grpc-client: distinguish no tls or tls: insecure skip verify (#309)

* grpc-client: distinguish `no tls` or `tls: insecure skip verify`

* add config example for grpc-client with tls

* polish example config

providers/grpcclient/examples/examples.yaml

@@ -0,0 +1,17 @@
+examples:
+
+# insecure_skip_verify: true
+grpc-client:
+  addr: ai-proxy-grpc.erda.cloud:443
+  tls:
+    insecure_skip_verify: true
+
+# notls (default)
+#grpc-client:
+#  addr: localhost:8082
+
+# with tls
+#grpc-client:
+#  addr: ai-proxy-grpc.erda.cloud:443
+#  tls:
+#    ca_file: ./erda-cloud.pem

providers/grpcclient/examples/main.go

@@ -0,0 +1,55 @@
+// Copyright (c) 2021 Terminus, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/erda-project/erda-infra/base/servicehub"
+	"github.com/erda-project/erda-infra/providers/grpcclient"
+	_ "github.com/erda-project/erda-infra/providers/grpcclient"
+)
+
+type provider struct {
+	GRPCClient grpcclient.Interface `optional:"false"`
+}
+
+func (p *provider) Run(ctx context.Context) error {
+	fmt.Println(p.GRPCClient.Get().Target())
+	fmt.Println(p.GRPCClient.Get().GetState())
+	return nil
+}
+
+func (p *provider) Init(ctx servicehub.Context) error {
+	return nil
+}
+
+func init() {
+	servicehub.Register("examples", &servicehub.Spec{
+		Services:     []string{"hello"},
+		Dependencies: []string{"grpc-client"},
+		Description:  "hello for example",
+		Creator: func() servicehub.Provider {
+			return &provider{}
+		},
+	})
+}
+
+func main() {
+	hub := servicehub.New()
+	hub.Run("examples", "", os.Args...)
+}

providers/grpcclient/provider.go

@@ -16,15 +16,17 @@ package grpcclient
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"reflect"
 
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+
 	"github.com/erda-project/erda-infra/base/logs"
 	"github.com/erda-project/erda-infra/base/servicehub"
 	grpccontext "github.com/erda-project/erda-infra/pkg/trace/inject/context/grpc"
 	transgrpc "github.com/erda-project/erda-infra/pkg/transport/grpc"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 )
 
 // Interface .
@@ -44,6 +46,7 @@ type config struct {
 	TLS  struct {
 		ServerNameOverride string `file:"cert_file" desc:"the server name used to verify the hostname returned by the TLS handshake"`
 		CAFile             string `file:"ca_file" desc:"the file containing the CA root cert file"`
+		InsecureSkipVerify bool   `file:"insecure_skip_verify" desc:"skip verify"`
 	} `file:"tls"`
 	Singleton   bool `file:"singleton" default:"true" desc:"one client instance"`
 	Block       bool `file:"block" default:"true" desc:"block until the connection is up"`
@@ -66,7 +69,17 @@ func (p *provider) Init(ctx servicehub.Context) error {
 		}
 		opts = append(opts, grpc.WithTransportCredentials(creds))
 	} else {
-		opts = append(opts, grpc.WithInsecure())
+		// distinguish `no tls` or `tls: insecure skip verify`
+		notls := true // default no tls, compatible with old config
+		if p.Cfg.TLS.InsecureSkipVerify {
+			notls = false
+		}
+		if notls {
+			opts = append(opts, grpc.WithInsecure())
+		} else {
+			insecureSkipVerifyTLS := credentials.NewTLS(&tls.Config{InsecureSkipVerify: true})
+			opts = append(opts, grpc.WithTransportCredentials(insecureSkipVerifyTLS))
+		}
 	}
 	if p.Cfg.TraceEnable {
 		opts = append(opts,