/
client.go
98 lines (89 loc) · 2.53 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package clients
import (
"fmt"
"net/http"
"os"
"time"
"github.com/gophercloud/gophercloud"
"github.com/gophercloud/gophercloud/openstack/baremetal/httpbasic"
"github.com/gophercloud/gophercloud/openstack/baremetal/noauth"
"go.etcd.io/etcd/client/pkg/v3/transport"
)
var tlsConnectionTimeout = time.Second * 30
// TLSConfig contains the TLS configuration for the Ironic connection.
// Using Go default values for this will result in no additional trusted
// CA certificates and a secure connection.
// When specifying Certificate and Private key, TLS connection will use
// client certificate authentication.
type TLSConfig struct {
TrustedCAFile string
ClientCertificateFile string
ClientPrivateKeyFile string
InsecureSkipVerify bool
SkipClientSANVerify bool
}
func updateHTTPClient(client *gophercloud.ServiceClient, tlsConf TLSConfig) error {
tlsInfo := transport.TLSInfo{
TrustedCAFile: tlsConf.TrustedCAFile,
CertFile: tlsConf.ClientCertificateFile,
KeyFile: tlsConf.ClientPrivateKeyFile,
InsecureSkipVerify: tlsConf.InsecureSkipVerify,
SkipClientSANVerify: tlsConf.SkipClientSANVerify,
}
if _, err := os.Stat(tlsConf.TrustedCAFile); err != nil {
if os.IsNotExist(err) {
tlsInfo.TrustedCAFile = ""
} else {
return err
}
}
if _, err := os.Stat(tlsConf.ClientCertificateFile); err != nil {
if os.IsNotExist(err) {
tlsInfo.CertFile = ""
} else {
return err
}
}
if _, err := os.Stat(tlsConf.ClientPrivateKeyFile); err != nil {
if os.IsNotExist(err) {
tlsInfo.KeyFile = ""
} else {
return err
}
}
if tlsInfo.CertFile != "" && tlsInfo.KeyFile != "" {
tlsInfo.ClientCertAuth = true
}
tlsTransport, err := transport.NewTransport(tlsInfo, tlsConnectionTimeout)
if err != nil {
return err
}
c := http.Client{
Transport: tlsTransport,
}
client.HTTPClient = c
return nil
}
// IronicClient creates a client for Ironic
func IronicClient(ironicEndpoint string, auth AuthConfig, tls TLSConfig) (client *gophercloud.ServiceClient, err error) {
switch auth.Type {
case NoAuth:
client, err = noauth.NewBareMetalNoAuth(noauth.EndpointOpts{
IronicEndpoint: ironicEndpoint,
})
case HTTPBasicAuth:
client, err = httpbasic.NewBareMetalHTTPBasic(httpbasic.EndpointOpts{
IronicEndpoint: ironicEndpoint,
IronicUser: auth.Username,
IronicUserPassword: auth.Password,
})
default:
err = fmt.Errorf("Unknown auth type %s", auth.Type)
}
if err != nil {
return
}
client.Microversion = baseline
err = updateHTTPClient(client, tls)
return
}