go.etcd.io/etcd@v3.3.27+incompatible/clientv3/yaml/config.go (about) 1 // Copyright 2017 The etcd Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package yaml handles yaml-formatted clientv3 configuration data. 16 package yaml 17 18 import ( 19 "crypto/tls" 20 "crypto/x509" 21 "io/ioutil" 22 23 "sigs.k8s.io/yaml" 24 25 "github.com/coreos/etcd/clientv3" 26 "github.com/coreos/etcd/pkg/tlsutil" 27 ) 28 29 type yamlConfig struct { 30 clientv3.Config 31 32 InsecureTransport bool `json:"insecure-transport"` 33 InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify"` 34 Certfile string `json:"cert-file"` 35 Keyfile string `json:"key-file"` 36 TrustedCAfile string `json:"trusted-ca-file"` 37 38 // CAfile is being deprecated. Use 'TrustedCAfile' instead. 39 // TODO: deprecate this in v4 40 CAfile string `json:"ca-file"` 41 } 42 43 // NewConfig creates a new clientv3.Config from a yaml file. 44 func NewConfig(fpath string) (*clientv3.Config, error) { 45 b, err := ioutil.ReadFile(fpath) 46 if err != nil { 47 return nil, err 48 } 49 50 yc := &yamlConfig{} 51 52 err = yaml.Unmarshal(b, yc) 53 if err != nil { 54 return nil, err 55 } 56 57 if yc.InsecureTransport { 58 return &yc.Config, nil 59 } 60 61 var ( 62 cert *tls.Certificate 63 cp *x509.CertPool 64 ) 65 66 if yc.Certfile != "" && yc.Keyfile != "" { 67 cert, err = tlsutil.NewCert(yc.Certfile, yc.Keyfile, nil) 68 if err != nil { 69 return nil, err 70 } 71 } 72 73 if yc.CAfile != "" && yc.TrustedCAfile == "" { 74 yc.TrustedCAfile = yc.CAfile 75 } 76 if yc.TrustedCAfile != "" { 77 cp, err = tlsutil.NewCertPool([]string{yc.TrustedCAfile}) 78 if err != nil { 79 return nil, err 80 } 81 } 82 83 tlscfg := &tls.Config{ 84 MinVersion: tls.VersionTLS12, 85 InsecureSkipVerify: yc.InsecureSkipTLSVerify, 86 RootCAs: cp, 87 } 88 if cert != nil { 89 tlscfg.Certificates = []tls.Certificate{*cert} 90 } 91 yc.Config.TLS = tlscfg 92 93 return &yc.Config, nil 94 }