/
client.go
54 lines (45 loc) · 1.48 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package schema
import (
"crypto/tls"
"net"
"strings"
"connectrpc.com/connect"
"github.com/common-fate/sdk/config"
"github.com/common-fate/sdk/gen/commonfate/authz/v1alpha1/authzv1alpha1connect"
"golang.org/x/net/http2"
"golang.org/x/oauth2"
)
type Opts struct {
HTTPClient connect.HTTPClient
BaseURL string
ClientOptions []connect.ClientOption
}
func NewClient(opts Opts) authzv1alpha1connect.SchemaServiceClient {
// client uses GRPC by default as the authz service does not support Buf Connect.
connectOpts := []connect.ClientOption{connect.WithGRPC()}
connectOpts = append(connectOpts, opts.ClientOptions...)
return authzv1alpha1connect.NewSchemaServiceClient(opts.HTTPClient, opts.BaseURL, connectOpts...)
}
func NewFromConfig(cfg *config.Context) authzv1alpha1connect.SchemaServiceClient {
url := cfg.AuthzURL
if url == "" {
url = cfg.APIURL
}
connectOpts := []connect.ClientOption{connect.WithGRPC()}
// dereference the client to avoid mutating it for all services
// that share the config (this can cause HTTP2 issues in local dev)
httpclient := *cfg.HTTPClient
if strings.HasPrefix(url, "http://") {
httpclient.Transport = &oauth2.Transport{
Source: cfg.TokenSource,
Base: insecureTransport,
}
}
return authzv1alpha1connect.NewSchemaServiceClient(&httpclient, url, connectOpts...)
}
var insecureTransport = &http2.Transport{
AllowHTTP: true,
DialTLS: func(network, addr string, _ *tls.Config) (net.Conn, error) {
return net.Dial(network, addr)
},
}