Load X509 cert on client creation (#112)
* load X509 cert on client creation
* remove unnecessary comments
* resolve comments
diff --git a/whisk/action.go b/whisk/action.go
index c1e06ea..254c45c 100644
--- a/whisk/action.go
+++ b/whisk/action.go
@@ -213,7 +213,7 @@
req, err := s.client.NewRequest("PUT", route, action, IncludeNamespaceInUrl)
if err != nil {
- Debug(DbgError, "http.NewRequest(PUT, %s, %#v) error: '%s'\n", route, err, action)
+ Debug(DbgError, "http.NewRequest(PUT, %s, %#v) error: '%s'\n", route, action, err)
errMsg := wski18n.T("Unable to create HTTP request for PUT '{{.route}}': {{.err}}",
map[string]interface{}{"route": route, "err": err})
whiskErr := MakeWskErrorFromWskError(errors.New(errMsg), err, EXIT_CODE_ERR_NETWORK, DISPLAY_MSG,
diff --git a/whisk/client.go b/whisk/client.go
index cbedf83..79dda39 100644
--- a/whisk/client.go
+++ b/whisk/client.go
@@ -24,7 +24,6 @@
"encoding/json"
"errors"
"fmt"
- "github.com/apache/incubator-openwhisk-client-go/wski18n"
"io"
"io/ioutil"
"net"
@@ -35,6 +34,8 @@
"runtime"
"strings"
"time"
+
+ "github.com/apache/incubator-openwhisk-client-go/wski18n"
)
const (
@@ -111,10 +112,15 @@
},
}
-func NewClient(httpClient *http.Client, config_input *Config) (*Client, error) {
+// NewClient creates a new whisk client with the provided http client and whisk configuration.
+//
+// A new http.Transport will be created when client cert or TLS insecure options are set.
+// If one use custom tranport and want to keep it intact, please opt out TLS related fields
+// in configInput and construct TLS conguration in the custom transport.
+func NewClient(httpClient *http.Client, configInput *Config) (*Client, error) {
var config *Config
- if config_input == nil {
+ if configInput == nil {
defaultConfig, err := GetDefaultConfig()
if err != nil {
return nil, err
@@ -122,7 +128,7 @@
config = defaultConfig
}
} else {
- config = config_input
+ config = configInput
}
if httpClient == nil {
@@ -138,7 +144,7 @@
} else if config.BaseURL == nil {
config.BaseURL, err = GetUrlBase(config.Host)
if err != nil {
- Debug(DbgError, "Unable to create request URL, because the api host %s is invalid\n", config.Host, err)
+ Debug(DbgError, "Unable to create request URL, because the api host %s is invalid: %s\n", config.Host, err)
errStr = wski18n.T("Unable to create request URL, because the api host '{{.host}}' is invalid: {{.err}}",
map[string]interface{}{"host": config.Host, "err": err})
}
@@ -176,6 +182,11 @@
c.Info = &InfoService{client: c}
c.Apis = &ApiService{client: c}
+ werr := c.LoadX509KeyPair()
+ if werr != nil {
+ return nil, werr
+ }
+
return c, nil
}
@@ -214,19 +225,26 @@
}
}
- // Use the defaultTransport as the transport basis to maintain proxy support
- c.client.Transport = &http.Transport{
- Proxy: http.ProxyFromEnvironment,
- DialContext: (&net.Dialer{
- Timeout: 30 * time.Second,
- KeepAlive: 30 * time.Second,
- DualStack: true,
- }).DialContext,
- MaxIdleConns: 100,
- IdleConnTimeout: 90 * time.Second,
- TLSHandshakeTimeout: 10 * time.Second,
- ExpectContinueTimeout: 1 * time.Second,
- TLSClientConfig: tlsConfig,
+ // Only replace the existing transport when a custom TLS configuration is needed
+ if tlsConfig.InsecureSkipVerify || tlsConfig.Certificates != nil {
+ if c.client.Transport != nil {
+ warningStr := "The provided http.Transport is replaced to match the TLS configuration. Custom transport cannot coexist with nondefault TLS configuration"
+ Debug(DbgWarn, warningStr)
+ }
+ // Use the defaultTransport as the transport basis to maintain proxy support
+ c.client.Transport = &http.Transport{
+ Proxy: http.ProxyFromEnvironment,
+ DialContext: (&net.Dialer{
+ Timeout: 30 * time.Second,
+ KeepAlive: 30 * time.Second,
+ DualStack: true,
+ }).DialContext,
+ MaxIdleConns: 100,
+ IdleConnTimeout: 90 * time.Second,
+ TLSHandshakeTimeout: 10 * time.Second,
+ ExpectContinueTimeout: 1 * time.Second,
+ TLSClientConfig: tlsConfig,
+ }
}
return nil
@@ -241,11 +259,6 @@
///////////////////////////////
func (c *Client) NewRequest(method, urlStr string, body interface{}, includeNamespaceInUrl bool) (*http.Request, error) {
- werr := c.LoadX509KeyPair()
- if werr != nil {
- return nil, werr
- }
-
if includeNamespaceInUrl {
if c.Config.Namespace != "" {
urlStr = fmt.Sprintf("%s/namespaces/%s/%s", c.Config.Version, c.Config.Namespace, urlStr)
@@ -705,10 +718,6 @@
useAuthentication bool) (*http.Request, error) {
var requestUrl *url.URL
var err error
- error := c.LoadX509KeyPair()
- if error != nil {
- return nil, error
- }
if appendOpenWhiskPath {
var urlVerNamespaceStr string
diff --git a/whisk/info.go b/whisk/info.go
index 939412f..1cc9179 100644
--- a/whisk/info.go
+++ b/whisk/info.go
@@ -38,10 +38,6 @@
func (s *InfoService) Get() (*Info, *http.Response, error) {
// make a request to c.BaseURL / v1
- err := s.client.LoadX509KeyPair()
- if err != nil {
- return nil, nil, err
- }
urlStr := fmt.Sprintf("%s/%s", s.client.BaseURL.String(), s.client.Config.Version)
u, err := url.Parse(urlStr)
if err != nil {
diff --git a/whisk/sdk.go b/whisk/sdk.go
index 06743b1..dae850d 100644
--- a/whisk/sdk.go
+++ b/whisk/sdk.go
@@ -39,10 +39,6 @@
// Install artifact {component = docker || swift || iOS}
func (s *SdkService) Install(relFileUrl string) (*http.Response, error) {
- err := s.client.LoadX509KeyPair()
- if err != nil {
- return nil, err
- }
baseURL := s.client.Config.BaseURL
// Remove everything but the scheme, host, and port
baseURL.Path, baseURL.RawQuery, baseURL.Fragment = "", "", ""