func MakeNewEtcdKApi(params *EtcdConnectionParams) (client.KeysAPI, error) { eps, err := getEndpoints(params) if err != nil { return nil, err } tr, err := getTransport(params) if err != nil { return nil, err } cfg := client.Config{ Transport: tr, Endpoints: eps, HeaderTimeoutPerRequest: params.RequestTimeout, } if params.Username != "" { cfg.Username = params.Username cfg.Password = params.Password } etcdClient, err := client.New(cfg) if err != nil { return nil, err } return client.NewKeysAPI(etcdClient), nil }
func newClient(c *cli.Context) (client.Client, error) { eps, err := getEndpoints(c) if err != nil { return nil, err } tr, err := getTransport(c) if err != nil { return nil, err } cfg := client.Config{ Transport: tr, Endpoints: eps, HeaderTimeoutPerRequest: c.GlobalDuration("timeout"), } uFlag := c.GlobalString("username") if uFlag != "" { username, password, err := getUsernamePasswordFromFlag(uFlag) if err != nil { return nil, err } cfg.Username = username cfg.Password = password } return client.New(cfg) }
func etcdFactory(conf map[string]string) (Client, error) { path, ok := conf["path"] if !ok { return nil, fmt.Errorf("missing 'path' configuration") } endpoints, ok := conf["endpoints"] if !ok || endpoints == "" { return nil, fmt.Errorf("missing 'endpoints' configuration") } config := etcdapi.Config{ Endpoints: strings.Split(endpoints, " "), } if username, ok := conf["username"]; ok && username != "" { config.Username = username } if password, ok := conf["password"]; ok && password != "" { config.Password = password } client, err := etcdapi.New(config) if err != nil { return nil, err } return &EtcdClient{ Client: client, Path: path, }, nil }
// NewEtcdClient returns an *etcd.Client with a connection to named machines. func NewEtcdClient(machines []string, cert, key, caCert string, basicAuth bool, username string, password string) (*Client, error) { var c client.Client var kapi client.KeysAPI var err error var transport = &http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).Dial, TLSHandshakeTimeout: 10 * time.Second, } tlsConfig := &tls.Config{ InsecureSkipVerify: false, } cfg := client.Config{ Endpoints: machines, HeaderTimeoutPerRequest: time.Duration(3) * time.Second, } if basicAuth { cfg.Username = username cfg.Password = password } if caCert != "" { certBytes, err := ioutil.ReadFile(caCert) if err != nil { return &Client{kapi}, err } caCertPool := x509.NewCertPool() ok := caCertPool.AppendCertsFromPEM(certBytes) if ok { tlsConfig.RootCAs = caCertPool } } if cert != "" && key != "" { tlsCert, err := tls.LoadX509KeyPair(cert, key) if err != nil { return &Client{kapi}, err } tlsConfig.Certificates = []tls.Certificate{tlsCert} } transport.TLSClientConfig = tlsConfig cfg.Transport = transport c, err = client.New(cfg) if err != nil { return &Client{kapi}, err } kapi = client.NewKeysAPI(c) return &Client{kapi}, nil }
func mustNewClient(c *cli.Context) client.Client { eps, err := getEndpoints(c) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } tr, err := getTransport(c) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } cfg := client.Config{ Transport: tr, Endpoints: eps, HeaderTimeoutPerRequest: c.GlobalDuration("timeout"), } uFlag := c.GlobalString("username") if uFlag != "" { username, password, err := getUsernamePasswordFromFlag(uFlag) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } cfg.Username = username cfg.Password = password } hc, err := client.New(cfg) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } if !c.GlobalBool("no-sync") { ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout) err := hc.Sync(ctx) cancel() if err != nil { handleError(ExitServerError, err) os.Exit(1) } } if c.GlobalBool("debug") { fmt.Fprintf(os.Stderr, "Cluster-Endpoints: %s\n", strings.Join(hc.Endpoints(), ", ")) client.EnablecURLDebug() } return hc }
func (e *Etcd) Init() error { config := client.Config{ Endpoints: Machines(), } if uname != "" { config.Username = uname if upass != "" { config.Password = upass } else { return errors.New("Etcd username provided but no password") } } cl, err := client.New(config) if err != nil { return err } e.KeysAPI = client.NewKeysAPI(cl) return nil }
func etcdConfigFromFlags(c *cli.Context) etcdclient.Config { eFlag := c.GlobalString("endpoint") uFlag := c.GlobalString("username") pFlag := c.GlobalString("password") tFlag := c.GlobalDuration("timeout") cfg := etcdclient.Config{ Endpoints: strings.Split(eFlag, ","), Transport: etcdclient.DefaultTransport, HeaderTimeoutPerRequest: tFlag, } if uFlag != "" && pFlag != "" { cfg.Username = uFlag cfg.Password = pFlag } return cfg }
func newClient(e Etcdtool) client.Client { cfg := client.Config{ Transport: newTransport(e), Endpoints: strings.Split(e.Peers, ","), HeaderTimeoutPerRequest: e.Timeout, } if e.User != "" { cfg.Username = e.User var err error cfg.Password, err = speakeasy.Ask("Password: ") if err != nil { fatal(err.Error()) } } cl, err := client.New(cfg) if err != nil { fatal(err.Error()) } return cl }
