diff options
| -rw-r--r-- | middleware/etcd/setup.go | 24 | ||||
| -rw-r--r-- | middleware/pkg/tls/tls.go | 23 | ||||
| -rw-r--r-- | middleware/pkg/tls/tls_test.go | 20 |
3 files changed, 44 insertions, 23 deletions
diff --git a/middleware/etcd/setup.go b/middleware/etcd/setup.go index 380b57167..bedc154f8 100644 --- a/middleware/etcd/setup.go +++ b/middleware/etcd/setup.go @@ -2,9 +2,6 @@ package etcd import ( "crypto/tls" - "net" - "net/http" - "time" "github.com/coredns/coredns/core/dnsserver" "github.com/coredns/coredns/middleware" @@ -135,7 +132,7 @@ func etcdParse(c *caddy.Controller) (*Etcd, bool, error) { func newEtcdClient(endpoints []string, cc *tls.Config) (etcdc.KeysAPI, error) { etcdCfg := etcdc.Config{ Endpoints: endpoints, - Transport: newHTTPSTransport(cc), + Transport: mwtls.NewHTTPSTransport(cc), } cli, err := etcdc.New(etcdCfg) if err != nil { @@ -144,23 +141,4 @@ func newEtcdClient(endpoints []string, cc *tls.Config) (etcdc.KeysAPI, error) { return etcdc.NewKeysAPI(cli), nil } -func newHTTPSTransport(cc *tls.Config) etcdc.CancelableTransport { - // this seems like a bad idea but was here in the previous version - if cc != nil { - cc.InsecureSkipVerify = true - } - - tr := &http.Transport{ - Proxy: http.ProxyFromEnvironment, - Dial: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).Dial, - TLSHandshakeTimeout: 10 * time.Second, - TLSClientConfig: cc, - } - - return tr -} - const defaultEndpoint = "http://localhost:2379" diff --git a/middleware/pkg/tls/tls.go b/middleware/pkg/tls/tls.go index 62889f542..13882c353 100644 --- a/middleware/pkg/tls/tls.go +++ b/middleware/pkg/tls/tls.go @@ -5,6 +5,9 @@ import ( "crypto/x509" "fmt" "io/ioutil" + "net" + "net/http" + "time" ) // NewTLSConfigFromArgs returns a TLS config based upon the passed @@ -102,3 +105,23 @@ func loadRoots(caPath string) (*x509.CertPool, error) { } return roots, nil } + +// NetHTTPSTransport returns an HTTP transport configured using tls.Config +func NewHTTPSTransport(cc *tls.Config) *http.Transport { + // this seems like a bad idea but was here in the previous version + if cc != nil { + cc.InsecureSkipVerify = true + } + + tr := &http.Transport{ + Proxy: http.ProxyFromEnvironment, + Dial: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).Dial, + TLSHandshakeTimeout: 10 * time.Second, + TLSClientConfig: cc, + } + + return tr +} diff --git a/middleware/pkg/tls/tls_test.go b/middleware/pkg/tls/tls_test.go index 6d0cb7372..408469045 100644 --- a/middleware/pkg/tls/tls_test.go +++ b/middleware/pkg/tls/tls_test.go @@ -79,3 +79,23 @@ func TestNewTLSConfigFromArgs(t *testing.T) { t.Error("Certificateis should have a single entry when three args passed") } } + +func TestNewHTTPSTransport(t *testing.T) { + rmFunc, _, _, ca := getPEMFiles(t) + defer rmFunc() + + cc, err := NewTLSClientConfig(ca) + if err != nil { + t.Errorf("Failed to create TLSConfig: %s", err) + } + + tr := NewHTTPSTransport(cc) + if tr == nil { + t.Errorf("Failed to create https transport with cc") + } + + tr = NewHTTPSTransport(nil) + if tr == nil { + t.Errorf("Failed to create https transport without cc") + } +} |