func NewTransport(info transport.TLSInfo) (*Transport, error) {
cfg, err := info.ClientConfig()
if err != nil {
return nil, err
}
t := &Transport{
// timeouts taken from http.DefaultTransport
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: cfg,
}
return t, nil
}
func listener(addr, cafile, certfile, keyfile string) (net.Listener, error) {
rex := regexp.MustCompile("(?:([a-z]+)://)?(.*)")
groups := rex.FindStringSubmatch(addr)
var l net.Listener
var err error
switch {
case groups == nil:
return nil, fmt.Errorf("bad listener address")
case groups[1] == "", groups[1] == "tcp":
if l, err = net.Listen("tcp", groups[2]); err != nil {
return nil, err
}
case groups[1] == "fd":
if l, err = fdListener(groups[2]); err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("bad listener scheme")
}
tlsinfo := transport.TLSInfo{
CAFile: cafile,
CertFile: certfile,
KeyFile: keyfile,
}
if !tlsinfo.Empty() {
cfg, err := tlsinfo.ServerConfig()
if err != nil {
return nil, err
}
l = tls.NewListener(l, cfg)
}
return l, nil
}
func NewRemoteManager(listenAddr, cafile, certfile, keyfile string) (subnet.Manager, error) {
tls := transport.TLSInfo{
CAFile: cafile,
CertFile: certfile,
KeyFile: keyfile,
}
t, err := NewTransport(tls)
if err != nil {
return nil, err
}
var scheme string
if tls.Empty() && tls.CAFile == "" {
scheme = "http://"
} else {
scheme = "https://"
}
return &RemoteManager{
base: scheme + listenAddr + "/v1",
transport: t,
}, nil
}