func mustNewClient(c *cli.Context) client.Client { eps, err := getEndpoints(c) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } tr, err := getTransport(c) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } cfg := client.Config{ Transport: tr, Endpoints: eps, } uFlag := c.GlobalString("username") if uFlag != "" { username, password, err := getUsernamePasswordFromFlag(uFlag) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } cfg.Username = username cfg.Password = password } hc, err := client.New(cfg) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } return hc }
// setCredentials sets the username/password credentials for connecting to Etcd func setCredentials(cfg *etcd.Config, username, password string) { cfg.Username = username cfg.Password = password }
// newEtcdBackend constructs a etcd backend using a given machine address. func newEtcdBackend(conf map[string]string) (Backend, error) { // Get the etcd path form the configuration. path, ok := conf["path"] if !ok { path = "/vault" } // Ensure path is prefixed. if !strings.HasPrefix(path, "/") { path = "/" + path } // Set a default machines list and check for an overriding address value. machines := "http://128.0.0.1:2379" if address, ok := conf["address"]; ok { machines = address } machinesParsed := strings.Split(machines, EtcdMachineDelimiter) // Verify that the machines are valid URLs for _, machine := range machinesParsed { u, urlErr := url.Parse(machine) if urlErr != nil || u.Scheme == "" { return nil, EtcdAddressError } } // Create a new client from the supplied address and attempt to sync with the // cluster. var cTransport client.CancelableTransport cert, hasCert := conf["tls_cert_file"] key, hasKey := conf["tls_key_file"] ca, hasCa := conf["tls_ca_file"] if (hasCert && hasKey) || hasCa { var transportErr error tls := transport.TLSInfo{ CAFile: ca, CertFile: cert, KeyFile: key, } cTransport, transportErr = transport.NewTransport(tls, 30*time.Second) if transportErr != nil { return nil, transportErr } } else { cTransport = client.DefaultTransport } cfg := client.Config{ Endpoints: machinesParsed, Transport: cTransport, } // Set credentials. username := os.Getenv("ETCD_USERNAME") if username == "" { username, _ = conf["username"] } password := os.Getenv("ETCD_PASSWORD") if password == "" { password, _ = conf["password"] } if username != "" && password != "" { cfg.Username = username cfg.Password = password } c, err := client.New(cfg) if err != nil { return nil, err } ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout) syncErr := c.Sync(ctx) cancel() if syncErr != nil { return nil, EtcdSyncClusterError } kAPI := client.NewKeysAPI(c) // Setup the backend. return &EtcdBackend{ path: path, kAPI: kAPI, permitPool: NewPermitPool(DefaultParallelOperations), }, nil }
// newEtcdBackend constructs a etcd backend using a given machine address. func newEtcdBackend(conf map[string]string) (Backend, error) { // Get the etcd path form the configuration. path, ok := conf["path"] if !ok { path = "/vault" } // Ensure path is prefixed. if !strings.HasPrefix(path, "/") { path = "/" + path } // Set a default machines list and check for an overriding address value. machines := "http://128.0.0.1:2379" if address, ok := conf["address"]; ok { machines = address } machinesParsed := strings.Split(machines, EtcdMachineDelimiter) // Verify that the machines are valid URLs for _, machine := range machinesParsed { u, urlErr := url.Parse(machine) if urlErr != nil || u.Scheme == "" { return nil, EtcdAddressError } } // Create a new client from the supplied address and attempt to sync with the // cluster. var cTransport client.CancelableTransport cert, hasCert := conf["tls_cert_file"] key, hasKey := conf["tls_key_file"] ca, hasCa := conf["tls_ca_file"] if (hasCert && hasKey) || hasCa { var transportErr error tls := transport.TLSInfo{ CAFile: ca, CertFile: cert, KeyFile: key, } cTransport, transportErr = transport.NewTransport(tls, 30*time.Second) if transportErr != nil { return nil, transportErr } } else { cTransport = client.DefaultTransport } cfg := client.Config{ Endpoints: machinesParsed, Transport: cTransport, } // Set credentials. username := os.Getenv("ETCD_USERNAME") if username == "" { username, _ = conf["username"] } password := os.Getenv("ETCD_PASSWORD") if password == "" { password, _ = conf["password"] } if username != "" && password != "" { cfg.Username = username cfg.Password = password } c, err := client.New(cfg) if err != nil { return nil, err } // Should we sync the cluster state? There are three available options // for our client library: don't sync (required for some proxies), sync // once, or sync periodically with AutoSync. We currently support the // first two. sync, ok := conf["sync"] if !ok { sync = "yes" } switch sync { case "yes", "true", "y", "1": ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout) syncErr := c.Sync(ctx) cancel() if syncErr != nil { return nil, fmt.Errorf("%s: %s", EtcdSyncClusterError, syncErr) } case "no", "false", "n", "0": default: return nil, fmt.Errorf("value of 'sync' could not be understood") } kAPI := client.NewKeysAPI(c) // Setup the backend. return &EtcdBackend{ path: path, kAPI: kAPI, permitPool: NewPermitPool(DefaultParallelOperations), }, nil }