You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by md...@apache.org on 2019/01/21 13:00:06 UTC

[incubator-openwhisk-client-go] branch master updated: Load X509 cert on client creation (#112)

This is an automated email from the ASF dual-hosted git repository.

mdeuser pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-client-go.git


The following commit(s) were added to refs/heads/master by this push:
     new 41bdfc4  Load X509 cert on client creation (#112)
41bdfc4 is described below

commit 41bdfc4b124d7a9e419ba72ab19ce31f01338509
Author: Mingyu Zhou <Ap...@users.noreply.github.com>
AuthorDate: Mon Jan 21 20:59:58 2019 +0800

    Load X509 cert on client creation (#112)
    
    * load X509 cert on client creation
    
    * remove unnecessary comments
    
    * resolve comments
---
 whisk/action.go |  2 +-
 whisk/client.go | 63 ++++++++++++++++++++++++++++++++-------------------------
 whisk/info.go   |  4 ----
 whisk/sdk.go    |  4 ----
 4 files changed, 37 insertions(+), 36 deletions(-)

diff --git a/whisk/action.go b/whisk/action.go
index c1e06ea..254c45c 100644
--- a/whisk/action.go
+++ b/whisk/action.go
@@ -213,7 +213,7 @@ func (s *ActionService) Insert(action *Action, overwrite bool) (*Action, *http.R
 
 	req, err := s.client.NewRequest("PUT", route, action, IncludeNamespaceInUrl)
 	if err != nil {
-		Debug(DbgError, "http.NewRequest(PUT, %s, %#v) error: '%s'\n", route, err, action)
+		Debug(DbgError, "http.NewRequest(PUT, %s, %#v) error: '%s'\n", route, action, err)
 		errMsg := wski18n.T("Unable to create HTTP request for PUT '{{.route}}': {{.err}}",
 			map[string]interface{}{"route": route, "err": err})
 		whiskErr := MakeWskErrorFromWskError(errors.New(errMsg), err, EXIT_CODE_ERR_NETWORK, DISPLAY_MSG,
diff --git a/whisk/client.go b/whisk/client.go
index cbedf83..79dda39 100644
--- a/whisk/client.go
+++ b/whisk/client.go
@@ -24,7 +24,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/apache/incubator-openwhisk-client-go/wski18n"
 	"io"
 	"io/ioutil"
 	"net"
@@ -35,6 +34,8 @@ import (
 	"runtime"
 	"strings"
 	"time"
+
+	"github.com/apache/incubator-openwhisk-client-go/wski18n"
 )
 
 const (
@@ -111,10 +112,15 @@ var DefaultObfuscateArr = []ObfuscateSet{
 	},
 }
 
-func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
+// NewClient creates a new whisk client with the provided http client and whisk configuration.
+//
+// A new http.Transport will be created when client cert or TLS insecure options are set.
+// If one use custom tranport and want to keep it intact, please opt out TLS related fields
+// in configInput and construct TLS conguration in the custom transport.
+func NewClient(httpClient *http.Client, configInput *Config) (*Client, error) {
 
 	var config *Config
-	if config_input == nil {
+	if configInput == nil {
 		defaultConfig, err := GetDefaultConfig()
 		if err != nil {
 			return nil, err
@@ -122,7 +128,7 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
 			config = defaultConfig
 		}
 	} else {
-		config = config_input
+		config = configInput
 	}
 
 	if httpClient == nil {
@@ -138,7 +144,7 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
 	} else if config.BaseURL == nil {
 		config.BaseURL, err = GetUrlBase(config.Host)
 		if err != nil {
-			Debug(DbgError, "Unable to create request URL, because the api host %s is invalid\n", config.Host, err)
+			Debug(DbgError, "Unable to create request URL, because the api host %s is invalid: %s\n", config.Host, err)
 			errStr = wski18n.T("Unable to create request URL, because the api host '{{.host}}' is invalid: {{.err}}",
 				map[string]interface{}{"host": config.Host, "err": err})
 		}
@@ -176,6 +182,11 @@ func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
 	c.Info = &InfoService{client: c}
 	c.Apis = &ApiService{client: c}
 
+	werr := c.LoadX509KeyPair()
+	if werr != nil {
+		return nil, werr
+	}
+
 	return c, nil
 }
 
@@ -214,19 +225,26 @@ func (c *Client) LoadX509KeyPair() error {
 		}
 	}
 
-	// Use the defaultTransport as the transport basis to maintain proxy support
-	c.client.Transport = &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			DualStack: true,
-		}).DialContext,
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-		TLSClientConfig:       tlsConfig,
+	// Only replace the existing transport when a custom TLS configuration is needed
+	if tlsConfig.InsecureSkipVerify || tlsConfig.Certificates != nil {
+		if c.client.Transport != nil {
+			warningStr := "The provided http.Transport is replaced to match the TLS configuration. Custom transport cannot coexist with nondefault TLS configuration"
+			Debug(DbgWarn, warningStr)
+		}
+		// Use the defaultTransport as the transport basis to maintain proxy support
+		c.client.Transport = &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+				DualStack: true,
+			}).DialContext,
+			MaxIdleConns:          100,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+			TLSClientConfig:       tlsConfig,
+		}
 	}
 
 	return nil
@@ -241,11 +259,6 @@ var ReadX509KeyPair = func(certFile, keyFile string) (tls.Certificate, error) {
 ///////////////////////////////
 
 func (c *Client) NewRequest(method, urlStr string, body interface{}, includeNamespaceInUrl bool) (*http.Request, error) {
-	werr := c.LoadX509KeyPair()
-	if werr != nil {
-		return nil, werr
-	}
-
 	if includeNamespaceInUrl {
 		if c.Config.Namespace != "" {
 			urlStr = fmt.Sprintf("%s/namespaces/%s/%s", c.Config.Version, c.Config.Namespace, urlStr)
@@ -705,10 +718,6 @@ func (c *Client) NewRequestUrl(
 	useAuthentication bool) (*http.Request, error) {
 	var requestUrl *url.URL
 	var err error
-	error := c.LoadX509KeyPair()
-	if error != nil {
-		return nil, error
-	}
 
 	if appendOpenWhiskPath {
 		var urlVerNamespaceStr string
diff --git a/whisk/info.go b/whisk/info.go
index 939412f..1cc9179 100644
--- a/whisk/info.go
+++ b/whisk/info.go
@@ -38,10 +38,6 @@ type InfoService struct {
 
 func (s *InfoService) Get() (*Info, *http.Response, error) {
 	// make a request to c.BaseURL / v1
-	err := s.client.LoadX509KeyPair()
-	if err != nil {
-		return nil, nil, err
-	}
 	urlStr := fmt.Sprintf("%s/%s", s.client.BaseURL.String(), s.client.Config.Version)
 	u, err := url.Parse(urlStr)
 	if err != nil {
diff --git a/whisk/sdk.go b/whisk/sdk.go
index 06743b1..dae850d 100644
--- a/whisk/sdk.go
+++ b/whisk/sdk.go
@@ -39,10 +39,6 @@ type SdkRequest struct {
 
 // Install artifact {component = docker || swift || iOS}
 func (s *SdkService) Install(relFileUrl string) (*http.Response, error) {
-	err := s.client.LoadX509KeyPair()
-	if err != nil {
-		return nil, err
-	}
 	baseURL := s.client.Config.BaseURL
 	// Remove everything but the scheme, host, and port
 	baseURL.Path, baseURL.RawQuery, baseURL.Fragment = "", "", ""