Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitaly.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Cai <jcai@gitlab.com>2023-08-27 03:29:57 +0300
committerJohn Cai <jcai@gitlab.com>2023-08-29 00:42:17 +0300
commitfe082d3e2a0ccd10c8734e61d0254b153b36432f (patch)
treea502fa2a9d57e31209f6eee7c2e0e7101060cec4
parent9f2f30a0958bdba9fd09c194a65051c5ce7aeb01 (diff)
gitlab: Modify http client to have a cert passed in directly
Now that the TLS config knows how to retrieve a certificate, let's just pass this in directly instead of having the http client do that work.
Diffstat
-rw-r--r--internal/gitlab/client/httpclient.go13
-rw-r--r--internal/gitlab/http_client.go4
-rw-r--r--internal/praefect/server_factory.go2
3 files changed, 8 insertions, 11 deletions
diff --git a/internal/gitlab/client/httpclient.go b/internal/gitlab/client/httpclient.go
index dfa01e544..bd37de947 100644
--- a/internal/gitlab/client/httpclient.go
+++ b/internal/gitlab/client/httpclient.go
@@ -35,19 +35,16 @@ type HTTPClient struct {
}
type httpClientCfg struct {
- keyPath, certPath string
- caFile, caPath string
- cert tls.Certificate
+ caFile, caPath string
+ cert *tls.Certificate
}
-func (hcc httpClientCfg) HaveCertAndKey() bool { return hcc.keyPath != "" && hcc.certPath != "" }
-
// HTTPClientOpt provides options for configuring an HttpClient
type HTTPClientOpt func(*httpClientCfg)
// WithClientCert will configure the HttpClient to provide client certificates
// when connecting to a server.
-func WithClientCert(cert tls.Certificate) HTTPClientOpt {
+func WithClientCert(cert *tls.Certificate) HTTPClientOpt {
return func(hcc *httpClientCfg) {
hcc.cert = cert
}
@@ -155,8 +152,8 @@ func buildHTTPSTransport(hcc httpClientCfg, gitlabURL string) (*http.Transport,
MinVersion: tls.VersionTLS12,
}
- if hcc.cert.Certificate != nil {
- tlsConfig.Certificates = []tls.Certificate{hcc.cert}
+ if hcc.cert != nil {
+ tlsConfig.Certificates = []tls.Certificate{*hcc.cert}
}
transport := &http.Transport{
diff --git a/internal/gitlab/http_client.go b/internal/gitlab/http_client.go
index de91ab26a..6a1fbf642 100644
--- a/internal/gitlab/http_client.go
+++ b/internal/gitlab/http_client.go
@@ -45,11 +45,11 @@ func NewHTTPClient(
var opts []client.HTTPClientOpt
if tlsCfg.CertPath != "" && tlsCfg.KeyPath != "" ||
tlsCfg.Key != "" {
- cert, err := tlsCfg.GetCert()
+ cert, err := tlsCfg.Certificate()
if err != nil {
return nil, fmt.Errorf("getting certificate: %w", err)
}
- opts = append(opts, client.WithClientCert(cert))
+ opts = append(opts, client.WithClientCert(&cert))
}
httpClient, err := client.NewHTTPClientWithOpts(
diff --git a/internal/praefect/server_factory.go b/internal/praefect/server_factory.go
index f358da178..eae1271dd 100644
--- a/internal/praefect/server_factory.go
+++ b/internal/praefect/server_factory.go
@@ -72,7 +72,7 @@ func (s *ServerFactory) Create(secure bool) (*grpc.Server, error) {
return s.insecure[len(s.insecure)-1], nil
}
- cert, err := s.deps.Config.TLS.GetCert()
+ cert, err := s.deps.Config.TLS.Certificate()
if err != nil {
return nil, fmt.Errorf("load certificate key pair: %w", err)
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 00:52:34 +0300