Allow to disable certificate verification on connection to ClickHouse (…

…#7)

* Allow to disable certificate verification on connection to ClickHouse
* Fix and update deps. Fix minor issues. Allow the InsecureSkipVerify to be set (disable linter: gosec)

config/config.go

@@ -76,7 +76,8 @@ type Config struct {
 
 	ParamGroups []ParamGroup `yaml:"param_groups,omitempty"`
 
-	ConnectionPool ConnectionPool `yaml:"connection_pool,omitempty"`
+	// HTTPClient - extra config options for HTTP client
+	HTTPClient HTTPClientConfig `yaml:"http_client,omitempty"`
 
 	// Allow to proxy ping requests
 	AllowPing bool `yaml:"allow_ping,omitempty"`
@@ -502,7 +503,7 @@ func (c *Metrics) UnmarshalYAML(unmarshal func(interface{}) error) error {
 
 type Proxy struct {
 	// Enable enables parsing proxy headers. In proxy mode, CHProxy will try to
-	// parse the X-Forwarded-For, X-Real-IP or Forwarded header to extract the IP. If an other header is configured
+	// parse the X-Forwarded-For, X-Real-IP or Forwarded header to extract the IP. If another header is configured
 	// in the proxy settings, CHProxy will  use that header instead.
 	Enable bool `yaml:"enable,omitempty"`
 
@@ -529,6 +530,14 @@ func (c *Proxy) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return checkOverflow(c.XXX, "proxy")
 }
 
+// HTTPClientConfig contains extra options for a HTTP client
+type HTTPClientConfig struct {
+	// InsecureSkipVerify turns off certificatev verification
+	InsecureSkipVerify bool `yaml:"insecure_skip_verify,omitempty"`
+
+	ConnectionPool ConnectionPool `yaml:"connection_pool,omitempty"`
+}
+
 // Cluster describes CH cluster configuration
 // The simplest configuration consists of:
 //

config/config_test.go

@@ -9,10 +9,10 @@ import (
 	"time"
 
 	"github.com/contentsquare/chproxy/global/types"
-
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/mohae/deepcopy"
+	"github.com/stretchr/testify/assert"
 	"gopkg.in/yaml.v2"
 )
 
@@ -209,9 +209,12 @@ var fullConfig = Config{
 		},
 	},
 
-	ConnectionPool: ConnectionPool{
-		MaxIdleConns:        100,
-		MaxIdleConnsPerHost: 2,
+	HTTPClient: HTTPClientConfig{
+		InsecureSkipVerify: true,
+		ConnectionPool: ConnectionPool{
+			MaxIdleConns:        100,
+			MaxIdleConnsPerHost: 2,
+		},
 	},
 
 	Users: []User{
@@ -932,16 +935,14 @@ param_groups:
     value: "30"
   - key: max_execution_time
     value: "30"
-connection_pool:
-  max_idle_conns: 100
-  max_idle_conns_per_host: 2
+http_client:
+  insecure_skip_verify: true
+  connection_pool:
+    max_idle_conns: 100
+    max_idle_conns_per_host: 2
 `, redisPort)
 	tested := fullConfig.String()
-	if tested != expected {
-		t.Fatalf("the stringify version of fullConfig is not what it's expected: %s",
-			cmp.Diff(tested, expected))
-
-	}
+	assert.Equal(t, expected, tested)
 }
 
 func TestConfigReplaceEnvVars(t *testing.T) {

config/testdata/full.yml

@@ -96,16 +96,20 @@ param_groups:
       - key: "max_execution_time"
         value: "30"
 
-# Settings for `chproxy` connection pool to ClickHouse.
-connection_pool:
-  # Total number of connections to keep open
-  # when they are not needed for clients.
-  # Consider increasing if many sessions in TIME_WAIT and Bad Gateway is
-  # often returned by chporxy.
-  max_idle_conns: 100
-  # Number of connections per ClickHouse host to keep open
-  # when they are not needed for clients.
-  max_idle_conns_per_host: 2
+# Settings for `chproxy` connection to ClickHouse
+http_client:
+  # Allow to disable cert validation, useful for testing purposes.
+  insecure_skip_verify: true
+  # Settings for `chproxy` connection pool to ClickHouse.
+  connection_pool:
+    # Total number of connections to keep open
+    # when they are not needed for clients.
+    # Consider increasing if many sessions in TIME_WAIT and Bad Gateway is
+    # often returned by chporxy.
+    max_idle_conns: 100
+    # Number of connections per ClickHouse host to keep open
+    # when they are not needed for clients.
+    max_idle_conns_per_host: 2
 
 # Settings for `chproxy` input interfaces.
 server:

go.mod

@@ -3,38 +3,36 @@ module github.com/contentsquare/chproxy
 go 1.23
 
 require (
-	github.com/alicebob/miniredis/v2 v2.21.0
+	github.com/alicebob/miniredis/v2 v2.34.0
 	github.com/coreos/go-systemd/v22 v22.5.0
-	github.com/google/go-cmp v0.5.7
-	github.com/klauspost/compress v1.15.11
+	github.com/google/go-cmp v0.6.0
+	github.com/klauspost/compress v1.17.11
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
-	github.com/pierrec/lz4 v2.4.0+incompatible
-	github.com/prometheus/client_golang v1.11.1
-	github.com/redis/go-redis/v9 v9.0.2
-	github.com/stretchr/testify v1.8.1
-	golang.org/x/crypto v0.31.0
-	golang.org/x/time v0.3.0
+	github.com/pierrec/lz4 v2.6.1+incompatible
+	github.com/prometheus/client_golang v1.20.5
+	github.com/redis/go-redis/v9 v9.7.0
+	github.com/stretchr/testify v1.10.0
+	golang.org/x/crypto v0.32.0
+	golang.org/x/time v0.9.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
-	github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
+	github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/frankban/quicktest v1.7.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/frankban/quicktest v1.14.6 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.26.0 // indirect
-	github.com/prometheus/procfs v0.6.0 // indirect
-	github.com/yuin/gopher-lua v0.0.0-20210529063254-f4c35e4016d9 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/yuin/gopher-lua v1.1.1 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/protobuf v1.36.3 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )