From 7d7b26b82cba69b147a5d9d85845068abb19dfaa Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kienan.stewart@burntworld.ca>
Date: Tue, 23 Aug 2022 22:10:27 -0400
Subject: [PATCH] Add option to enable TLS verification

---
 client.go      |  6 ++++--
 client_test.go | 12 ++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/client.go b/client.go
index 226c1aa..0cb5953 100644
--- a/client.go
+++ b/client.go
@@ -23,15 +23,17 @@ type Client struct {
 	Host       string
 	Port       int
 	ApiVersion int
+	TlsVerify  bool
 }
 
-func NewClient(username, password, host string, port, apiversion int) *Client {
+func NewClient(username, password, host string, port, apiversion int, tlsverify bool) *Client {
 	return &Client{
 		Username:   username,
 		Password:   password,
 		Host:       host,
 		Port:       port,
 		ApiVersion: apiversion,
+		TlsVerify:  tlsverify,
 	}
 }
 
@@ -122,7 +124,7 @@ func (s *Client) GetHttpClient() (*http.Client) {
 	// Ganeti often has a self-signed certificate that is used for the RAPI
 	// @TODO This should be configural
 	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: !s.TlsVerify},
 	}
 	return &http.Client{Transport: tr}
 }
diff --git a/client_test.go b/client_test.go
index 0c186ac..bb4ed35 100644
--- a/client_test.go
+++ b/client_test.go
@@ -35,7 +35,15 @@ func getTestClient(t *testing.T) *Client {
 	if version_error != nil {
 		t.Errorf("Failed to convert '%v' to integer: %v", version, version_error)
 	}
-	return NewClient(username, password, host, _port, _version)
+	tlsverify := os.Getenv("RAPI_TLS_VERIFY")
+	if len(tlsverify) == 0 {
+		tlsverify = "false"
+	}
+	_tlsverify, tlsverify_err := strconv.ParseBool(tlsverify)
+	if tlsverify_err != nil {
+		t.Errorf("Failed to convert '%v' to bool: %v'", tlsverify, tlsverify_err)
+	}
+	return NewClient(username, password, host, _port, _version, _tlsverify)
 }
 
 func TestClusterInfo(t *testing.T) {
@@ -64,7 +72,7 @@ func TestGetNetworksBulk(t *testing.T) {
 
 func TestGetNetworkInformation(t *testing.T) {
 	c := getTestClient(t)
-	n, err := c.GetNetworks()
+	_, err := c.GetNetworks()
 	if err != nil {
 		t.Errorf("Got error requesting network list %s", err)
 	}