diff --git a/examples/certs/47616032_www.example.com.cert b/examples/certs/47616032_www.example.com.cert new file mode 100644 index 0000000..a22c21c --- /dev/null +++ b/examples/certs/47616032_www.example.com.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAe+gAwIBAgIJAMGwBqbVVuf2MA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV +BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNzEyMDgxODA5MDVaFw0yNzEyMDYxODA5 +MDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALnspH4XEd++6VoBuayG3MsO/8bx4Jcb65mdLhGNZlNw +/SrItomPwouFgaUNucbKEiYQyUyvPPePUgyre3FgSGO4vYUauyBrfoplUJLBXd0U +r7NYgOEGo6H48jm2xEFGMNk6Cr31shDPk8sl/JuEb4Y2k3+UazVdKzMQ4AY9hZIu +xZf3F2R9Xj7PhYE2CEW3wQl4o2zIosmiTH9isR7qPCnrio0RLpTDkx+yTEXvTWDB +pOWNb3Kro8cAVXeC/vuRUk8qSYvXJJlCrN6D8dREVQ8W53tQ+EaOKQWaUxm10RM+ +Z/Bcgj0XYpl/idcTgUDhKdr9CqI7XOAx65H7H5gNa4kCAwEAAaNQME4wHQYDVR0O +BBYEFJStrdJ/3t0MqwTOu6MqIAUpC0LQMB8GA1UdIwQYMBaAFJStrdJ/3t0MqwTO +u6MqIAUpC0LQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIJ8dkgg +ljxOI9tUrLQ0wvD03pHKLntZy20Wjq5OBBj5sUbf6d/ufSv9K/MOMdT9mQzLBKG4 +OKstt93fOtrQLW8hA5llut0Rwa9g48l4KYQ8Ewa+vUIsoBiLPkbPpvX6chZG+HyJ +v5b3fmBGBW0hwjLpfjHCSDavNqdAvoW527r75klBmBqiY8ErIa7UemHkDI0Nf/86 +CtWAEu/4bf7TMqKDvoXT5glkefjD2CZe0326UtQ0TJ/pXZvHOBzOVR1dzmBIVq9a +b66CuO98jjWE/yDy7nfoFj7l93hxTpCnsJd9Q/utGg05wDqg90W9716OzMKRpGlH +OWUrUgv5a+4mM3I= +-----END CERTIFICATE----- diff --git a/realis.go b/realis.go index a1b3b6c..c234eb9 100644 --- a/realis.go +++ b/realis.go @@ -84,7 +84,7 @@ type RealisConfig struct { transport thrift.TTransport protoFactory thrift.TProtocolFactory logger Logger - Insecure bool + InsecureSkipVerify bool certspath string } @@ -160,6 +160,17 @@ func BackOff(b *Backoff) ClientOption { } } +func InsecureSkipVerify(InsecureSkipVerify bool) ClientOption { + return func(config *RealisConfig) { + config.InsecureSkipVerify = InsecureSkipVerify + } +} + +func Certspath(certspath string) ClientOption { + return func(config *RealisConfig) { + config.certspath = certspath + } +} // Using the word set to avoid name collision with Interface func SetLogger(l Logger) ClientOption { @@ -265,7 +276,6 @@ func NewRealisClient(options ...ClientOption) (Realis, error) { } - // Jitter returns a time.Duration between duration and duration + maxFactor * // duration. // @@ -279,7 +289,6 @@ func Jitter(duration time.Duration, maxFactor float64) time.Duration { return wait } - func GetDefaultClusterFromZKUrl(zkurl string) *Cluster { return &Cluster{Name: "defaultCluster", AuthMechanism: "UNAUTHENTICATED", @@ -290,7 +299,7 @@ func GetDefaultClusterFromZKUrl(zkurl string) *Cluster { } } -func getcerts(certpath string) (*x509.CertPool, error) { +func Getcerts(certpath string) (*x509.CertPool, error) { globalRootCAs := x509.NewCertPool() caFiles, err := ioutil.ReadDir(certpath) if err != nil { @@ -315,12 +324,12 @@ func defaultTTransport(urlstr string, timeoutms int, config *RealisConfig) (thri } var transport http.Transport if config != nil { - var tlsConfig *tls.Config - if config.Insecure { - tlsConfig = &tls.Config{InsecureSkipVerify: true} + tlsConfig:= &tls.Config{} + if config.InsecureSkipVerify { + tlsConfig.InsecureSkipVerify = true } if config.certspath != "" { - rootCAs, err := getcerts(config.certspath) + rootCAs, err := Getcerts(config.certspath) if err != nil { fmt.Println("error occured couldn't fetch certs") return nil, err @@ -344,8 +353,6 @@ func defaultTTransport(urlstr string, timeoutms int, config *RealisConfig) (thri return trans, nil } - - // Create a default configuration of the transport layer, requires a URL to test connection with. // Uses HTTP Post as transport layer and Thrift JSON as the wire protocol by default. func newDefaultConfig(url string, timeoutms int, config *RealisConfig) (*RealisConfig, error) { @@ -392,15 +399,6 @@ func AddBasicAuth(config *RealisConfig, username string, password string) { httpTrans.SetHeader("Authorization", "Basic "+basicAuth(username, password)) } -// -func Secure(config *RealisConfig, insecure bool) { - config.Insecure = insecure -} - -func Certpath(config *RealisConfig, certspath string) { - config.certspath = certspath -} - func basicAuth(username, password string) string { auth := username + ":" + password return base64.StdEncoding.EncodeToString([]byte(auth)) diff --git a/realis_e2e_test.go b/realis_e2e_test.go index 82b339a..0371f9a 100644 --- a/realis_e2e_test.go +++ b/realis_e2e_test.go @@ -16,13 +16,14 @@ package realis_test import ( "fmt" - "github.com/paypal/gorealis" - "github.com/paypal/gorealis/gen-go/apache/aurora" - "github.com/stretchr/testify/assert" "io/ioutil" "os" "testing" "time" + + "github.com/paypal/gorealis" + "github.com/paypal/gorealis/gen-go/apache/aurora" + "github.com/stretchr/testify/assert" ) var r realis.Realis @@ -63,6 +64,13 @@ func TestLeaderFromZK(t *testing.T) { assert.Equal(t, url, "http://aurora.local:8081") } +func TestGetCacerts(t *testing.T) { + certs, err := realis.Getcerts("./examples/certs") + assert.NoError(t, err) + assert.Equal(t, len(certs.Subjects()), 1) + +} + func TestRealisClient_CreateJob_Thermos(t *testing.T) { job := realis.NewJob().