
@@ -96,7 +97,7 @@ func main() {
 		}
 	}
 
-	cli, err := NewCli(opts.ProjectId, opts.InstanceId, opts.DatabaseId, opts.Prompt, opts.HistoryFile, cred, os.Stdin, os.Stdout, os.Stderr, opts.Verbose, priority, opts.Role, opts.Endpoint, directedRead)
+	cli, err := NewCli(opts.ProjectId, opts.InstanceId, opts.DatabaseId, opts.Prompt, opts.HistoryFile, cred, os.Stdin, os.Stdout, os.Stderr, opts.Verbose, priority, opts.Role, opts.Endpoint, directedRead, opts.SkipTLSVerify)
 	if err != nil {
 		exitf("Failed to connect to Spanner: %v", err)
 	}