From a1ec43e0b735dd5b6ecd40010218bd7ac4e7fb79 Mon Sep 17 00:00:00 2001
From: Devin Buhl <devin.kray@gmail.com>
Date: Sun, 5 Sep 2021 11:56:15 -0400
Subject: [PATCH] feat: add option to disable s3 over https

Signed-off-by: Devin Buhl <devin.kray@gmail.com>
---
 pkg/cli/cmds/etcd_snapshot.go         | 5 +++++
 pkg/cli/cmds/server.go                | 6 ++++++
 pkg/cli/etcdsnapshot/etcd_snapshot.go | 1 +
 pkg/cli/server/server.go              | 1 +
 pkg/daemons/config/types.go           | 1 +
 pkg/etcd/etcd.go                      | 2 ++
 pkg/etcd/s3.go                        | 2 +-
 7 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/pkg/cli/cmds/etcd_snapshot.go b/pkg/cli/cmds/etcd_snapshot.go
index d40d1e5007..d96ff00ab4 100644
--- a/pkg/cli/cmds/etcd_snapshot.go
+++ b/pkg/cli/cmds/etcd_snapshot.go
@@ -77,6 +77,11 @@ var EtcdSnapshotFlags = []cli.Flag{
 		Usage:       "(db) S3 folder",
 		Destination: &ServerConfig.EtcdS3Folder,
 	},
+	&cli.BoolFlag{
+		Name:        "s3-insecure",
+		Usage:       "(db) Disables S3 over HTTPS",
+		Destination: &ServerConfig.EtcdS3Insecure,
+	},
 }
 
 func NewEtcdSnapshotCommand(action func(*cli.Context) error, subcommands []cli.Command) cli.Command {
diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go
index af6679740c..1541963ab3 100644
--- a/pkg/cli/cmds/server.go
+++ b/pkg/cli/cmds/server.go
@@ -89,6 +89,7 @@ type Server struct {
 	EtcdS3BucketName         string
 	EtcdS3Region             string
 	EtcdS3Folder             string
+	EtcdS3Insecure           bool
 }
 
 var (
@@ -331,6 +332,11 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command {
 				Usage:       "(db) S3 folder",
 				Destination: &ServerConfig.EtcdS3Folder,
 			},
+			&cli.BoolFlag{
+				Name:        "etcd-s3-insecure",
+				Usage:       "(db) Disables S3 over HTTPS",
+				Destination: &ServerConfig.EtcdS3Insecure,
+			},
 			cli.StringFlag{
 				Name:        "default-local-storage-path",
 				Usage:       "(storage) Default local storage path for local provisioner storage class",
diff --git a/pkg/cli/etcdsnapshot/etcd_snapshot.go b/pkg/cli/etcdsnapshot/etcd_snapshot.go
index c2d23fff96..d024e667c3 100644
--- a/pkg/cli/etcdsnapshot/etcd_snapshot.go
+++ b/pkg/cli/etcdsnapshot/etcd_snapshot.go
@@ -49,6 +49,7 @@ func commandSetup(app *cli.Context, cfg *cmds.Server, sc *server.Config) (string
 	sc.ControlConfig.EtcdS3BucketName = cfg.EtcdS3BucketName
 	sc.ControlConfig.EtcdS3Region = cfg.EtcdS3Region
 	sc.ControlConfig.EtcdS3Folder = cfg.EtcdS3Folder
+	sc.ControlConfig.EtcdS3Insecure = cfg.EtcdS3Insecure
 	sc.ControlConfig.Runtime = &config.ControlRuntime{}
 
 	return server.ResolveDataDir(cfg.DataDir)
diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go
index 5fb2e313b1..9baa5b20aa 100644
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@@ -145,6 +145,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 		serverConfig.ControlConfig.EtcdS3BucketName = cfg.EtcdS3BucketName
 		serverConfig.ControlConfig.EtcdS3Region = cfg.EtcdS3Region
 		serverConfig.ControlConfig.EtcdS3Folder = cfg.EtcdS3Folder
+		serverConfig.ControlConfig.EtcdS3Insecure = cfg.EtcdS3Insecure
 	} else {
 		logrus.Info("ETCD snapshots are disabled")
 	}
diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go
index 1688e4ca35..44237cfe5b 100644
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@@ -167,6 +167,7 @@ type Control struct {
 	EtcdS3BucketName         string
 	EtcdS3Region             string
 	EtcdS3Folder             string
+	EtcdS3Insecure           bool
 
 	BindAddress string
 	SANs        []string
diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go
index 50abed7beb..c6c728a0bc 100644
--- a/pkg/etcd/etcd.go
+++ b/pkg/etcd/etcd.go
@@ -879,6 +879,7 @@ type s3Config struct {
 	Bucket        string `json:"bucket,omitempty"`
 	Region        string `json:"region,omitempty"`
 	Folder        string `json:"folder,omitempty"`
+	Insecure      bool   `json:"insecure,omitempty"`
 }
 
 // SnapshotFile represents a single snapshot and it's
@@ -945,6 +946,7 @@ func (e *ETCD) listSnapshots(ctx context.Context, snapshotDir string) ([]Snapsho
 					Bucket:        e.config.EtcdS3BucketName,
 					Region:        e.config.EtcdS3Region,
 					Folder:        e.config.EtcdS3Folder,
+					Insecure:      e.config.EtcdS3Insecure,
 				},
 			})
 		}
diff --git a/pkg/etcd/s3.go b/pkg/etcd/s3.go
index bf481949c1..7662e1766a 100644
--- a/pkg/etcd/s3.go
+++ b/pkg/etcd/s3.go
@@ -53,7 +53,7 @@ func NewS3(ctx context.Context, config *config.Control) (*S3, error) {
 
 	opt := minio.Options{
 		Creds:        creds,
-		Secure:       true,
+		Secure:       !config.EtcdS3Insecure,
 		Region:       config.EtcdS3Region,
 		Transport:    tr,
 		BucketLookup: bucketLookupType(config.EtcdS3Endpoint),