func (c *PreparerConfig) getClient(
cxnTimeout time.Duration,
insecureSkipVerify bool,
) (*http.Client, error) {
tlsConfig, err := netutil.GetTLSConfig(c.CertFile, c.KeyFile, c.CAFile)
if err != nil {
return nil, err
}
tlsConfig.InsecureSkipVerify = insecureSkipVerify
transport := &http.Transport{
TLSClientConfig: tlsConfig,
// same dialer as http.DefaultTransport
Dial: (&net.Dialer{
Timeout: cxnTimeout,
KeepAlive: cxnTimeout,
}).Dial,
}
if c.HTTP2 {
if err = http2.ConfigureTransport(transport); err != nil {
return nil, err
}
} else {
// Disable http2 - as the docs for http.Transport tell us,
// "If TLSNextProto is nil, HTTP/2 support is enabled automatically."
// as the Go 1.6 release notes tell us,
// "Programs that must disable HTTP/2 can do so by setting Transport.TLSNextProto
// to a non-nil, empty map."
transport.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{}
}
return &http.Client{Transport: transport}, nil
}
func ParseWithConsulOptions() (string, kp.Options) {
url := kingpin.Flag("consul", "The hostname and port of a consul agent in the p2 cluster. Defaults to 0.0.0.0:8500.").String()
token := kingpin.Flag("token", "The consul ACL token to use. Empty by default.").String()
tokenFile := kingpin.Flag("token-file", "The file containing the Consul ACL token").ExistingFile()
headers := kingpin.Flag("header", "An HTTP header to add to requests, in KEY=VALUE form. Can be specified multiple times.").StringMap()
https := kingpin.Flag("https", "Use HTTPS").Bool()
wait := kingpin.Flag("wait", "Maximum duration for Consul watches, before resetting and starting again.").Default("30s").Duration()
caFile := kingpin.Flag("tls-ca-file", "File containing the x509 PEM-encoded CA ").ExistingFile()
keyFile := kingpin.Flag("tls-key-file", "File containing the x509 PEM-encoded private key").ExistingFile()
certFile := kingpin.Flag("tls-cert-file", "File containing the x509 PEM-encoded public key certificate").ExistingFile()
cmd := kingpin.Parse()
if *tokenFile != "" {
tokenBytes, err := ioutil.ReadFile(*tokenFile)
if err != nil {
log.Fatalln(err)
}
*token = string(tokenBytes)
}
var transport http.RoundTripper
if *caFile != "" || *keyFile != "" || *certFile != "" {
tlsConfig, err := netutil.GetTLSConfig(*certFile, *keyFile, *caFile)
if err != nil {
log.Fatalln(err)
}
transport = &http.Transport{
TLSClientConfig: tlsConfig,
// same dialer as http.DefaultTransport
Dial: (&net.Dialer{
Timeout: http.DefaultClient.Timeout,
KeepAlive: http.DefaultClient.Timeout,
}).Dial,
}
} else {
transport = http.DefaultTransport
}
return cmd, kp.Options{
Address: *url,
Token: *token,
Client: netutil.NewHeaderClient(*headers, transport),
HTTPS: *https,
WaitTime: *wait,
}
}
func ParseWithConsulOptions() (string, kp.Options, labels.ApplicatorWithoutWatches) {
consulURL := kingpin.Flag("consul", "The hostname and port of a consul agent in the p2 cluster. Defaults to 0.0.0.0:8500.").String()
httpApplicatorURL := kingpin.Flag("http-applicator-url", "The URL of an labels.httpApplicator target, including the protocol and port. For example, https://consul-server.io:9999").URL()
token := kingpin.Flag("token", "The consul ACL token to use. Empty by default.").String()
tokenFile := kingpin.Flag("token-file", "The file containing the Consul ACL token").ExistingFile()
headers := kingpin.Flag("header", "An HTTP header to add to requests, in KEY=VALUE form. Can be specified multiple times.").StringMap()
https := kingpin.Flag("https", "Use HTTPS").Bool()
wait := kingpin.Flag("wait", "Maximum duration for Consul watches, before resetting and starting again.").Default("30s").Duration()
caFile := kingpin.Flag("tls-ca-file", "File containing the x509 PEM-encoded CA ").ExistingFile()
keyFile := kingpin.Flag("tls-key-file", "File containing the x509 PEM-encoded private key").ExistingFile()
certFile := kingpin.Flag("tls-cert-file", "File containing the x509 PEM-encoded public key certificate").ExistingFile()
cmd := kingpin.Parse()
if *tokenFile != "" {
tokenBytes, err := ioutil.ReadFile(*tokenFile)
if err != nil {
log.Fatalln(err)
}
*token = string(tokenBytes)
}
var transport http.RoundTripper
if *caFile != "" || *keyFile != "" || *certFile != "" {
tlsConfig, err := netutil.GetTLSConfig(*certFile, *keyFile, *caFile)
if err != nil {
log.Fatalln(err)
}
transport = &http.Transport{
TLSClientConfig: tlsConfig,
// same dialer as http.DefaultTransport
Dial: (&net.Dialer{
Timeout: http.DefaultClient.Timeout,
KeepAlive: http.DefaultClient.Timeout,
}).Dial,
}
} else {
transport = http.DefaultTransport
}
httpClient := netutil.NewHeaderClient(*headers, transport)
kpOpts := kp.Options{
Address: *consulURL,
Token: *token,
Client: httpClient,
HTTPS: *https,
WaitTime: *wait,
}
var applicator labels.ApplicatorWithoutWatches
var err error
if *httpApplicatorURL != nil {
applicator, err = labels.NewHTTPApplicator(httpClient, *httpApplicatorURL)
if err != nil {
log.Fatalln(err)
}
} else {
applicator = labels.NewConsulApplicator(kp.NewConsulClient(kpOpts), 0)
}
return cmd, kpOpts, applicator
}