k8s.io/client-go@v0.31.1/rest/transport.go (about) 1 /* 2 Copyright 2014 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package rest 18 19 import ( 20 "crypto/tls" 21 "errors" 22 "net/http" 23 24 "k8s.io/client-go/pkg/apis/clientauthentication" 25 "k8s.io/client-go/plugin/pkg/client/auth/exec" 26 "k8s.io/client-go/transport" 27 ) 28 29 // HTTPClientFor returns an http.Client that will provide the authentication 30 // or transport level security defined by the provided Config. Will return the 31 // default http.DefaultClient if no special case behavior is needed. 32 func HTTPClientFor(config *Config) (*http.Client, error) { 33 transport, err := TransportFor(config) 34 if err != nil { 35 return nil, err 36 } 37 var httpClient *http.Client 38 if transport != http.DefaultTransport || config.Timeout > 0 { 39 httpClient = &http.Client{ 40 Transport: transport, 41 Timeout: config.Timeout, 42 } 43 } else { 44 httpClient = http.DefaultClient 45 } 46 47 return httpClient, nil 48 } 49 50 // TLSConfigFor returns a tls.Config that will provide the transport level security defined 51 // by the provided Config. Will return nil if no transport level security is requested. 52 func TLSConfigFor(config *Config) (*tls.Config, error) { 53 cfg, err := config.TransportConfig() 54 if err != nil { 55 return nil, err 56 } 57 return transport.TLSConfigFor(cfg) 58 } 59 60 // TransportFor returns an http.RoundTripper that will provide the authentication 61 // or transport level security defined by the provided Config. Will return the 62 // default http.DefaultTransport if no special case behavior is needed. 63 func TransportFor(config *Config) (http.RoundTripper, error) { 64 cfg, err := config.TransportConfig() 65 if err != nil { 66 return nil, err 67 } 68 return transport.New(cfg) 69 } 70 71 // HTTPWrappersForConfig wraps a round tripper with any relevant layered behavior from the 72 // config. Exposed to allow more clients that need HTTP-like behavior but then must hijack 73 // the underlying connection (like WebSocket or HTTP2 clients). Pure HTTP clients should use 74 // the higher level TransportFor or RESTClientFor methods. 75 func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) { 76 cfg, err := config.TransportConfig() 77 if err != nil { 78 return nil, err 79 } 80 return transport.HTTPWrappersForConfig(cfg, rt) 81 } 82 83 // TransportConfig converts a client config to an appropriate transport config. 84 func (c *Config) TransportConfig() (*transport.Config, error) { 85 conf := &transport.Config{ 86 UserAgent: c.UserAgent, 87 Transport: c.Transport, 88 WrapTransport: c.WrapTransport, 89 DisableCompression: c.DisableCompression, 90 TLS: transport.TLSConfig{ 91 Insecure: c.Insecure, 92 ServerName: c.ServerName, 93 CAFile: c.CAFile, 94 CAData: c.CAData, 95 CertFile: c.CertFile, 96 CertData: c.CertData, 97 KeyFile: c.KeyFile, 98 KeyData: c.KeyData, 99 NextProtos: c.NextProtos, 100 }, 101 Username: c.Username, 102 Password: c.Password, 103 BearerToken: c.BearerToken, 104 BearerTokenFile: c.BearerTokenFile, 105 Impersonate: transport.ImpersonationConfig{ 106 UserName: c.Impersonate.UserName, 107 UID: c.Impersonate.UID, 108 Groups: c.Impersonate.Groups, 109 Extra: c.Impersonate.Extra, 110 }, 111 Proxy: c.Proxy, 112 } 113 114 if c.Dial != nil { 115 conf.DialHolder = &transport.DialHolder{Dial: c.Dial} 116 } 117 118 if c.ExecProvider != nil && c.AuthProvider != nil { 119 return nil, errors.New("execProvider and authProvider cannot be used in combination") 120 } 121 122 if c.ExecProvider != nil { 123 var cluster *clientauthentication.Cluster 124 if c.ExecProvider.ProvideClusterInfo { 125 var err error 126 cluster, err = ConfigToExecCluster(c) 127 if err != nil { 128 return nil, err 129 } 130 } 131 provider, err := exec.GetAuthenticator(c.ExecProvider, cluster) 132 if err != nil { 133 return nil, err 134 } 135 if err := provider.UpdateTransportConfig(conf); err != nil { 136 return nil, err 137 } 138 } 139 if c.AuthProvider != nil { 140 provider, err := GetAuthProvider(c.Host, c.AuthProvider, c.AuthConfigPersister) 141 if err != nil { 142 return nil, err 143 } 144 conf.Wrap(provider.WrapTransport) 145 } 146 return conf, nil 147 } 148 149 // Wrap adds a transport middleware function that will give the caller 150 // an opportunity to wrap the underlying http.RoundTripper prior to the 151 // first API call being made. The provided function is invoked after any 152 // existing transport wrappers are invoked. 153 func (c *Config) Wrap(fn transport.WrapperFunc) { 154 c.WrapTransport = transport.Wrappers(c.WrapTransport, fn) 155 }