add discovery related flag due to the comments

etcdctl/ctlv3/command/ep_command.go

@@ -83,9 +83,10 @@ func epHealthCommandFunc(cmd *cobra.Command, args []string) {
 	sec := secureCfgFromCmd(cmd)
 	dt := dialTimeoutFromCmd(cmd)
 	auth := authCfgFromCmd(cmd)
+	discovery := discoveryCfgFromCmd(cmd)
 	cfgs := []*v3.Config{}
 	for _, ep := range endpointsFromCluster(cmd) {
-		cfg, err := newClientCfg([]string{ep}, dt, sec, auth)
+		cfg, err := newClientCfg([]string{ep}, dt, sec, auth, discovery)
 		if err != nil {
 			ExitWithError(ExitBadArgs, err)
 		}

etcdctl/ctlv3/command/global.go

@@ -17,6 +17,7 @@ package command
 import (
 	"crypto/tls"
 	"errors"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
@@ -25,6 +26,7 @@ import (
 	"time"
 
 	"github.com/bgentry/speakeasy"
+	"github.com/coreos/etcd/client"
 	"github.com/coreos/etcd/clientv3"
 	"github.com/coreos/etcd/pkg/flags"
 	"github.com/coreos/etcd/pkg/transport"
@@ -36,6 +38,7 @@ import (
 type GlobalFlags struct {
 	Insecure           bool
 	InsecureSkipVerify bool
+	InsecureDiscovery  bool
 	Endpoints          []string
 	DialTimeout        time.Duration
 	CommandTimeOut     time.Duration
@@ -51,10 +54,10 @@ type GlobalFlags struct {
 }
 
 type secureCfg struct {
-	cert               string
-	key                string
-	cacert             string
-	serverName         string
+	cert   string
+	key    string
+	cacert string
+
 	insecureTransport  bool
 	insecureSkipVerify bool
 }
@@ -64,6 +67,11 @@ type authCfg struct {
 	password string
 }
 
+type discoveryCfg struct {
+	domainStr string
+	insecure  bool
+}
+
 var display printer = &simplePrinter{}
 
 func initDisplayFromCmd(cmd *cobra.Command) {
@@ -91,21 +99,22 @@ func mustClientFromCmd(cmd *cobra.Command) *clientv3.Client {
 		clientv3.SetLogger(log.New(os.Stderr, "grpc: ", 0))
 	}
 
-	endpoints, err := cmd.Flags().GetStringSlice("endpoints")
+	endpoints, err := getEndpointsFromCmd(cmd)
 	if err != nil {
 		ExitWithError(ExitError, err)
 	}
 	dialTimeout := dialTimeoutFromCmd(cmd)
 	sec := secureCfgFromCmd(cmd)
 	auth := authCfgFromCmd(cmd)
+	discovery := discoveryCfgFromCmd(cmd)
 
 	initDisplayFromCmd(cmd)
 
-	return mustClient(endpoints, dialTimeout, sec, auth)
+	return mustClient(endpoints, dialTimeout, sec, auth, discovery)
 }
 
-func mustClient(endpoints []string, dialTimeout time.Duration, scfg *secureCfg, acfg *authCfg) *clientv3.Client {
-	cfg, err := newClientCfg(endpoints, dialTimeout, scfg, acfg)
+func mustClient(endpoints []string, dialTimeout time.Duration, scfg *secureCfg, acfg *authCfg, dcfg *discoveryCfg) *clientv3.Client {
+	cfg, err := newClientCfg(endpoints, dialTimeout, scfg, acfg, dcfg)
 	if err != nil {
 		ExitWithError(ExitBadArgs, err)
 	}
@@ -118,7 +127,7 @@ func mustClient(endpoints []string, dialTimeout time.Duration, scfg *secureCfg,
 	return client
 }
 
-func newClientCfg(endpoints []string, dialTimeout time.Duration, scfg *secureCfg, acfg *authCfg) (*clientv3.Config, error) {
+func newClientCfg(endpoints []string, dialTimeout time.Duration, scfg *secureCfg, acfg *authCfg, dcfg *discoveryCfg) (*clientv3.Config, error) {
 	// set tls if any one tls option set
 	var cfgtls *transport.TLSInfo
 	tlsinfo := transport.TLSInfo{}
@@ -137,8 +146,12 @@ func newClientCfg(endpoints []string, dialTimeout time.Duration, scfg *secureCfg
 		cfgtls = &tlsinfo
 	}
 
-	if scfg.serverName != "" {
-		tlsinfo.ServerName = scfg.serverName
+	if dcfg.insecure {
+		dcfg.domainStr = ""
+	}
+
+	if dcfg.domainStr != "" {
+		tlsinfo.ServerName = dcfg.domainStr
 		cfgtls = &tlsinfo
 	}
 
@@ -194,15 +207,14 @@ func dialTimeoutFromCmd(cmd *cobra.Command) time.Duration {
 }
 
 func secureCfgFromCmd(cmd *cobra.Command) *secureCfg {
-	cert, key, cacert, serverName := keyAndCertFromCmd(cmd)
+	cert, key, cacert := keyAndCertFromCmd(cmd)
 	insecureTr := insecureTransportFromCmd(cmd)
 	skipVerify := insecureSkipVerifyFromCmd(cmd)
 
 	return &secureCfg{
-		cert:       cert,
-		key:        key,
-		cacert:     cacert,
-		serverName: serverName,
+		cert:   cert,
+		key:    key,
+		cacert: cacert,
 
 		insecureTransport:  insecureTr,
 		insecureSkipVerify: skipVerify,
@@ -225,7 +237,7 @@ func insecureSkipVerifyFromCmd(cmd *cobra.Command) bool {
 	return skipVerify
 }
 
