mirror of https://github.com/docker/cli.git
133 lines
3.4 KiB
Go
133 lines
3.4 KiB
Go
package client
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"io/ioutil"
|
|
"time"
|
|
|
|
"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
|
|
controlapi "github.com/moby/buildkit/api/services/control"
|
|
"github.com/moby/buildkit/util/appdefaults"
|
|
opentracing "github.com/opentracing/opentracing-go"
|
|
"github.com/pkg/errors"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/credentials"
|
|
)
|
|
|
|
type Client struct {
|
|
conn *grpc.ClientConn
|
|
}
|
|
|
|
type ClientOpt interface{}
|
|
|
|
// New returns a new buildkit client. Address can be empty for the system-default address.
|
|
func New(address string, opts ...ClientOpt) (*Client, error) {
|
|
gopts := []grpc.DialOption{
|
|
grpc.WithTimeout(30 * time.Second),
|
|
grpc.WithDialer(dialer),
|
|
grpc.FailOnNonTempDialError(true),
|
|
}
|
|
needWithInsecure := true
|
|
for _, o := range opts {
|
|
if _, ok := o.(*withBlockOpt); ok {
|
|
gopts = append(gopts, grpc.WithBlock(), grpc.FailOnNonTempDialError(true))
|
|
}
|
|
if credInfo, ok := o.(*withCredentials); ok {
|
|
opt, err := loadCredentials(credInfo)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
gopts = append(gopts, opt)
|
|
needWithInsecure = false
|
|
}
|
|
if wt, ok := o.(*withTracer); ok {
|
|
gopts = append(gopts,
|
|
grpc.WithUnaryInterceptor(otgrpc.OpenTracingClientInterceptor(wt.tracer, otgrpc.LogPayloads())),
|
|
grpc.WithStreamInterceptor(otgrpc.OpenTracingStreamClientInterceptor(wt.tracer)))
|
|
}
|
|
}
|
|
if needWithInsecure {
|
|
gopts = append(gopts, grpc.WithInsecure())
|
|
}
|
|
if address == "" {
|
|
address = appdefaults.Address
|
|
}
|
|
conn, err := grpc.Dial(address, gopts...)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "failed to dial %q . make sure buildkitd is running", address)
|
|
}
|
|
c := &Client{
|
|
conn: conn,
|
|
}
|
|
return c, nil
|
|
}
|
|
|
|
func (c *Client) controlClient() controlapi.ControlClient {
|
|
return controlapi.NewControlClient(c.conn)
|
|
}
|
|
|
|
func (c *Client) Close() error {
|
|
return c.conn.Close()
|
|
}
|
|
|
|
type withBlockOpt struct{}
|
|
|
|
func WithBlock() ClientOpt {
|
|
return &withBlockOpt{}
|
|
}
|
|
|
|
type withCredentials struct {
|
|
ServerName string
|
|
CACert string
|
|
Cert string
|
|
Key string
|
|
}
|
|
|
|
// WithCredentials configures the TLS parameters of the client.
|
|
// Arguments:
|
|
// * serverName: specifies the name of the target server
|
|
// * ca: specifies the filepath of the CA certificate to use for verification
|
|
// * cert: specifies the filepath of the client certificate
|
|
// * key: specifies the filepath of the client key
|
|
func WithCredentials(serverName, ca, cert, key string) ClientOpt {
|
|
return &withCredentials{serverName, ca, cert, key}
|
|
}
|
|
|
|
func loadCredentials(opts *withCredentials) (grpc.DialOption, error) {
|
|
ca, err := ioutil.ReadFile(opts.CACert)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not read ca certificate")
|
|
}
|
|
|
|
certPool := x509.NewCertPool()
|
|
if ok := certPool.AppendCertsFromPEM(ca); !ok {
|
|
return nil, errors.New("failed to append ca certs")
|
|
}
|
|
|
|
cfg := &tls.Config{
|
|
ServerName: opts.ServerName,
|
|
RootCAs: certPool,
|
|
}
|
|
|
|
// we will produce an error if the user forgot about either cert or key if at least one is specified
|
|
if opts.Cert != "" || opts.Key != "" {
|
|
cert, err := tls.LoadX509KeyPair(opts.Cert, opts.Key)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not read certificate/key")
|
|
}
|
|
cfg.Certificates = []tls.Certificate{cert}
|
|
cfg.BuildNameToCertificate()
|
|
}
|
|
|
|
return grpc.WithTransportCredentials(credentials.NewTLS(cfg)), nil
|
|
}
|
|
|
|
func WithTracer(t opentracing.Tracer) ClientOpt {
|
|
return &withTracer{t}
|
|
}
|
|
|
|
type withTracer struct {
|
|
tracer opentracing.Tracer
|
|
}
|