12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 |
- // Copyright 2017 The etcd Authors
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- // http://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
- // Package yaml handles yaml-formatted clientv3 configuration data.
- package yaml
- import (
- "crypto/tls"
- "crypto/x509"
- "io/ioutil"
- "sigs.k8s.io/yaml"
- "github.com/coreos/etcd/clientv3"
- "github.com/coreos/etcd/pkg/tlsutil"
- )
- type yamlConfig struct {
- clientv3.Config
- InsecureTransport bool `json:"insecure-transport"`
- InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify"`
- Certfile string `json:"cert-file"`
- Keyfile string `json:"key-file"`
- TrustedCAfile string `json:"trusted-ca-file"`
- // CAfile is being deprecated. Use 'TrustedCAfile' instead.
- // TODO: deprecate this in v4
- CAfile string `json:"ca-file"`
- }
- // NewConfig creates a new clientv3.Config from a yaml file.
- func NewConfig(fpath string) (*clientv3.Config, error) {
- b, err := ioutil.ReadFile(fpath)
- if err != nil {
- return nil, err
- }
- yc := &yamlConfig{}
- err = yaml.Unmarshal(b, yc)
- if err != nil {
- return nil, err
- }
- if yc.InsecureTransport {
- return &yc.Config, nil
- }
- var (
- cert *tls.Certificate
- cp *x509.CertPool
- )
- if yc.Certfile != "" && yc.Keyfile != "" {
- cert, err = tlsutil.NewCert(yc.Certfile, yc.Keyfile, nil)
- if err != nil {
- return nil, err
- }
- }
- if yc.CAfile != "" && yc.TrustedCAfile == "" {
- yc.TrustedCAfile = yc.CAfile
- }
- if yc.TrustedCAfile != "" {
- cp, err = tlsutil.NewCertPool([]string{yc.TrustedCAfile})
- if err != nil {
- return nil, err
- }
- }
- tlscfg := &tls.Config{
- MinVersion: tls.VersionTLS12,
- InsecureSkipVerify: yc.InsecureSkipTLSVerify,
- RootCAs: cp,
- }
- if cert != nil {
- tlscfg.Certificates = []tls.Certificate{*cert}
- }
- yc.Config.TLS = tlscfg
- return &yc.Config, nil
- }
|