-func keyAndCertFromCmd(cmd *cobra.Command) (cert, key, cacert, serverName string) {
+func keyAndCertFromCmd(cmd *cobra.Command) (cert, key, cacert string) {
 	var err error
 	if cert, err = cmd.Flags().GetString("cert"); err != nil {
 		ExitWithError(ExitBadArgs, err)
@@ -245,14 +257,7 @@ func keyAndCertFromCmd(cmd *cobra.Command) (cert, key, cacert, serverName string
 		ExitWithError(ExitBadArgs, errors.New("empty string is passed to --cacert option"))
 	}
 
-	// TODO: reconstruct the duplicated code
-	if serverName, err = cmd.Flags().GetString("discovery-srv"); err != nil {
-		ExitWithError(ExitBadArgs, err)
-	} else if serverName == "" && cmd.Flags().Changed("discovery-srv") {
-		ExitWithError(ExitBadArgs, errors.New("empty string is passed to --discovery-srv option"))
-	}
-
-	return cert, key, cacert, serverName
+	return cert, key, cacert
 }
 
 func authCfgFromCmd(cmd *cobra.Command) *authCfg {
@@ -281,3 +286,68 @@ func authCfgFromCmd(cmd *cobra.Command) *authCfg {
 
 	return &cfg
 }
+
+func insecureDiscoveryFromCmd(cmd *cobra.Command) bool {
+	discovery, err := cmd.Flags().GetBool("insecure-discovery")
+	if err != nil {
+		ExitWithError(ExitError, err)
+	}
+	return discovery
+}
+
+func discoveryCfgFromCmd(cmd *cobra.Command) *discoveryCfg {
+	var err error
+	var domainStr string
+	if domainStr, err = cmd.Flags().GetString("discovery-srv"); err != nil {
+		ExitWithError(ExitBadArgs, err)
+	} else if domainStr == "" && cmd.Flags().Changed("discovery-srv") {
+		ExitWithError(ExitBadArgs, errors.New("empty string is passed to --discovery-srv option"))
+	}
+	cfg := discoveryCfg{
+		domainStr: domainStr,
+		insecure:  insecureDiscoveryFromCmd(cmd),
+	}
+	return &cfg
+}
+
+func getEndpointsFromCmd(cmd *cobra.Command) ([]string, error) {
+	eps, err := getEndpointsFromFlagValue(cmd)
+	if err != nil {
+		return nil, err
+	}
+
+	// If domain discovery returns no endpoints, check endpoints flag
+	if len(eps) == 0 {
+		eps, err = cmd.Flags().GetStringSlice("endpoints")
+	}
+
+	return eps, err
+}
+
+func getEndpointsFromFlagValue(cmd *cobra.Command) ([]string, error) {
+	discoveryCfg := discoveryCfgFromCmd(cmd)
+
+	// If we still don't have domain discovery, return nothing
+	if discoveryCfg.domainStr == "" {
+		return []string{}, nil
+	}
+
+	discoverer := client.NewSRVDiscover()
+	eps, err := discoverer.Discover(discoveryCfg.domainStr)
+	if err != nil {
+		return nil, err
+	}
+	if discoveryCfg.insecure {
+		return eps, err
+	}
+	// strip insecure connections
+	ret := []string{}
+	for _, ep := range eps {
+		if strings.HasPrefix("http://", ep) {
+			fmt.Fprintf(os.Stderr, "ignoring discovered insecure endpoint %q\n", ep)
+			continue
+		}
+		ret = append(ret, ep)
+	}
+	return ret, err
+}

etcdctl/ctlv3/command/make_mirror_command.go

@@ -71,8 +71,9 @@ func makeMirrorCommandFunc(cmd *cobra.Command, args []string) {
 		cacert:            mmcacert,
 		insecureTransport: mminsecureTr,
 	}
+	discovery := discoveryCfgFromCmd(cmd)
 
-	dc := mustClient([]string{args[0]}, dialTimeout, sec, nil)
+	dc := mustClient([]string{args[0]}, dialTimeout, sec, nil, discovery)
 	c := mustClientFromCmd(cmd)
 
 	err := makeMirror(context.TODO(), c, dc)

etcdctl/ctlv3/ctl.go

@@ -54,12 +54,13 @@ func init() {
 
 	// TODO: secure by default when etcd enables secure gRPC by default.
 	rootCmd.PersistentFlags().BoolVar(&globalFlags.Insecure, "insecure-transport", true, "disable transport security for client connections")
+	rootCmd.PersistentFlags().BoolVar(&globalFlags.InsecureDiscovery, "insecure-discovery", true, "accept insecure SRV records describing cluster endpoints")
 	rootCmd.PersistentFlags().BoolVar(&globalFlags.InsecureSkipVerify, "insecure-skip-tls-verify", false, "skip server certificate verification")
 	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.CertFile, "cert", "", "identify secure client using this TLS certificate file")
 	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.KeyFile, "key", "", "identify secure client using this TLS key file")
 	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.CAFile, "cacert", "", "verify certificates of TLS-enabled secure servers using this CA bundle")
 	rootCmd.PersistentFlags().StringVar(&globalFlags.User, "user", "", "username[:password] for authentication (prompt if password is not supplied)")
-	rootCmd.PersistentFlags().StringVar(&globalFlags.TLS.ServerName, "discovery-srv", "", "domain name to query for SRV records describing cluster endpoints")
+	rootCmd.PersistentFlags().StringVarP(&globalFlags.TLS.ServerName, "discovery-srv", "d", "", "domain name to query for SRV records describing cluster endpoints")
 
 	rootCmd.AddCommand(
 		command.NewGetCommand(),