opentdf · jrschumacher · May 16, 2024 · May 16, 2024
@@ -158,16 +158,16 @@ func readBytesFromFile(filePath string) []byte {
 // instantiates a new handler with authentication via client credentials
 func NewHandler(cmd *cobra.Command) handlers.Handler {
 	platformEndpoint := cmd.Flag("host").Value.String()
-	insecure, err := cmd.Flags().GetBool("insecure")
+	tlsNoVerify, err := cmd.Flags().GetBool("tls-no-verify")
 	if err != nil {
-		cli.ExitWithError("Failed to get insecure flag", err)
+		cli.ExitWithError("Failed to get tls-no-verify flag", err)
 	}
 	// load client credentials from file, JSON, or OS keyring
 	creds, err := handlers.GetClientCreds(clientCredsFile, []byte(clientCredsJSON))
 	if err != nil {
 		cli.ExitWithError("Failed to get client credentials", err)
 	}
-	h, err := handlers.New(platformEndpoint, creds.ClientID, creds.ClientSecret, insecure)
+	h, err := handlers.New(platformEndpoint, creds.ClientID, creds.ClientSecret, tlsNoVerify)
 	if err != nil {
 		if errors.Is(err, handlers.ErrUnauthenticated) {
 			cli.ExitWithError(fmt.Sprintf("Not logged in. Please authenticate via CLI auth flow(s) before using command (%s %s)", cmd.Parent().Use, cmd.Use), err)

@@ -35,9 +35,9 @@ func init() {
 		doc.GetDocFlag("host").Description,
 	)
 	RootCmd.PersistentFlags().Bool(
-		doc.GetDocFlag("insecure").Name,
-		doc.GetDocFlag("insecure").DefaultAsBool(),
-		doc.GetDocFlag("insecure").Description,
+		doc.GetDocFlag("tls-no-verify").Name,
+		doc.GetDocFlag("tls-no-verify").DefaultAsBool(),
+		doc.GetDocFlag("tls-no-verify").Description,
 	)
 	RootCmd.PersistentFlags().String(
 		doc.GetDocFlag("log-level").Name,

@@ -8,8 +8,8 @@ command:
     - name: host
       description: host:port of the OpenTDF Platform gRPC server
       default: localhost:8080
-    - name: insecure
-      description: use insecure connection
+    - name: tls-no-verify
+      description: disable verification of the server's TLS certificate
       default: false
     - name: log-level
       description: log level

@@ -23,7 +23,7 @@ type Handler struct {
 }
 
 // Creates a new handler wrapping the SDK, which is authenticated through the cached client-credentials flow tokens
-func New(platformEndpoint, clientID, clientSecret string, insecure bool) (Handler, error) {
+func New(platformEndpoint, clientID, clientSecret string, tlsNoVerify bool) (Handler, error) {
 	scopes := []string{"email"}
 
 	opts := []sdk.Option{
@@ -49,12 +49,12 @@ func New(platformEndpoint, clientID, clientSecret string, insecure bool) (Handle
 		if platformURL.Port() == "" {
 			platformURL.Host += ":443"
 		}
+		if tlsNoVerify {
+			opts = append(opts, sdk.WithInsecureSkipVerifyConn())
+		}
 	default:
 		return Handler{}, errors.New("invalid scheme")
 	}
-	if insecure {
-		opts = append(opts, sdk.WithInsecureSkipVerifyConn())
-	}
 
 	sdk, err := sdk.New(platformURL.Host, opts...)
 	if err != nil {