58 lines
1.1 KiB
Go
58 lines
1.1 KiB
Go
|
package etcd_tools
|
||
|
|
|
||
|
|
import (
|
||
|
|
"crypto/tls"
|
||
|
|
"crypto/x509"
|
||
|
|
"errors"
|
||
|
|
"time"
|
||
|
|
|
||
|
|
etcd "github.com/coreos/etcd/clientv3"
|
||
|
|
)
|
||
|
|
|
||
|
|
type EasyConfig struct {
|
||
|
|
Endpoints []string
|
||
|
|
RootCACert string
|
||
|
|
ClientCert string
|
||
|
|
ClientKey string
|
||
|
|
}
|
||
|
|
|
||
|
|
func (c EasyConfig) prepare() (etcd.Config, error) {
|
||
|
|
cert, err := tls.X509KeyPair([]byte(c.ClientCert), []byte(c.ClientKey))
|
||
|
|
if err != nil {
|
||
|
|
return etcd.Config{}, err
|
||
|
|
}
|
||
|
|
|
||
|
|
pool := x509.NewCertPool()
|
||
|
|
if !pool.AppendCertsFromPEM([]byte(c.RootCACert)) {
|
||
|
|
return etcd.Config{}, errors.New("Could not append root CA.")
|
||
|
|
}
|
||
|
|
|
||
|
|
tc := &tls.Config{}
|
||
|
|
tc.Certificates = make([]tls.Certificate, 1)
|
||
|
|
tc.Certificates[0] = cert
|
||
|
|
tc.RootCAs = pool
|
||
|
|
tc.ClientCAs = pool
|
||
|
|
tc.ClientAuth = tls.RequireAndVerifyClientCert
|
||
|
|
|
||
|
|
conn, err := tls.Dial("tcp", "168.245.146.1:2379", tc)
|
||
|
|
if err != nil {
|
||
|
|
return etcd.Config{}, err
|
||
|
|
}
|
||
|
|
defer conn.Close()
|
||
|
|
|
||
|
|
err = conn.Handshake()
|
||
|
|
if err != nil {
|
||
|
|
return etcd.Config{}, err
|
||
|
|
}
|
||
|
|
// r.TLS.ServerName = "168.245.146.1"
|
||
|
|
// r.TLS.BuildNameToCertificate()
|
||
|
|
|
||
|
|
r := etcd.Config{}
|
||
|
|
|
||
|
|
r.Endpoints = c.Endpoints
|
||
|
|
r.DialTimeout = 5 * time.Second
|
||
|
|
r.TLS = tc
|
||
|
|
|
||
|
|
return r, nil
|
||
|
|
}
|