From 9f6c22475d8f39d60dbb84c0a7d509872fde40c9 Mon Sep 17 00:00:00 2001
From: Vadym Popov <vadym.popov@goteleport.com>
Date: Fri, 25 Oct 2024 14:59:42 -0400
Subject: [PATCH] Reuse insecure flag for tests

---
 integration/autoupdate/tools/updater/main.go |  2 +-
 lib/autoupdate/tools/updater.go              |  3 ++-
 lib/client/api.go                            |  2 +-
 tool/tsh/common/tsh.go                       | 12 ++++++------
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/integration/autoupdate/tools/updater/main.go b/integration/autoupdate/tools/updater/main.go
index cf5e2807af0de..775c7ab7b2e9d 100644
--- a/integration/autoupdate/tools/updater/main.go
+++ b/integration/autoupdate/tools/updater/main.go
@@ -38,7 +38,7 @@ var (
 )
 
 func main() {
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 	ctx, _ = signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGTERM)
 
diff --git a/lib/autoupdate/tools/updater.go b/lib/autoupdate/tools/updater.go
index 95112058094b7..9943900b2e1e8 100644
--- a/lib/autoupdate/tools/updater.go
+++ b/lib/autoupdate/tools/updater.go
@@ -151,7 +151,7 @@ func (u *Updater) CheckLocal() (version string, reExec bool, err error) {
 // the `webapi/find` handler, which stores information about the required client tools version to
 // operate with this cluster. It returns the semantic version that needs updating and whether
 // re-execution is necessary, by re-execution flag we understand that update and re-execute is required.
-func (u *Updater) CheckRemote(ctx context.Context, proxyAddr string) (version string, reExec bool, err error) {
+func (u *Updater) CheckRemote(ctx context.Context, proxyAddr string, insecure bool) (version string, reExec bool, err error) {
 	// Check if the user has requested a specific version of client tools.
 	requestedVersion := os.Getenv(teleportToolsVersionEnv)
 	switch requestedVersion {
@@ -179,6 +179,7 @@ func (u *Updater) CheckRemote(ctx context.Context, proxyAddr string) (version st
 		ProxyAddr: proxyAddr,
 		Pool:      certPool,
 		Timeout:   30 * time.Second,
+		Insecure:  insecure,
 	})
 	if err != nil {
 		return "", false, trace.Wrap(err)
diff --git a/lib/client/api.go b/lib/client/api.go
index 6630870f93e43..88bbc3b06ee5f 100644
--- a/lib/client/api.go
+++ b/lib/client/api.go
@@ -711,7 +711,7 @@ func RetryWithRelogin(ctx context.Context, tc *TeleportClient, fn func() error,
 		return trace.Wrap(err)
 	}
 	updater := tools.NewUpdater(tools.DefaultClientTools(), toolsDir, teleport.Version)
-	toolsVersion, reExec, err := updater.CheckRemote(ctx, tc.WebProxyAddr)
+	toolsVersion, reExec, err := updater.CheckRemote(ctx, tc.WebProxyAddr, tc.InsecureSkipVerify)
 	if err != nil {
 		return trace.Wrap(err)
 	}
diff --git a/tool/tsh/common/tsh.go b/tool/tsh/common/tsh.go
index bf4c7d547fcc4..25413cc6fdc9d 100644
--- a/tool/tsh/common/tsh.go
+++ b/tool/tsh/common/tsh.go
@@ -1878,7 +1878,7 @@ func onLogin(cf *CLIConf) error {
 	// The user is not logged in and has typed in `tsh --proxy=... login`, if
 	// the running binary needs to be updated, update and re-exec.
 	if profile == nil {
-		if err := updateAndRun(cf.Context, tc.WebProxyAddr); err != nil {
+		if err := updateAndRun(cf.Context, tc.WebProxyAddr, tc.InsecureSkipVerify); err != nil {
 			return trace.Wrap(err)
 		}
 	}
@@ -1896,7 +1896,7 @@ func onLogin(cf *CLIConf) error {
 
 			// The user has typed `tsh login`, if the running binary needs to
 			// be updated, update and re-exec.
-			if err := updateAndRun(cf.Context, tc.WebProxyAddr); err != nil {
+			if err := updateAndRun(cf.Context, tc.WebProxyAddr, tc.InsecureSkipVerify); err != nil {
 				return trace.Wrap(err)
 			}
 
@@ -1916,7 +1916,7 @@ func onLogin(cf *CLIConf) error {
 
 			// The user has typed `tsh login`, if the running binary needs to
 			// be updated, update and re-exec.
-			if err := updateAndRun(cf.Context, tc.WebProxyAddr); err != nil {
+			if err := updateAndRun(cf.Context, tc.WebProxyAddr, tc.InsecureSkipVerify); err != nil {
 				return trace.Wrap(err)
 			}
 
@@ -1992,7 +1992,7 @@ func onLogin(cf *CLIConf) error {
 		default:
 			// The user is logged in and has typed in `tsh --proxy=... login`, if
 			// the running binary needs to be updated, update and re-exec.
-			if err := updateAndRun(context.Background(), tc.WebProxyAddr); err != nil {
+			if err := updateAndRun(context.Background(), tc.WebProxyAddr, tc.InsecureSkipVerify); err != nil {
 				return trace.Wrap(err)
 			}
 		}
@@ -5558,7 +5558,7 @@ const (
 		"https://goteleport.com/docs/access-controls/guides/headless/#troubleshooting"
 )
 
-func updateAndRun(ctx context.Context, proxy string) error {
+func updateAndRun(ctx context.Context, proxy string, insecure bool) error {
 	// The user has typed a command like `tsh ssh ...` without being logged in,
 	// if the running binary needs to be updated, update and re-exec.
 	//
@@ -5570,7 +5570,7 @@ func updateAndRun(ctx context.Context, proxy string) error {
 		return trace.Wrap(err)
 	}
 	updater := tools.NewUpdater(tools.DefaultClientTools(), toolsDir, teleport.Version)
-	toolsVersion, reExec, err := updater.CheckRemote(ctx, proxy)
+	toolsVersion, reExec, err := updater.CheckRemote(ctx, proxy, insecure)
 	if err != nil {
 		return trace.Wrap(err)
 	}