Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

handle untrusted https certificates with github enterprise #222

Open
farmboy-dev opened this issue Apr 13, 2023 · 4 comments
Open

handle untrusted https certificates with github enterprise #222

farmboy-dev opened this issue Apr 13, 2023 · 4 comments
Labels
type/feature-request Requested new feature or enhancement

Comments

@farmboy-dev
Copy link

farmboy-dev commented Apr 13, 2023

info by @gabor : add ways to handle the case where the https certificate of the github instance is not trusted by the server running grafana.. the two options are:

  • add support for a custom ca certificate
  • add support for insecure-skip-verify

image
Post "https://corp github url/api/graphql": x509: certificate signed by unknown authority

Hello, I'm trying to use this plugin for github enterprise server, but I'm getting the above error.
I can access the graphql api server using postman, vscode, grafana graphql plugin.

Thank you

@farmboy-dev
Copy link
Author

google/go-github#1439
I'm not sure, but I think my problem is related to the above issue.

@farmboy-dev
Copy link
Author

farmboy-dev commented Apr 14, 2023

+Update
I added some code to turn off tls verification.
now I keep getting this error, and still can't do health check as well.
image
it's my first time to use go to figure this problem out, so is there any guide?
I updated code in https://github.com/grafana/github-datasource/blob/main/pkg/github/datasource.go

func NewDatasource(ctx context.Context, settings models.Settings) *Datasource {
	src := oauth2.StaticTokenSource(
		&oauth2.Token{AccessToken: settings.AccessToken},
	)
        httpTransport := &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}
	httpClientTransport := &http.Client{Transport: httpTransport}
        ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClientTransport)
	httpClient := oauth2.NewClient(ctx, src)

	if settings.GithubURL == "" {
		return &Datasource{
			client: githubv4.NewClient(httpClient),
		}
	}

	return &Datasource{
		client: githubv4.NewEnterpriseClient(fmt.Sprintf("%s/api/graphql", settings.GithubURL), httpClient),
	}
}

@kajal1310
Copy link

Has anybody found a solution yet? We are also stuck here. Is there any way we can have insecure skip verify flag while setting up data source itself ?

@zoltanbedi zoltanbedi added the type/bug Unexpected behavior or a feature is broken label Jan 25, 2024
@zoltanbedi zoltanbedi moved this to Backlog in OSS Big Tent Jan 30, 2024
@gabor
Copy link
Contributor

gabor commented May 23, 2024

hi, right now there's no way to disable tls-verification i'll update this issue to be a feature-request.

in the meantime, as a workaround, i recommend making the server running grafana trust the https certificate of the github-enterprise-install (this probably involves adding certificates to the server operating system's certificate store).

@gabor gabor added type/feature-request Requested new feature or enhancement and removed type/bug Unexpected behavior or a feature is broken labels May 23, 2024
@gabor gabor changed the title x509: certificate signed by unknown authority add support to handle untrusted https certificates with github enterprise May 23, 2024
@gabor gabor changed the title add support to handle untrusted https certificates with github enterprise handle untrusted https certificates with github enterprise May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type/feature-request Requested new feature or enhancement
Projects
Status: Backlog
Development

No branches or pull requests

4 participants