m/n/core/rpc: limit API footgun availability This unifies the interface of the New{Ephemeral,Authenticated}Credentials calls. They now use the same set of CredentialsOpt options which allows both calls to request a particular verification of the remote side of the connection. NewEphemeralCredentials also now requires an explicit WantInsecure option which surfaces attempts to dial the cluster without CA/node verification. Change-Id: Ibb65cb0952f6ff2092a3f55fe1c5a31bd2b72b36 Reviewed-on: https://review.monogon.dev/c/monogon/+/2741 Tested-by: Jenkins CI Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: 0c2801516b5191472bd4bc1a07ab6f414a805b27 [log] [tgz]
author: Serge Bazanski <serge@monogon.tech> Mon Feb 05 14:33:19 2024 +0100
committer: Serge Bazanski <serge@monogon.tech> Thu Feb 08 11:10:07 2024 +0000
tree: ddcffa8351f934c0a7066a6341b8bc6888e90ab3
parent: ad86a55c9c507478e2c4989f50912d7869164066 [diff]
diff --git a/metropolis/cli/metroctl/core/rpc.go b/metropolis/cli/metroctl/core/rpc.go
index 4aeda75..e519906 100644
--- a/metropolis/cli/metroctl/core/rpc.go
+++ b/metropolis/cli/metroctl/core/rpc.go

@@ -48,7 +48,7 @@
 	}
 
 	if ocert == nil {
-		creds, err := rpc.NewEphemeralCredentials(opkey, nil)
+		creds, err := rpc.NewEphemeralCredentials(opkey, rpc.WantInsecure())
 		if err != nil {
 			return nil, fmt.Errorf("while building ephemeral credentials: %v", err)
 		}
commit	0c2801516b5191472bd4bc1a07ab6f414a805b27	[log] [tgz]
author	Serge Bazanski <serge@monogon.tech>	Mon Feb 05 14:33:19 2024 +0100
committer	Serge Bazanski <serge@monogon.tech>	Thu Feb 08 11:10:07 2024 +0000
tree	ddcffa8351f934c0a7066a6341b8bc6888e90ab3
parent	ad86a55c9c507478e2c4989f50912d7869164066 [diff]