1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
package incus
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
"net/url"
"strings"
"time"
"github.com/lxc/incus/v6/shared/proxy"
localtls "github.com/lxc/incus/v6/shared/tls"
)
// tlsHTTPClient creates an HTTP client with a specified Transport Layer Security (TLS) configuration.
// It takes in parameters for client certificates, keys, Certificate Authority, server certificates,
// a boolean for skipping verification, a proxy function, and a transport wrapper function.
// It returns the HTTP client with the provided configurations and handles any errors that might occur during the setup process.
func tlsHTTPClient(client *http.Client, tlsClientCert string, tlsClientKey string, tlsCA string, tlsServerCert string, insecureSkipVerify bool, proxyFunc func(req *http.Request) (*url.URL, error), transportWrapper func(t *http.Transport) HTTPTransporter) (*http.Client, error) {
// Get the TLS configuration
tlsConfig, err := localtls.GetTLSConfigMem(tlsClientCert, tlsClientKey, tlsCA, tlsServerCert, insecureSkipVerify)
if err != nil {
return nil, err
}
// Define the http transport
transport := &http.Transport{
TLSClientConfig: tlsConfig,
Proxy: proxy.FromEnvironment,
DisableKeepAlives: true,
ExpectContinueTimeout: time.Second * 30,
ResponseHeaderTimeout: time.Second * 3600,
TLSHandshakeTimeout: time.Second * 5,
}
// Allow overriding the proxy
if proxyFunc != nil {
transport.Proxy = proxyFunc
}
// Special TLS handling
transport.DialTLSContext = func(ctx context.Context, network string, addr string) (net.Conn, error) {
tlsDial := func(network string, addr string, config *tls.Config, resetName bool) (net.Conn, error) {
conn, err := localtls.RFC3493Dialer(ctx, network, addr)
if err != nil {
return nil, err
}
// Setup TLS
if resetName {
hostName, _, err := net.SplitHostPort(addr)
if err != nil {
hostName = addr
}
config = config.Clone()
config.ServerName = hostName
}
tlsConn := tls.Client(conn, config)
// Validate the connection
err = tlsConn.Handshake()
if err != nil {
_ = conn.Close()
return nil, err
}
if !config.InsecureSkipVerify {
err := tlsConn.VerifyHostname(config.ServerName)
if err != nil {
_ = conn.Close()
return nil, err
}
}
return tlsConn, nil
}
conn, err := tlsDial(network, addr, transport.TLSClientConfig, false)
if err != nil {
// We may have gotten redirected to a non-Incus machine
return tlsDial(network, addr, transport.TLSClientConfig, true)
}
return conn, nil
}
// Define the http client
if client == nil {
client = &http.Client{}
}
if transportWrapper != nil {
client.Transport = transportWrapper(transport)
} else {
client.Transport = transport
}
// Setup redirect policy
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
// Replicate the headers
req.Header = via[len(via)-1].Header
return nil
}
return client, nil
}
// unixHTTPClient creates an HTTP client that communicates over a Unix socket.
// It takes in the connection arguments and the Unix socket path as parameters.
// The function sets up a Unix socket dialer, configures the HTTP transport, and returns the HTTP client with the specified configurations.
// Any errors encountered during the setup process are also handled by the function.
func unixHTTPClient(args *ConnectionArgs, path string) (*http.Client, error) {
// Setup a Unix socket dialer
unixDial := func(_ context.Context, _ string, _ string) (net.Conn, error) {
raddr, err := net.ResolveUnixAddr("unix", path)
if err != nil {
return nil, err
}
return net.DialUnix("unix", nil, raddr)
}
if args == nil {
args = &ConnectionArgs{}
}
// Define the http transport
transport := &http.Transport{
DialContext: unixDial,
DisableKeepAlives: true,
Proxy: args.Proxy,
ExpectContinueTimeout: time.Second * 30,
ResponseHeaderTimeout: time.Second * 3600,
TLSHandshakeTimeout: time.Second * 5,
}
// Define the http client
client := args.HTTPClient
if client == nil {
client = &http.Client{}
}
client.Transport = transport
// Setup redirect policy
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
// Replicate the headers
req.Header = via[len(via)-1].Header
return nil
}
return client, nil
}
// remoteOperationResult used for storing the error that occurred for a particular remote URL.
type remoteOperationResult struct {
URL string
Error error
}
func remoteOperationError(msg string, errorOperationResults []remoteOperationResult) error {
// Check if empty
if len(errorOperationResults) == 0 {
return nil
}
// Check if all identical
var err error
for _, entry := range errorOperationResults {
if err != nil && entry.Error.Error() != err.Error() {
errorStrings := make([]string, 0, len(errorOperationResults))
for _, operationResult := range errorOperationResults {
errorStrings = append(errorStrings, fmt.Sprintf("%s: %v", operationResult.URL, operationResult.Error))
}
return fmt.Errorf("%s:\n - %s", msg, strings.Join(errorStrings, "\n - "))
}
err = entry.Error
}
// Check if successful
if err != nil {
return fmt.Errorf("%s: %w", msg, err)
}
return nil
}
// Set the value of a query parameter in the given URI.
func setQueryParam(uri, param, value string) (string, error) {
fields, err := url.Parse(uri)
if err != nil {
return "", err
}
values := fields.Query()
values.Set(param, url.QueryEscape(value))
fields.RawQuery = values.Encode()
return fields.String(), nil
}
// urlsToResourceNames returns a list of resource names extracted from one or more URLs of the same resource type.
// The resource type path prefix to match is provided by the matchPathPrefix argument.
func urlsToResourceNames(matchPathPrefix string, urls ...string) ([]string, error) {
resourceNames := make([]string, 0, len(urls))
for _, urlRaw := range urls {
u, err := url.Parse(urlRaw)
if err != nil {
return nil, fmt.Errorf("Failed parsing URL %q: %w", urlRaw, err)
}
_, after, found := strings.Cut(u.Path, fmt.Sprintf("%s/", matchPathPrefix))
if !found {
return nil, fmt.Errorf("Unexpected URL path %q", u)
}
resourceNames = append(resourceNames, after)
}
return resourceNames, nil
}
// parseFilters translates filters passed at client side to form acceptable by server-side API.
func parseFilters(filters []string) string {
var result []string
for _, filter := range filters {
if strings.Contains(filter, "=") {
membs := strings.SplitN(filter, "=", 2)
result = append(result, fmt.Sprintf("%s eq %s", membs[0], membs[1]))
}
}
return strings.Join(result, " and ")
}
// HTTPTransporter represents a wrapper around *http.Transport.
// It is used to add some pre and postprocessing logic to http requests / responses.
type HTTPTransporter interface {
http.RoundTripper
// Transport what this struct wraps
Transport() *http.Transport
}
|
