go.chromium.org/luci@v0.0.0-20250314024836-d9a61d0730e6/tokenserver/client/default.go

go.chromium.org/luci@v0.0.0-20250314024836-d9a61d0730e6/tokenserver/client/default.go (about)

     1  // Copyright 2016 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package client
    16  
    17  import (
    18  	"net/http"
    19  
    20  	"go.chromium.org/luci/common/retry"
    21  	"go.chromium.org/luci/grpc/prpc"
    22  
    23  	"go.chromium.org/luci/tokenserver/api/minter/v1"
    24  )
    25  
    26  // Parameters is passed to New.
    27  type Parameters struct {
    28  	// PrivateKeyPath is a path to a file with a private key PEM file.
    29  	//
    30  	// Required.
    31  	PrivateKeyPath string
    32  
    33  	// CertificatePath is a path to a file with a corresponding certificate.
    34  	//
    35  	// Required. It must match the private key (this will be verified).
    36  	CertificatePath string
    37  
    38  	// Backend is a hostname of the token server to talk to.
    39  	//
    40  	// Required.
    41  	Backend string
    42  
    43  	// Insecure is true to use 'http' protocol instead of 'https'.
    44  	//
    45  	// Useful on localhost. Default is "secure".
    46  	Insecure bool
    47  
    48  	// Client is non-authenticating HTTP client to build pRPC transport on top of.
    49  	//
    50  	// Default is http.DefaultClient.
    51  	Client *http.Client
    52  
    53  	// Retry defines how to retry RPC requests on transient errors.
    54  	//
    55  	// Use retry.Default for default strategy. Default is "no retries".
    56  	Retry retry.Factory
    57  }
    58  
    59  // New returns new Client that uses PEM encoded keys and talks
    60  // to the server via pRPC.
    61  func New(params Parameters) (*Client, error) {
    62  	signer, err := LoadX509Signer(params.PrivateKeyPath, params.CertificatePath)
    63  	if err != nil {
    64  		return nil, err
    65  	}
    66  	return &Client{
    67  		Client: minter.NewTokenMinterClient(&prpc.Client{
    68  			C:    params.Client,
    69  			Host: params.Backend,
    70  			Options: &prpc.Options{
    71  				Retry:    params.Retry,
    72  				Insecure: params.Insecure,
    73  			},
    74  		}),
    75  		Signer: signer,
    76  	}, nil
    77  }