Update meta nodes to respect insecure skip verify

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.4.1.2
+current_version = 1.4.1.3
 files = README.md server/swagger.json
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\.(?P<release>\d+)
 serialize = {major}.{minor}.{patch}.{release}

CHANGELOG.md

@@ -1,5 +1,11 @@
 ## v1.4.2.0 [unreleased]
+### Features
+### UI Improvements
+### Bug Fixes
 
+## v1.4.1.3 [2018-02-14]
+### Bug Fixes
+1. [#2818](https://github.com/influxdata/chronograf/pull/2818): Allow self-signed certificates for Enterprise InfluxDB Meta nodes
 
 ## v1.4.1.2 [2018-02-13]
 ### Bug Fixes

README.md

@@ -136,7 +136,7 @@ option.
 ## Versions
 
 The most recent version of Chronograf is
-[v1.4.1.2](https://www.influxdata.com/downloads/).
+[v1.4.1.3](https://www.influxdata.com/downloads/).
 
 Spotted a bug or have a feature request? Please open
 [an issue](https://github.com/influxdata/chronograf/issues/new)!
@@ -178,7 +178,7 @@ By default, chronograf runs on port `8888`.
 To get started right away with Docker, you can pull down our latest release:
 
 ```sh
-docker pull chronograf:1.4.1.2
+docker pull chronograf:1.4.1.3
 ```
 
 ### From Source

enterprise/enterprise.go

@@ -51,13 +51,13 @@ type Client struct {
 }
 
 // NewClientWithTimeSeries initializes a Client with a known set of TimeSeries.
-func NewClientWithTimeSeries(lg chronograf.Logger, mu string, authorizer influx.Authorizer, tls bool, series ...chronograf.TimeSeries) (*Client, error) {
+func NewClientWithTimeSeries(lg chronograf.Logger, mu string, authorizer influx.Authorizer, tls, insecure bool, series ...chronograf.TimeSeries) (*Client, error) {
 	metaURL, err := parseMetaURL(mu, tls)
 	if err != nil {
 		return nil, err
 	}
 
-	ctrl := NewMetaClient(metaURL, authorizer)
+	ctrl := NewMetaClient(metaURL, insecure, authorizer)
 	c := &Client{
 		Ctrl: ctrl,
 		UsersStore: &UserStore{
@@ -85,13 +85,13 @@ func NewClientWithTimeSeries(lg chronograf.Logger, mu string, authorizer influx.
 // varieties. TLS is used when the URL contains "https" or when the TLS
 // parameter is set.  authorizer will add the correct `Authorization` headers
 // on the out-bound request.
-func NewClientWithURL(mu string, authorizer influx.Authorizer, tls bool, lg chronograf.Logger) (*Client, error) {
+func NewClientWithURL(mu string, authorizer influx.Authorizer, tls bool, insecure bool, lg chronograf.Logger) (*Client, error) {
 	metaURL, err := parseMetaURL(mu, tls)
 	if err != nil {
 		return nil, err
 	}
 
-	ctrl := NewMetaClient(metaURL, authorizer)
+	ctrl := NewMetaClient(metaURL, insecure, authorizer)
 	return &Client{
 		Ctrl: ctrl,
 		UsersStore: &UserStore{

enterprise/enterprise_test.go

@@ -84,6 +84,7 @@ func Test_Enterprise_AdvancesDataNodes(t *testing.T) {
 			Password: "thelake",
 		},
 		false,
+		false,
 		chronograf.TimeSeries(m1),
 		chronograf.TimeSeries(m2))
 	if err != nil {
@@ -114,23 +115,53 @@ func Test_Enterprise_NewClientWithURL(t *testing.T) {
 	t.Parallel()
 
 	urls := []struct {
-		url       string
-		username  string
-		password  string
-		tls       bool
-		shouldErr bool
+		name               string
+		url                string
+		username           string
+		password           string
+		tls                bool
+		insecureSkipVerify bool
+		wantErr            bool
 	}{
-		{"http://localhost:8086", "", "", false, false},
-		{"https://localhost:8086", "", "", false, false},
-		{"http://localhost:8086", "username", "password", false, false},
-
-		{"http://localhost:8086", "", "", true, false},
-		{"https://localhost:8086", "", "", true, false},
-
-		{"localhost:8086", "", "", false, false},
-		{"localhost:8086", "", "", true, false},
-
-		{":http", "", "", false, true},
+		{
+			name: "no tls should have no error",
+			url:  "http://localhost:8086",
+		},
+		{
+			name: "tls sholuld have no error",
+			url:  "https://localhost:8086",
+		},
+		{
+			name:     "no tls but with basic auth",
+			url:      "http://localhost:8086",
+			username: "username",
+			password: "password",
+		},
+		{
+			name: "tls request but url is not tls should not error",
+			url:  "http://localhost:8086",
+			tls:  true,
+		},
+		{
+			name:               "https with tls and with insecureSkipVerify should not error",
+			url:                "https://localhost:8086",
+			tls:                true,
+			insecureSkipVerify: true,
+		},
+		{
+			name: "URL does not require http or https",
+			url:  "localhost:8086",
+		},
+		{
+			name: "URL with TLS request should not error",
+			url:  "localhost:8086",
+			tls:  true,
+		},
+		{
+			name:    "invalid URL causes error",
+			url:     ":http",
+			wantErr: true,
+		},
 	}
 
