k8s.io/client-go@v0.22.2/transport/config.go (about) 1 /* 2 Copyright 2015 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package transport 18 19 import ( 20 "context" 21 "crypto/tls" 22 "net" 23 "net/http" 24 "net/url" 25 ) 26 27 // Config holds various options for establishing a transport. 28 type Config struct { 29 // UserAgent is an optional field that specifies the caller of this 30 // request. 31 UserAgent string 32 33 // The base TLS configuration for this transport. 34 TLS TLSConfig 35 36 // Username and password for basic authentication 37 Username string 38 Password string `datapolicy:"password"` 39 40 // Bearer token for authentication 41 BearerToken string `datapolicy:"token"` 42 43 // Path to a file containing a BearerToken. 44 // If set, the contents are periodically read. 45 // The last successfully read value takes precedence over BearerToken. 46 BearerTokenFile string 47 48 // Impersonate is the config that this Config will impersonate using 49 Impersonate ImpersonationConfig 50 51 // DisableCompression bypasses automatic GZip compression requests to the 52 // server. 53 DisableCompression bool 54 55 // Transport may be used for custom HTTP behavior. This attribute may 56 // not be specified with the TLS client certificate options. Use 57 // WrapTransport for most client level operations. 58 Transport http.RoundTripper 59 60 // WrapTransport will be invoked for custom HTTP behavior after the 61 // underlying transport is initialized (either the transport created 62 // from TLSClientConfig, Transport, or http.DefaultTransport). The 63 // config may layer other RoundTrippers on top of the returned 64 // RoundTripper. 65 // 66 // A future release will change this field to an array. Use config.Wrap() 67 // instead of setting this value directly. 68 WrapTransport WrapperFunc 69 70 // Dial specifies the dial function for creating unencrypted TCP connections. 71 Dial func(ctx context.Context, network, address string) (net.Conn, error) 72 73 // Proxy is the proxy func to be used for all requests made by this 74 // transport. If Proxy is nil, http.ProxyFromEnvironment is used. If Proxy 75 // returns a nil *URL, no proxy is used. 76 // 77 // socks5 proxying does not currently support spdy streaming endpoints. 78 Proxy func(*http.Request) (*url.URL, error) 79 } 80 81 // ImpersonationConfig has all the available impersonation options 82 type ImpersonationConfig struct { 83 // UserName matches user.Info.GetName() 84 UserName string 85 // Groups matches user.Info.GetGroups() 86 Groups []string 87 // Extra matches user.Info.GetExtra() 88 Extra map[string][]string 89 } 90 91 // HasCA returns whether the configuration has a certificate authority or not. 92 func (c *Config) HasCA() bool { 93 return len(c.TLS.CAData) > 0 || len(c.TLS.CAFile) > 0 94 } 95 96 // HasBasicAuth returns whether the configuration has basic authentication or not. 97 func (c *Config) HasBasicAuth() bool { 98 return len(c.Username) != 0 99 } 100 101 // HasTokenAuth returns whether the configuration has token authentication or not. 102 func (c *Config) HasTokenAuth() bool { 103 return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0 104 } 105 106 // HasCertAuth returns whether the configuration has certificate authentication or not. 107 func (c *Config) HasCertAuth() bool { 108 return (len(c.TLS.CertData) != 0 || len(c.TLS.CertFile) != 0) && (len(c.TLS.KeyData) != 0 || len(c.TLS.KeyFile) != 0) 109 } 110 111 // HasCertCallback returns whether the configuration has certificate callback or not. 112 func (c *Config) HasCertCallback() bool { 113 return c.TLS.GetCert != nil 114 } 115 116 // Wrap adds a transport middleware function that will give the caller 117 // an opportunity to wrap the underlying http.RoundTripper prior to the 118 // first API call being made. The provided function is invoked after any 119 // existing transport wrappers are invoked. 120 func (c *Config) Wrap(fn WrapperFunc) { 121 c.WrapTransport = Wrappers(c.WrapTransport, fn) 122 } 123 124 // TLSConfig holds the information needed to set up a TLS transport. 125 type TLSConfig struct { 126 CAFile string // Path of the PEM-encoded server trusted root certificates. 127 CertFile string // Path of the PEM-encoded client certificate. 128 KeyFile string // Path of the PEM-encoded client key. 129 ReloadTLSFiles bool // Set to indicate that the original config provided files, and that they should be reloaded 130 131 Insecure bool // Server should be accessed without verifying the certificate. For testing only. 132 ServerName string // Override for the server name passed to the server for SNI and used to verify certificates. 133 134 CAData []byte // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile. 135 CertData []byte // Bytes of the PEM-encoded client certificate. Supercedes CertFile. 136 KeyData []byte // Bytes of the PEM-encoded client key. Supercedes KeyFile. 137 138 // NextProtos is a list of supported application level protocols, in order of preference. 139 // Used to populate tls.Config.NextProtos. 140 // To indicate to the server http/1.1 is preferred over http/2, set to ["http/1.1", "h2"] (though the server is free to ignore that preference). 141 // To use only http/1.1, set to ["http/1.1"]. 142 NextProtos []string 143 144 GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field. 145 }