mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-24 14:01:16 +02:00
951904554e
Update Go to 1.22.2, update Go modules to resolve [HTTP/2 issue](https://www.kb.cert.org/vuls/id/421644). Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
48 lines
1.2 KiB
Go
48 lines
1.2 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package basic
|
|
|
|
import (
|
|
"crypto/tls"
|
|
stdx509 "crypto/x509"
|
|
|
|
"github.com/siderolabs/crypto/x509"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/credentials"
|
|
)
|
|
|
|
// Credentials describes an authorization method.
|
|
type Credentials interface {
|
|
credentials.PerRPCCredentials
|
|
|
|
UnaryInterceptor() grpc.UnaryServerInterceptor
|
|
}
|
|
|
|
// NewConnection initializes a grpc.ClientConn configured for basic
|
|
// authentication.
|
|
func NewConnection(address string, creds credentials.PerRPCCredentials, ca *x509.PEMEncodedCertificateAndKey) (conn *grpc.ClientConn, err error) {
|
|
tlsConfig := &tls.Config{}
|
|
|
|
if ca == nil {
|
|
tlsConfig.InsecureSkipVerify = true
|
|
} else {
|
|
tlsConfig.RootCAs = stdx509.NewCertPool()
|
|
tlsConfig.RootCAs.AppendCertsFromPEM(ca.Crt)
|
|
}
|
|
|
|
grpcOpts := []grpc.DialOption{
|
|
grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
|
|
grpc.WithPerRPCCredentials(creds),
|
|
grpc.WithSharedWriteBuffer(true),
|
|
}
|
|
|
|
conn, err = grpc.NewClient(address, grpcOpts...)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
return conn, nil
|
|
}
|