From 80cd053c44a2dd6a3aebb7cd3aead70f71c00006 Mon Sep 17 00:00:00 2001
From: Joonas Bergius <joonas@bergi.us>
Date: Tue, 27 Aug 2024 21:47:36 -0500
Subject: [PATCH] refactor: break --insecure into --http-only and
 --tls-skip-verify

Fixes #2860

Signed-off-by: Joonas Bergius <joonas@bergi.us>
---
 src/cmd/common/viper.go                | 18 ++++++++++--------
 src/cmd/root.go                        |  3 +++
 src/config/config.go                   | 10 ++++++++++
 src/config/lang/english.go             | 18 ++++++++++--------
 src/internal/packager/helm/chart.go    |  2 +-
 src/internal/packager/helm/repo.go     |  2 +-
 src/internal/packager/images/common.go |  6 +++---
 src/pkg/packager/creator/normal.go     | 15 +++++++++------
 src/pkg/zoci/common.go                 |  4 ++--
 src/types/runtime.go                   |  4 ++++
 10 files changed, 53 insertions(+), 29 deletions(-)

diff --git a/src/cmd/common/viper.go b/src/cmd/common/viper.go
index e161c22d00..dd963619ed 100644
--- a/src/cmd/common/viper.go
+++ b/src/cmd/common/viper.go
@@ -20,14 +20,16 @@ const (
 
 	// Root config keys
 
-	VLogLevel     = "log_level"
-	VArchitecture = "architecture"
-	VNoLogFile    = "no_log_file"
-	VNoProgress   = "no_progress"
-	VNoColor      = "no_color"
-	VZarfCache    = "zarf_cache"
-	VTmpDir       = "tmp_dir"
-	VInsecure     = "insecure"
+	VLogLevel      = "log_level"
+	VArchitecture  = "architecture"
+	VNoLogFile     = "no_log_file"
+	VNoProgress    = "no_progress"
+	VNoColor       = "no_color"
+	VZarfCache     = "zarf_cache"
+	VTmpDir        = "tmp_dir"
+	VInsecure      = "insecure"
+	VHttpOnly      = "http_only"
+	VSkipVerifyTLS = "tls_skip_verify"
 
 	// Init config keys
 
diff --git a/src/cmd/root.go b/src/cmd/root.go
index 62e0582c8e..b8df1947b3 100644
--- a/src/cmd/root.go
+++ b/src/cmd/root.go
@@ -121,4 +121,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&config.CommonOptions.CachePath, "zarf-cache", v.GetString(common.VZarfCache), lang.RootCmdFlagCachePath)
 	rootCmd.PersistentFlags().StringVar(&config.CommonOptions.TempDirectory, "tmpdir", v.GetString(common.VTmpDir), lang.RootCmdFlagTempDir)
 	rootCmd.PersistentFlags().BoolVar(&config.CommonOptions.Insecure, "insecure", v.GetBool(common.VInsecure), lang.RootCmdFlagInsecure)
+	rootCmd.PersistentFlags().MarkHidden("insecure")
+	rootCmd.PersistentFlags().BoolVar(&config.CommonOptions.HttpOnly, "http-only", v.GetBool(common.VHttpOnly), lang.RootCmdFlagHttpOnly)
+	rootCmd.PersistentFlags().BoolVar(&config.CommonOptions.SkipVerifyTLS, "tls-skip-verify", v.GetBool(common.VSkipVerifyTLS), lang.RootCmdFlagSkipVerifyTLS)
 }
diff --git a/src/config/config.go b/src/config/config.go
index 4a4001dce6..021c1d466f 100644
--- a/src/config/config.go
+++ b/src/config/config.go
@@ -110,3 +110,13 @@ func GetAbsHomePath(path string) string {
 	}
 	return path
 }
+
+// HttpOnly is a convenience method that consolidates --http-only and --insecure flags into single boolean.
+func HttpOnly() bool {
+	return CommonOptions.HttpOnly || CommonOptions.Insecure
+}
+
+// SkipVerifyTLS is a convenience method that consolidates --tls-skip-verify and --insecure flags into single boolean.
+func SkipVerifyTLS() bool {
+	return CommonOptions.SkipVerifyTLS || CommonOptions.Insecure
+}
diff --git a/src/config/lang/english.go b/src/config/lang/english.go
index 50ce790c44..aa5ee96953 100644
--- a/src/config/lang/english.go
+++ b/src/config/lang/english.go
@@ -45,14 +45,16 @@ const (
 	RootCmdLong  = "Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud native workloads\n" +
 		"using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments."
 
