go.etcd.io/etcd@v3.3.27+incompatible/clientv3/yaml/config.go

go.etcd.io/etcd@v3.3.27+incompatible/clientv3/yaml/config.go (about)

     1  // Copyright 2017 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package yaml handles yaml-formatted clientv3 configuration data.
    16  package yaml
    17  
    18  import (
    19  	"crypto/tls"
    20  	"crypto/x509"
    21  	"io/ioutil"
    22  
    23  	"sigs.k8s.io/yaml"
    24  
    25  	"github.com/coreos/etcd/clientv3"
    26  	"github.com/coreos/etcd/pkg/tlsutil"
    27  )
    28  
    29  type yamlConfig struct {
    30  	clientv3.Config
    31  
    32  	InsecureTransport     bool   `json:"insecure-transport"`
    33  	InsecureSkipTLSVerify bool   `json:"insecure-skip-tls-verify"`
    34  	Certfile              string `json:"cert-file"`
    35  	Keyfile               string `json:"key-file"`
    36  	TrustedCAfile         string `json:"trusted-ca-file"`
    37  
    38  	// CAfile is being deprecated. Use 'TrustedCAfile' instead.
    39  	// TODO: deprecate this in v4
    40  	CAfile string `json:"ca-file"`
    41  }
    42  
    43  // NewConfig creates a new clientv3.Config from a yaml file.
    44  func NewConfig(fpath string) (*clientv3.Config, error) {
    45  	b, err := ioutil.ReadFile(fpath)
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  
    50  	yc := &yamlConfig{}
    51  
    52  	err = yaml.Unmarshal(b, yc)
    53  	if err != nil {
    54  		return nil, err
    55  	}
    56  
    57  	if yc.InsecureTransport {
    58  		return &yc.Config, nil
    59  	}
    60  
    61  	var (
    62  		cert *tls.Certificate
    63  		cp   *x509.CertPool
    64  	)
    65  
    66  	if yc.Certfile != "" && yc.Keyfile != "" {
    67  		cert, err = tlsutil.NewCert(yc.Certfile, yc.Keyfile, nil)
    68  		if err != nil {
    69  			return nil, err
    70  		}
    71  	}
    72  
    73  	if yc.CAfile != "" && yc.TrustedCAfile == "" {
    74  		yc.TrustedCAfile = yc.CAfile
    75  	}
    76  	if yc.TrustedCAfile != "" {
    77  		cp, err = tlsutil.NewCertPool([]string{yc.TrustedCAfile})
    78  		if err != nil {
    79  			return nil, err
    80  		}
    81  	}
    82  
    83  	tlscfg := &tls.Config{
    84  		MinVersion:         tls.VersionTLS12,
    85  		InsecureSkipVerify: yc.InsecureSkipTLSVerify,
    86  		RootCAs:            cp,
    87  	}
    88  	if cert != nil {
    89  		tlscfg.Certificates = []tls.Certificate{*cert}
    90  	}
    91  	yc.Config.TLS = tlscfg
    92  
    93  	return &yc.Config, nil
    94  }