From 7dec4c412c90876d7e510bf304deaecd04e1cb73 Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <h.mitake@gmail.com>
Date: Mon, 29 Jun 2020 23:37:04 +0900
Subject: [PATCH] etcdmain: let grpc proxy warn about insecure-skip-tls-verify

---
 etcdmain/grpc_proxy.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etcdmain/grpc_proxy.go b/etcdmain/grpc_proxy.go
index b818d0510..244fae74a 100644
--- a/etcdmain/grpc_proxy.go
+++ b/etcdmain/grpc_proxy.go
@@ -286,6 +286,9 @@ func newClientCfg(lg *zap.Logger, eps []string) (*clientv3.Config, error) {
 			return nil, err
 		}
 		clientTLS.InsecureSkipVerify = grpcProxyInsecureSkipTLSVerify
+		if clientTLS.InsecureSkipVerify {
+			lg.Warn("--insecure-skip-tls-verify was given, this grpc proxy process skips authentication of etcd server TLS certificates. This option should be enabled only for testing purposes.")
+		}
 		cfg.TLS = clientTLS
 		lg.Info("gRPC proxy client TLS", zap.String("tls-info", fmt.Sprintf("%+v", tls)))
 	}