 	for _, testURL := range urls {
@@ -141,10 +172,11 @@ func Test_Enterprise_NewClientWithURL(t *testing.T) {
 				Password: testURL.password,
 			},
 			testURL.tls,
+			testURL.insecureSkipVerify,
 			log.New(log.DebugLevel))
-		if err != nil && !testURL.shouldErr {
+		if err != nil && !testURL.wantErr {
 			t.Errorf("Unexpected error creating Client with URL %s and TLS preference %t. err: %s", testURL.url, testURL.tls, err.Error())
-		} else if err == nil && testURL.shouldErr {
+		} else if err == nil && testURL.wantErr {
 			t.Errorf("Expected error creating Client with URL %s and TLS preference %t", testURL.url, testURL.tls)
 		}
 	}
@@ -159,7 +191,7 @@ func Test_Enterprise_ComplainsIfNotOpened(t *testing.T) {
 			Username: "docbrown",
 			Password: "1.21 gigawatts",
 		},
-		false, chronograf.TimeSeries(m1))
+		false, false, chronograf.TimeSeries(m1))
 	if err != nil {
 		t.Error("Expected ErrUnitialized, but was this err:", err)
 	}

enterprise/meta.go

@@ -3,6 +3,7 @@ package enterprise
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -14,6 +15,14 @@ import (
 	"github.com/influxdata/chronograf/influx"
 )
 
+// Shared transports for all clients to prevent leaking connections
+var (
+	skipVerifyTransport = &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	defaultTransport = &http.Transport{}
+)
+
 type client interface {
 	Do(URL *url.URL, path, method string, authorizer influx.Authorizer, params map[string]string, body io.Reader) (*http.Response, error)
 }
@@ -26,10 +35,12 @@ type MetaClient struct {
 }
 
 // NewMetaClient represents a meta node in an Influx Enterprise cluster
-func NewMetaClient(url *url.URL, authorizer influx.Authorizer) *MetaClient {
+func NewMetaClient(url *url.URL, InsecureSkipVerify bool, authorizer influx.Authorizer) *MetaClient {
 	return &MetaClient{
-		URL:        url,
-		client:     &defaultClient{},
+		URL: url,
+		client: &defaultClient{
+			InsecureSkipVerify: InsecureSkipVerify,
+		},
 		authorizer: authorizer,
 	}
 }
@@ -399,7 +410,8 @@ func (m *MetaClient) Post(ctx context.Context, path string, action interface{},
 }
 
 type defaultClient struct {
-	Leader string
+	Leader             string
+	InsecureSkipVerify bool
 }
 
 // Do is a helper function to interface with Influx Enterprise's Meta API
@@ -438,6 +450,12 @@ func (d *defaultClient) Do(URL *url.URL, path, method string, authorizer influx.
 		CheckRedirect: d.AuthedCheckRedirect,
 	}
 
+	if d.InsecureSkipVerify {
+		client.Transport = skipVerifyTransport
+	} else {
+		client.Transport = defaultTransport
+	}
+
 	res, err := client.Do(req)
 	if err != nil {
 		return nil, err

enterprise/users.go

@@ -37,7 +37,7 @@ func (c *UserStore) Delete(ctx context.Context, u *chronograf.User) error {
 	return c.Ctrl.DeleteUser(ctx, u.Name)
 }
 
-// Number of users in Influx
+// Num of users in Influx
 func (c *UserStore) Num(ctx context.Context) (int, error) {
 	all, err := c.All(ctx)
 	if err != nil {

server/service.go

@@ -48,7 +48,8 @@ func (c *InfluxClient) New(src chronograf.Source, logger chronograf.Logger) (chr
 	}
 	if src.Type == chronograf.InfluxEnterprise && src.MetaURL != "" {
 		tls := strings.Contains(src.MetaURL, "https")
-		return enterprise.NewClientWithTimeSeries(logger, src.MetaURL, influx.DefaultAuthorization(&src), tls, client)
+		insecure := src.InsecureSkipVerify
+		return enterprise.NewClientWithTimeSeries(logger, src.MetaURL, influx.DefaultAuthorization(&src), tls, insecure, client)
 	}
 	return client, nil
 }

server/swagger.json

@@ -3,7 +3,7 @@
   "info": {
     "title": "Chronograf",
     "description": "API endpoints for Chronograf",
-    "version": "1.4.1.2"
+    "version": "1.4.1.3"
   },
   "schemes": ["http"],
   "basePath": "/chronograf/v1",

ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "chronograf-ui",
-  "version": "1.4.1-2",
+  "version": "1.4.1-3",
   "private": false,
   "license": "AGPL-3.0",
   "description": "",