-	RootCmdFlagLogLevel    = "Log level when running Zarf. Valid options are: warn, info, debug, trace"
-	RootCmdFlagArch        = "Architecture for OCI images and Zarf packages"
-	RootCmdFlagSkipLogFile = "Disable log file creation"
-	RootCmdFlagNoProgress  = "Disable fancy UI progress bars, spinners, logos, etc"
-	RootCmdFlagNoColor     = "Disable colors in output"
-	RootCmdFlagCachePath   = "Specify the location of the Zarf cache directory"
-	RootCmdFlagTempDir     = "Specify the temporary directory to use for intermediate files"
-	RootCmdFlagInsecure    = "Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture."
+	RootCmdFlagLogLevel      = "Log level when running Zarf. Valid options are: warn, info, debug, trace"
+	RootCmdFlagArch          = "Architecture for OCI images and Zarf packages"
+	RootCmdFlagSkipLogFile   = "Disable log file creation"
+	RootCmdFlagNoProgress    = "Disable fancy UI progress bars, spinners, logos, etc"
+	RootCmdFlagNoColor       = "Disable colors in output"
+	RootCmdFlagCachePath     = "Specify the location of the Zarf cache directory"
+	RootCmdFlagTempDir       = "Specify the temporary directory to use for intermediate files"
+	RootCmdFlagInsecure      = "Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture."
+	RootCmdFlagHttpOnly      = "Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture."
+	RootCmdFlagSkipVerifyTLS = "Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture."
 
 	RootCmdDeprecatedDeploy = "Deprecated: Please use \"zarf package deploy %s\" to deploy this package.  This warning will be removed in Zarf v1.0.0."
 	RootCmdDeprecatedCreate = "Deprecated: Please use \"zarf package create\" to create this package.  This warning will be removed in Zarf v1.0.0."
diff --git a/src/internal/packager/helm/chart.go b/src/internal/packager/helm/chart.go
index daf59902e5..477a5432dc 100644
--- a/src/internal/packager/helm/chart.go
+++ b/src/internal/packager/helm/chart.go
@@ -143,7 +143,7 @@ func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues
 	client.IncludeCRDs = true
 	// TODO: Further research this with regular/OCI charts
 	client.Verify = false
-	client.InsecureSkipTLSverify = config.CommonOptions.Insecure
+	client.InsecureSkipTLSverify = config.SkipVerifyTLS()
 	if h.kubeVersion != "" {
 		parsedKubeVersion, err := chartutil.ParseKubeVersion(h.kubeVersion)
 		if err != nil {
diff --git a/src/internal/packager/helm/repo.go b/src/internal/packager/helm/repo.go
index 24f3a7f4b0..b1a2910130 100644
--- a/src/internal/packager/helm/repo.go
+++ b/src/internal/packager/helm/repo.go
@@ -197,7 +197,7 @@ func (h *Helm) DownloadPublishedChart(ctx context.Context, cosignKeyPath string)
 		Verify:  downloader.VerifyNever,
 		Getters: getter.All(pull.Settings),
 		Options: []getter.Option{
-			getter.WithInsecureSkipVerifyTLS(config.CommonOptions.Insecure),
+			getter.WithInsecureSkipVerifyTLS(config.SkipVerifyTLS()),
 			getter.WithBasicAuth(username, password),
 		},
 	}
diff --git a/src/internal/packager/images/common.go b/src/internal/packager/images/common.go
index 3e2ad406ff..e9e6306318 100644
--- a/src/internal/packager/images/common.go
+++ b/src/internal/packager/images/common.go
@@ -50,9 +50,9 @@ type PushConfig struct {
 func NoopOpt(*crane.Options) {}
 
 // WithGlobalInsecureFlag returns an option for crane that configures insecure
-// based upon Zarf's global --insecure flag.
+// based upon Zarf's global --tls-skip-verify (and --insecure) flags.
 func WithGlobalInsecureFlag() []crane.Option {
-	if config.CommonOptions.Insecure {
+	if config.SkipVerifyTLS() {
 		return []crane.Option{crane.Insecure}
 	}
 	// passing a nil option will cause panic
@@ -103,7 +103,7 @@ func createPushOpts(cfg PushConfig, pb *message.ProgressBar) []crane.Option {
 	opts = append(opts, WithPushAuth(cfg.RegInfo))
 
