feat: support to ory hydra running in secure mode (#62)
This commit is contained in:
fjvierap
GitHub
38
helpers/http_client.go
Normal file
38
helpers/http_client.go
Normal file
@ -0,0 +1,38 @@
|
||||
package helpers
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net/http"
|
||||
"os"
|
||||
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
|
||||
httptransport "github.com/go-openapi/runtime/client"
|
||||
)
|
||||
|
||||
func CreateHttpClient(insecureSkipVerify bool, tlsTrustStore string) (*http.Client, error) {
|
||||
setupLog := ctrl.Log.WithName("setup")
|
||||
tr := &http.Transport{}
|
||||
httpClient := &http.Client{}
|
||||
if insecureSkipVerify {
|
||||
setupLog.Info("configuring TLS with InsecureSkipVerify")
|
||||
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
httpClient.Transport = tr
|
||||
}
|
||||
if tlsTrustStore != "" {
|
||||
if _, err := os.Stat(tlsTrustStore); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
setupLog.Info("configuring TLS with tlsTrustStore")
|
||||
ops := httptransport.TLSClientOptions{
|
||||
CA: tlsTrustStore,
|
||||
InsecureSkipVerify: insecureSkipVerify,
|
||||
}
|
||||
if tlsClient, err := httptransport.TLSClient(ops); err != nil {
|
||||
setupLog.Error(err, "Error while getting TLSClient, default http client will be used")
|
||||
return tlsClient, nil
|
||||
}
|
||||
}
|
||||
return httpClient, nil
|
||||
}
|
||||
41
helpers/http_client_test.go
Normal file
41
helpers/http_client_test.go
Normal file
@ -0,0 +1,41 @@
|
||||
package helpers_test
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/ory/hydra-maester/helpers"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestCreateHttpClient(t *testing.T) {
|
||||
t.Run("should create insecureSkipVerify client", func(t *testing.T) {
|
||||
client, err := helpers.CreateHttpClient(true, "")
|
||||
require.NotNil(t, client)
|
||||
require.Nil(t, err)
|
||||
})
|
||||
|
||||
t.Run("should create client with and tlsTrustStore", func(t *testing.T) {
|
||||
file, err := ioutil.TempFile("/tmp", "test")
|
||||
require.Nil(t, err)
|
||||
client, err := helpers.CreateHttpClient(true, file.Name())
|
||||
defer os.Remove(file.Name())
|
||||
require.NotNil(t, client)
|
||||
require.Nil(t, err)
|
||||
})
|
||||
|
||||
t.Run("should not create client with and wrong tlsTrustStore", func(t *testing.T) {
|
||||
client, err := helpers.CreateHttpClient(true, "/somefile")
|
||||
require.Nil(t, client)
|
||||
require.NotNil(t, err)
|
||||
require.Equal(t, err.Error(), "stat /somefile: no such file or directory")
|
||||
})
|
||||
|
||||
t.Run("should create client without and tlsTrustStore", func(t *testing.T) {
|
||||
client, err := helpers.CreateHttpClient(true, "")
|
||||
require.NotNil(t, client)
|
||||
require.Nil(t, err)
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user