clientv3: fix --insecure-skip-tls-verify not working when not specify --cert-path and --key-path

Fixes 14315

Signed-off-by: QianChenglong <qian_cheng_long@163.com>

client/v3/config.go

@@ -19,9 +19,10 @@ import (
 	"crypto/tls"
 	"time"
 
-	"go.etcd.io/etcd/client/pkg/v3/transport"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
+
+	"go.etcd.io/etcd/client/pkg/v3/transport"
 )
 
 type Config struct {
@@ -175,8 +176,11 @@ func newTLSConfig(scfg *SecureConfig, lg *zap.Logger) (*tls.Config, error) {
 
 	// If the user wants to skip TLS verification then we should set
 	// the InsecureSkipVerify flag in tls configuration.
-	if tlsCfg != nil && scfg.InsecureSkipVerify {
-		tlsCfg.InsecureSkipVerify = true
+	if scfg.InsecureSkipVerify {
+		if tlsCfg == nil {
+			tlsCfg = &tls.Config{}
+		}
+		tlsCfg.InsecureSkipVerify = scfg.InsecureSkipVerify
 	}
 
 	return tlsCfg, nil

client/v3/config_test.go

@@ -20,9 +20,10 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"go.uber.org/zap"
+
 	"go.etcd.io/etcd/client/pkg/v3/logutil"
 	"go.etcd.io/etcd/client/pkg/v3/transport"
-	"go.uber.org/zap"
 )
 
 func TestNewClientConfig(t *testing.T) {
@@ -108,6 +109,28 @@ func TestNewClientConfig(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "insecure transport and skip TLS verification",
+			spec: ConfigSpec{
+				Endpoints:        []string{"http://192.168.0.13:2379"},
+				DialTimeout:      1 * time.Second,
+				KeepAliveTime:    3 * time.Second,
+				KeepAliveTimeout: 5 * time.Second,
+				Secure: &SecureConfig{
+					InsecureTransport:  true,
+					InsecureSkipVerify: true,
+				},
+			},
+			expectedConf: Config{
+				Endpoints:            []string{"http://192.168.0.13:2379"},
+				DialTimeout:          1 * time.Second,
+				DialKeepAliveTime:    3 * time.Second,
+				DialKeepAliveTimeout: 5 * time.Second,
+				TLS: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+			},
+		},
 	}
 
 	for _, tc := range cases {