middleware/etcd: move NewHTTPTransport to pkg/tls (#769)

2 files changed, 43 insertions, 0 deletions

diff --git a/middleware/pkg/tls/tls.go b/middleware/pkg/tls/tls.go
index 62889f542..13882c353 100644
--- a/middleware/pkg/tls/tls.go
+++ b/middleware/pkg/tls/tls.go
@@ -5,6 +5,9 @@ import (
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
+	"net"
+	"net/http"
+	"time"
 )
 
 // NewTLSConfigFromArgs returns a TLS config based upon the passed
@@ -102,3 +105,23 @@ func loadRoots(caPath string) (*x509.CertPool, error) {
 	}
 	return roots, nil
 }
+
+// NetHTTPSTransport returns an HTTP transport configured using tls.Config
+func NewHTTPSTransport(cc *tls.Config) *http.Transport {
+	// this seems like a bad idea but was here in the previous version
+	if cc != nil {
+		cc.InsecureSkipVerify = true
+	}
+
+	tr := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		TLSClientConfig:     cc,
+	}
+
+	return tr
+}
diff --git a/middleware/pkg/tls/tls_test.go b/middleware/pkg/tls/tls_test.go
index 6d0cb7372..408469045 100644
--- a/middleware/pkg/tls/tls_test.go
+++ b/middleware/pkg/tls/tls_test.go
@@ -79,3 +79,23 @@ func TestNewTLSConfigFromArgs(t *testing.T) {
 		t.Error("Certificateis should have a single entry when three args passed")
 	}
 }
+
+func TestNewHTTPSTransport(t *testing.T) {
+	rmFunc, _, _, ca := getPEMFiles(t)
+	defer rmFunc()
+
+	cc, err := NewTLSClientConfig(ca)
+	if err != nil {
+		t.Errorf("Failed to create TLSConfig: %s", err)
+	}
+
+	tr := NewHTTPSTransport(cc)
+	if tr == nil {
+		t.Errorf("Failed to create https transport with cc")
+	}
+
+	tr = NewHTTPSTransport(nil)
+	if tr == nil {
+		t.Errorf("Failed to create https transport without cc")
+	}
+}