...

Source file src/go.etcd.io/etcd/client/v3/yaml/config.go

Documentation: go.etcd.io/etcd/client/v3/yaml 

     1  // Copyright 2017 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package yaml handles yaml-formatted clientv3 configuration data.
    16  package yaml
    17  
    18  import (
    19  	"crypto/tls"
    20  	"crypto/x509"
    21  	"io/ioutil"
    22  
    23  	"sigs.k8s.io/yaml"
    24  
    25  	"go.etcd.io/etcd/client/pkg/v3/tlsutil"
    26  	"go.etcd.io/etcd/client/v3"
    27  )
    28  
    29  type yamlConfig struct {
    30  	clientv3.Config
    31  
    32  	InsecureTransport     bool   `json:"insecure-transport"`
    33  	InsecureSkipTLSVerify bool   `json:"insecure-skip-tls-verify"`
    34  	Certfile              string `json:"cert-file"`
    35  	Keyfile               string `json:"key-file"`
    36  	TrustedCAfile         string `json:"trusted-ca-file"`
    37  
    38  	// CAfile is being deprecated. Use 'TrustedCAfile' instead.
    39  	// TODO: deprecate this in v4
    40  	CAfile string `json:"ca-file"`
    41  }
    42  
    43  // NewConfig creates a new clientv3.Config from a yaml file.
    44  func NewConfig(fpath string) (*clientv3.Config, error) {
    45  	b, err := ioutil.ReadFile(fpath)
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  
    50  	yc := &yamlConfig{}
    51  
    52  	err = yaml.Unmarshal(b, yc)
    53  	if err != nil {
    54  		return nil, err
    55  	}
    56  
    57  	if yc.InsecureTransport {
    58  		return &yc.Config, nil
    59  	}
    60  
    61  	var (
    62  		cert *tls.Certificate
    63  		cp   *x509.CertPool
    64  	)
    65  
    66  	if yc.Certfile != "" && yc.Keyfile != "" {
    67  		cert, err = tlsutil.NewCert(yc.Certfile, yc.Keyfile, nil)
    68  		if err != nil {
    69  			return nil, err
    70  		}
    71  	}
    72  
    73  	if yc.TrustedCAfile != "" {
    74  		cp, err = tlsutil.NewCertPool([]string{yc.TrustedCAfile})
    75  		if err != nil {
    76  			return nil, err
    77  		}
    78  	}
    79  
    80  	tlscfg := &tls.Config{
    81  		MinVersion:         tls.VersionTLS12,
    82  		InsecureSkipVerify: yc.InsecureSkipTLSVerify,
    83  		RootCAs:            cp,
    84  	}
    85  	if cert != nil {
    86  		tlscfg.Certificates = []tls.Certificate{*cert}
    87  	}
    88  	yc.Config.TLS = tlscfg
    89  
    90  	return &yc.Config, nil
    91  }
    92  

View as plain text