 	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig.InsecureSkipVerify = config.CommonOptions.Insecure
+	transport.TLSClientConfig.InsecureSkipVerify = config.SkipVerifyTLS()
 	// TODO (@WSTARR) This is set to match the TLSHandshakeTimeout to potentially mitigate effects of https://github.com/zarf-dev/zarf/issues/1444
 	transport.ResponseHeaderTimeout = 10 * time.Second
 
diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go
index 847a22003e..3cb300ba60 100644
--- a/src/pkg/packager/creator/normal.go
+++ b/src/pkg/packager/creator/normal.go
@@ -281,14 +281,17 @@ func (pc *PackageCreator) Output(ctx context.Context, dst *layout.PackagePaths,
 			return fmt.Errorf("unable to publish package: %w", err)
 		}
 		message.HorizontalRule()
-		flags := ""
-		if config.CommonOptions.Insecure {
-			flags = "--insecure"
+		flags := []string{}
+		if config.HttpOnly() {
+			flags = append(flags, "--http-only")
+		}
+		if config.SkipVerifyTLS() {
+			flags = append(flags, "--tls-skip-verify")
 		}
 		message.Title("To inspect/deploy/pull:", "")
-		message.ZarfCommand("package inspect %s %s", helpers.OCIURLPrefix+remote.Repo().Reference.String(), flags)
-		message.ZarfCommand("package deploy %s %s", helpers.OCIURLPrefix+remote.Repo().Reference.String(), flags)
-		message.ZarfCommand("package pull %s %s", helpers.OCIURLPrefix+remote.Repo().Reference.String(), flags)
+		message.ZarfCommand("package inspect %s %s", helpers.OCIURLPrefix+remote.Repo().Reference.String(), strings.Join(flags, " "))
+		message.ZarfCommand("package deploy %s %s", helpers.OCIURLPrefix+remote.Repo().Reference.String(), strings.Join(flags, " "))
+		message.ZarfCommand("package pull %s %s", helpers.OCIURLPrefix+remote.Repo().Reference.String(), strings.Join(flags, " "))
 	} else {
 		// Use the output path if the user specified it.
 		packageName := fmt.Sprintf("%s%s", sources.NameFromMetadata(pkg, pc.createOpts.IsSkeleton), sources.PkgSuffix(pkg.Metadata.Uncompressed))
diff --git a/src/pkg/zoci/common.go b/src/pkg/zoci/common.go
index 41cf415d1b..5523aef95c 100644
--- a/src/pkg/zoci/common.go
+++ b/src/pkg/zoci/common.go
@@ -32,8 +32,8 @@ type Remote struct {
 func NewRemote(url string, platform ocispec.Platform, mods ...oci.Modifier) (*Remote, error) {
 	logger := slog.New(message.ZarfHandler{})
 	modifiers := append([]oci.Modifier{
-		oci.WithPlainHTTP(config.CommonOptions.Insecure),
-		oci.WithInsecureSkipVerify(config.CommonOptions.Insecure),
+		oci.WithPlainHTTP(config.HttpOnly()),
+		oci.WithInsecureSkipVerify(config.SkipVerifyTLS()),
 		oci.WithLogger(logger),
 		oci.WithUserAgent("zarf/" + config.CLIVersion),
 	}, mods...)
diff --git a/src/types/runtime.go b/src/types/runtime.go
index 0faed8c9e6..65106d7eb5 100644
--- a/src/types/runtime.go
+++ b/src/types/runtime.go
@@ -12,12 +12,16 @@ import (
 type ZarfCommonOptions struct {
 	// Verify that Zarf should perform an action
 	Confirm bool
+	// Force connections to be over http instead of https
+	HttpOnly bool
 	// Allow insecure connections for remote packages
 	Insecure bool
 	// Path to use to cache images and git repos on package create
 	CachePath string
 	// Location Zarf should use as a staging ground when managing files and images for package creation and deployment
 	TempDirectory string
+	// Disable checking the server TLS certificate for validity.
+	SkipVerifyTLS bool
 	// Number of concurrent layer operations to perform when interacting with a remote package
 	OCIConcurrency int
 }