-
Notifications
You must be signed in to change notification settings - Fork 5.4k
/
clientset.go
90 lines (78 loc) · 2.91 KB
/
clientset.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package apiclient
import (
"crypto/tls"
"crypto/x509"
"time"
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry"
log "github.com/sirupsen/logrus"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
argogrpc "github.com/argoproj/argo-cd/v2/util/grpc"
"github.com/argoproj/argo-cd/v2/util/io"
)
const (
// MaxGRPCMessageSize contains max grpc message size
MaxGRPCMessageSize = 100 * 1024 * 1024
)
// TLSConfiguration describes parameters for TLS configuration to be used by a repo server API client
type TLSConfiguration struct {
// Whether to disable TLS for connections
DisableTLS bool
// Whether to enforce strict validation of TLS certificates
StrictValidation bool
// List of certificates to validate the peer against (if StrictCerts is true)
Certificates *x509.CertPool
}
// Clientset represents repository server api clients
type Clientset interface {
NewRepoServerClient() (io.Closer, RepoServerServiceClient, error)
}
type clientSet struct {
address string
timeoutSeconds int
tlsConfig TLSConfiguration
}
func (c *clientSet) NewRepoServerClient() (io.Closer, RepoServerServiceClient, error) {
conn, err := NewConnection(c.address, c.timeoutSeconds, &c.tlsConfig)
if err != nil {
return nil, nil, err
}
return conn, NewRepoServerServiceClient(conn), nil
}
func NewConnection(address string, timeoutSeconds int, tlsConfig *TLSConfiguration) (*grpc.ClientConn, error) {
retryOpts := []grpc_retry.CallOption{
grpc_retry.WithMax(3),
grpc_retry.WithBackoff(grpc_retry.BackoffLinear(1000 * time.Millisecond)),
}
unaryInterceptors := []grpc.UnaryClientInterceptor{grpc_retry.UnaryClientInterceptor(retryOpts...)}
if timeoutSeconds > 0 {
unaryInterceptors = append(unaryInterceptors, argogrpc.WithTimeout(time.Duration(timeoutSeconds)*time.Second))
}
opts := []grpc.DialOption{
grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)),
grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(unaryInterceptors...)),
grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize)),
}
tlsC := &tls.Config{}
if !tlsConfig.DisableTLS {
if !tlsConfig.StrictValidation {
tlsC.InsecureSkipVerify = true
} else {
tlsC.RootCAs = tlsConfig.Certificates
}
opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(tlsC)))
} else {
opts = append(opts, grpc.WithInsecure())
}
conn, err := grpc.Dial(address, opts...)
if err != nil {
log.Errorf("Unable to connect to repository service with address %s", address)
return nil, err
}
return conn, nil
}
// NewRepoServerClientset creates new instance of repo server Clientset
func NewRepoServerClientset(address string, timeoutSeconds int, tlsConfig TLSConfiguration) Clientset {
return &clientSet{address: address, timeoutSeconds: timeoutSeconds, tlsConfig: tlsConfig}
}