|
15 | 15 | package client |
16 | 16 |
|
17 | 17 | import ( |
| 18 | + "crypto/tls" |
| 19 | + "crypto/x509" |
18 | 20 | "fmt" |
| 21 | + "io/ioutil" |
19 | 22 | "net" |
| 23 | + "net/http" |
| 24 | + "net/url" |
| 25 | + "os" |
20 | 26 | "sort" |
21 | 27 | "strings" |
22 | 28 | "time" |
@@ -145,6 +151,52 @@ func New(cfg *Config) (Interface, error) { |
145 | 151 | opts = append(opts, baremetal.PrivateKeyPassword(cfg.Auth.PrivateKeyPassphrase)) |
146 | 152 | } |
147 | 153 |
|
| 154 | + // Handles the case where we want to talk to OCI via a proxy. |
| 155 | + ociProxy := os.Getenv("OCI_PROXY") |
| 156 | + trustedCACertPath := os.Getenv("TRUSTED_CA_CERT_PATH") |
| 157 | + if ociProxy != "" || trustedCACertPath != "" { |
| 158 | + transport := http.Transport{ |
| 159 | + DialContext: (&net.Dialer{ |
| 160 | + Timeout: 30 * time.Second, |
| 161 | + KeepAlive: 30 * time.Second, |
| 162 | + DualStack: true, |
| 163 | + }).DialContext, |
| 164 | + MaxIdleConns: 100, |
| 165 | + IdleConnTimeout: 90 * time.Second, |
| 166 | + TLSHandshakeTimeout: 10 * time.Second, |
| 167 | + ExpectContinueTimeout: 1 * time.Second, |
| 168 | + } |
| 169 | + |
| 170 | + if ociProxy != "" { |
| 171 | + glog.Infof("using OCI proxy server: %s", ociProxy) |
| 172 | + proxyURL, err := url.Parse(ociProxy) |
| 173 | + if err != nil { |
| 174 | + return nil, fmt.Errorf("failed to parse OCI proxy url: %s, err: %v", ociProxy, err) |
| 175 | + } |
| 176 | + transport.Proxy = func(req *http.Request) (*url.URL, error) { |
| 177 | + return proxyURL, nil |
| 178 | + } |
| 179 | + } |
| 180 | + |
| 181 | + if trustedCACertPath != "" { |
| 182 | + glog.Infof("configuring OCI client with a new trusted ca: %s", trustedCACertPath) |
| 183 | + trustedCACert, err := ioutil.ReadFile(trustedCACertPath) |
| 184 | + if err != nil { |
| 185 | + return nil, fmt.Errorf("failed to read root certificate: %s, err: %v", trustedCACertPath, err) |
| 186 | + } |
| 187 | + caCertPool := x509.NewCertPool() |
| 188 | + ok := caCertPool.AppendCertsFromPEM(trustedCACert) |
| 189 | + if !ok { |
| 190 | + return nil, fmt.Errorf("failed to parse root certificate: %s", trustedCACertPath) |
| 191 | + } |
| 192 | + transport.TLSClientConfig = &tls.Config{RootCAs: caCertPool} |
| 193 | + } |
| 194 | + |
| 195 | + opts = append(opts, func(o *baremetal.NewClientOptions) { |
| 196 | + o.Transport = &transport |
| 197 | + }) |
| 198 | + } |
| 199 | + |
148 | 200 | ociClient, err := baremetal.NewClient( |
149 | 201 | cfg.Auth.UserOCID, |
150 | 202 | cfg.Auth.TenancyOCID, |
|
0 commit comments