func mustClient(endpoint, cert, key, cacert string) *clientv3.Client {
// set tls if any one tls option set
var cfgtls *transport.TLSInfo
tls := transport.TLSInfo{}
var file string
if cert != "" {
tls.CertFile = cert
cfgtls = &tls
}
if key != "" {
tls.KeyFile = key
cfgtls = &tls
}
if cacert != "" {
tls.CAFile = file
cfgtls = &tls
}
cfg := clientv3.Config{
Endpoints: []string{endpoint},
TLS: cfgtls,
DialTimeout: 20 * time.Second,
}
client, err := clientv3.New(cfg)
if err != nil {
ExitWithError(ExitBadConnection, err)
}
return client
}
func newClientCfg() (*clientv3.Config, error) {
// set tls if any one tls option set
var cfgtls *transport.TLSInfo
tlsinfo := transport.TLSInfo{}
if grpcProxyCert != "" {
tlsinfo.CertFile = grpcProxyCert
cfgtls = &tlsinfo
}
if grpcProxyKey != "" {
tlsinfo.KeyFile = grpcProxyKey
cfgtls = &tlsinfo
}
if grpcProxyCA != "" {
tlsinfo.CAFile = grpcProxyCA
cfgtls = &tlsinfo
}
cfg := clientv3.Config{
Endpoints: grpcProxyEndpoints,
DialTimeout: 5 * time.Second,
}
if cfgtls != nil {
clientTLS, err := cfgtls.ClientConfig()
if err != nil {
return nil, err
}
cfg.TLS = clientTLS
}
// TODO: support insecure tls
return &cfg, nil
}
func newClientCfg(endpoints []string, dialTimeout time.Duration, scfg *secureCfg, acfg *authCfg) (*clientv3.Config, error) {
// set tls if any one tls option set
var cfgtls *transport.TLSInfo
tlsinfo := transport.TLSInfo{}
if scfg.cert != "" {
tlsinfo.CertFile = scfg.cert
cfgtls = &tlsinfo
}
if scfg.key != "" {
tlsinfo.KeyFile = scfg.key
cfgtls = &tlsinfo
}
if scfg.cacert != "" {
tlsinfo.CAFile = scfg.cacert
cfgtls = &tlsinfo
}
cfg := &clientv3.Config{
Endpoints: endpoints,
DialTimeout: dialTimeout,
}
if cfgtls != nil {
clientTLS, err := cfgtls.ClientConfig()
if err != nil {
return nil, err
}
cfg.TLS = clientTLS
}
// if key/cert is not given but user wants secure connection, we
// should still setup an empty tls configuration for gRPC to setup
// secure connection.
if cfg.TLS == nil && !scfg.insecureTransport {
cfg.TLS = &tls.Config{}
}
// If the user wants to skip TLS verification then we should set
// the InsecureSkipVerify flag in tls configuration.
if scfg.insecureSkipVerify && cfg.TLS != nil {
cfg.TLS.InsecureSkipVerify = true
}
if acfg != nil {
cfg.Username = acfg.username
cfg.Password = acfg.password
}
return cfg, nil
}
func mustClient(cmd *cobra.Command) *clientv3.Client {
endpoint, err := cmd.Flags().GetString("endpoint")
if err != nil {
ExitWithError(ExitError, err)
}
// set tls if any one tls option set
var cfgtls *transport.TLSInfo
tls := transport.TLSInfo{}
var file string
if file, err = cmd.Flags().GetString("cert"); err == nil && file != "" {
tls.CertFile = file
cfgtls = &tls
} else if cmd.Flags().Changed("cert") {
ExitWithError(ExitBadArgs, errors.New("empty string is passed to --cert option"))
}
if file, err = cmd.Flags().GetString("key"); err == nil && file != "" {
tls.KeyFile = file
cfgtls = &tls
} else if cmd.Flags().Changed("key") {
ExitWithError(ExitBadArgs, errors.New("empty string is passed to --key option"))
}
if file, err = cmd.Flags().GetString("cacert"); err == nil && file != "" {
tls.CAFile = file
cfgtls = &tls
} else if cmd.Flags().Changed("cacert") {
ExitWithError(ExitBadArgs, errors.New("empty string is passed to --cacert option"))
}
cfg := clientv3.Config{
Endpoints: []string{endpoint},
TLS: cfgtls,
DialTimeout: 20 * time.Second,
}
client, err := clientv3.New(cfg)
if err != nil {
ExitWithError(ExitBadConnection, err)
}
return client
}
