handle untrusted https certificates with github enterprise

[farmboy-dev]

info by @gabor : add ways to handle the case where the https certificate of the github instance is not trusted by the server running grafana.. the two options are:

• add support for a custom ca certificate
• add support for insecure-skip-verify

---

Post "https://corp github url/api/graphql": x509: certificate signed by unknown authority

Hello, I'm trying to use this plugin for github enterprise server, but I'm getting the above error.
I can access the graphql api server using postman, vscode, grafana graphql plugin.

Thank you

[farmboy-dev]

google/go-github#1439
I'm not sure, but I think my problem is related to the above issue.

[farmboy-dev]

+Update
I added some code to turn off tls verification.
now I keep getting this error, and still can't do health check as well.

it's my first time to use go to figure this problem out, so is there any guide?
I updated code in https://github.com/grafana/github-datasource/blob/main/pkg/github/datasource.go

func NewDatasource(ctx context.Context, settings models.Settings) *Datasource {
	src := oauth2.StaticTokenSource(
		&oauth2.Token{AccessToken: settings.AccessToken},
	)
        httpTransport := &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}
	httpClientTransport := &http.Client{Transport: httpTransport}
        ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClientTransport)
	httpClient := oauth2.NewClient(ctx, src)

	if settings.GithubURL == "" {
		return &Datasource{
			client: githubv4.NewClient(httpClient),
		}
	}

	return &Datasource{
		client: githubv4.NewEnterpriseClient(fmt.Sprintf("%s/api/graphql", settings.GithubURL), httpClient),
	}
}

[kajal1310]

Has anybody found a solution yet? We are also stuck here. Is there any way we can have insecure skip verify flag while setting up data source itself ?

[gabor]

hi, right now there's no way to disable tls-verification i'll update this issue to be a feature-request.

in the meantime, as a workaround, i recommend making the server running grafana trust the https certificate of the github-enterprise-install (this probably involves adding certificates to the server operating system's certificate store).