From e750bc72a0a817aacfe33baa50e136e724a1dda1 Mon Sep 17 00:00:00 2001
From: JamesMurkin <jamesmurkin@hotmail.com>
Date: Thu, 5 Dec 2019 11:15:19 +0000
Subject: [PATCH] Quick start fixes (#269)

* Correct quickstart to properly set armadaUrl

Armada url used to be specified under armada.url

Now it is specified under apiConnection.armadaUrl

* Adding ForceNoTls flag in ApiConnectionDetails

Sometimes the executor needs to be forced to use no TLS
 - Currently only uses no tls when connecting to "localhost"

This allows me to use ForceNoTls in the quickstart, as we aren't connecting to localhost and instead a specific ip address

* Fixing setting forceNoTls in quickstart
---
 docs/quickstart.md                   | 4 ++--
 internal/common/client/connection.go | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/quickstart.md b/docs/quickstart.md
index bf9535cac0c..1988e7c8286 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -71,7 +71,7 @@ helm install stable/prometheus-operator --name=prometheus-operator -f docs/quick
 kubectl apply -f docs/quickstart/prometheus-kubemetrics-rules.yaml
 
 # Install executor
-helm template ./deployment/executor --set image.tag=$ARMADA_VERSION --set applicationConfig.armada.url="$DOCKERHOSTIP:30000" --set prometheus.enabled=true | kubectl apply -f -
+helm template ./deployment/executor --set image.tag=$ARMADA_VERSION --set applicationConfig.apiConnection.armadaUrl="$DOCKERHOSTIP:30000" --set applicationConfig.apiConnection.forceNoTls=true --set prometheus.enabled=true | kubectl apply -f -
 ```
 Second executor:
 ```bash
@@ -87,7 +87,7 @@ helm install stable/prometheus-operator --name=prometheus-operator -f docs/quick
 kubectl apply -f docs/quickstart/prometheus-kubemetrics-rules.yaml
 
 # Install executor
-helm template ./deployment/executor --set image.tag=$ARMADA_VERSION --set applicationConfig.armada.url="$DOCKERHOSTIP:30000" --set prometheus.enabled=true | kubectl apply -f -
+helm template ./deployment/executor --set image.tag=$ARMADA_VERSION --set applicationConfig.apiConnection.armadaUrl="$DOCKERHOSTIP:30000" --set applicationConfig.apiConnection.forceNoTls=true --set prometheus.enabled=true | kubectl apply -f -
 ```
 ### Grafana configuration
 
diff --git a/internal/common/client/connection.go b/internal/common/client/connection.go
index 86e5765a29f..5834034d5ec 100644
--- a/internal/common/client/connection.go
+++ b/internal/common/client/connection.go
@@ -20,6 +20,7 @@ type ApiConnectionDetails struct {
 	OpenIdPasswordAuth          oidc.ClientPasswordDetails
 	OpenIdClientCredentialsAuth oidc.ClientCredentialsDetails
 	KerberosAuth                kerberos.ClientConfig
+	ForceNoTls                  bool
 }
 
 func CreateApiConnection(config *ApiConnectionDetails, additionalDialOptions ...grpc.DialOption) (*grpc.ClientConn, error) {
@@ -37,7 +38,7 @@ func CreateApiConnection(config *ApiConnectionDetails, additionalDialOptions ...
 		defaultCallOptions,
 		unuaryInterceptors,
 		streamInterceptors,
-		transportCredentials(config.ArmadaUrl))
+		transportCredentials(config))
 
 	creds, err := perRpcCredentials(config)
 	if err != nil {
@@ -69,8 +70,8 @@ func perRpcCredentials(config *ApiConnectionDetails) (credentials.PerRPCCredenti
 	return nil, nil
 }
 
-func transportCredentials(url string) grpc.DialOption {
-	if !strings.Contains(url, "localhost") {
+func transportCredentials(config *ApiConnectionDetails) grpc.DialOption {
+	if !config.ForceNoTls && !strings.Contains(config.ArmadaUrl, "localhost") {
 		return grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""))
 	}
 	return grpc.WithInsecure()