forked from canonical/lxd
/
util.go
187 lines (151 loc) · 4.13 KB
/
util.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
package lxd
import (
"crypto/tls"
"fmt"
"net"
"net/http"
"net/url"
"os"
"strings"
"github.com/lxc/lxd/shared"
)
func tlsHTTPClient(client *http.Client, tlsClientCert string, tlsClientKey string, tlsCA string, tlsServerCert string, insecureSkipVerify bool, proxy func(req *http.Request) (*url.URL, error)) (*http.Client, error) {
// Get the TLS configuration
tlsConfig, err := shared.GetTLSConfigMem(tlsClientCert, tlsClientKey, tlsCA, tlsServerCert, insecureSkipVerify)
if err != nil {
return nil, err
}
// Support disabling of strict ciphers
if shared.IsTrue(os.Getenv("LXD_INSECURE_TLS")) {
tlsConfig.CipherSuites = nil
}
// Define the http transport
transport := &http.Transport{
TLSClientConfig: tlsConfig,
Dial: shared.RFC3493Dialer,
Proxy: shared.ProxyFromEnvironment,
DisableKeepAlives: true,
}
// Allow overriding the proxy
if proxy != nil {
transport.Proxy = proxy
}
// Special TLS handling
transport.DialTLS = func(network string, addr string) (net.Conn, error) {
tlsDial := func(network string, addr string, config *tls.Config, resetName bool) (net.Conn, error) {
// TCP connection
conn, err := transport.Dial(network, addr)
if err != nil {
return nil, err
}
// Setup TLS
if resetName {
hostName, _, err := net.SplitHostPort(addr)
if err != nil {
hostName = addr
}
config = config.Clone()
config.ServerName = hostName
}
tlsConn := tls.Client(conn, config)
// Validate the connection
err = tlsConn.Handshake()
if err != nil {
conn.Close()
return nil, err
}
if !config.InsecureSkipVerify {
err := tlsConn.VerifyHostname(config.ServerName)
if err != nil {
conn.Close()
return nil, err
}
}
return tlsConn, nil
}
conn, err := tlsDial(network, addr, transport.TLSClientConfig, false)
if err != nil {
// We may have gotten redirected to a non-LXD machine
return tlsDial(network, addr, transport.TLSClientConfig, true)
}
return conn, nil
}
// Define the http client
if client == nil {
client = &http.Client{}
}
client.Transport = transport
// Setup redirect policy
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
// Replicate the headers
req.Header = via[len(via)-1].Header
return nil
}
return client, nil
}
func unixHTTPClient(client *http.Client, path string) (*http.Client, error) {
// Setup a Unix socket dialer
unixDial := func(network, addr string) (net.Conn, error) {
raddr, err := net.ResolveUnixAddr("unix", path)
if err != nil {
return nil, err
}
return net.DialUnix("unix", nil, raddr)
}
// Define the http transport
transport := &http.Transport{
Dial: unixDial,
DisableKeepAlives: true,
}
// Define the http client
if client == nil {
client = &http.Client{}
}
client.Transport = transport
// Setup redirect policy
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
// Replicate the headers
req.Header = via[len(via)-1].Header
return nil
}
return client, nil
}
// remoteOperationResult used for storing the error that occurred for a particular remote URL.
type remoteOperationResult struct {
URL string
Error error
}
func remoteOperationError(msg string, errors []remoteOperationResult) error {
// Check if empty
if len(errors) == 0 {
return nil
}
// Check if all identical
var err error
for _, entry := range errors {
if err != nil && entry.Error.Error() != err.Error() {
errorStrs := make([]string, 0, len(errors))
for _, error := range errors {
errorStrs = append(errorStrs, fmt.Sprintf("%s: %v", error.URL, error.Error))
}
return fmt.Errorf("%s:\n - %s", msg, strings.Join(errorStrs, "\n - "))
}
err = entry.Error
}
// Check if successful
if err != nil {
return fmt.Errorf("%s: %s", msg, err)
}
return nil
}
// Set the value of a query parameter in the given URI.
func setQueryParam(uri, param, value string) (string, error) {
fields, err := url.Parse(uri)
if err != nil {
return "", err
}
values := fields.Query()
values.Set(param, url.QueryEscape(value))
fields.RawQuery = values.Encode()
return fields.String(), nil
}