GOCBC-21: Updated gocbcore to use tls.Config directly.

dlahoza · May 22, 2015 · f9dcca9 · f9dcca9
1 parent 9bd4621
commit f9dcca9
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 29 deletions.
diff --git a/cluster.go b/cluster.go
@@ -78,7 +78,14 @@ func (c *Cluster) OpenBucket(bucket, password string) (*Bucket, error) {
 		return err
 	}
 
-	cli, err := gocbcore.CreateAgent(memdHosts, httpHosts, isSslHosts, bucket, password, authFn)
+	var tlsConfig *tls.Config
+	if isSslHosts {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
+	cli, err := gocbcore.CreateAgent(memdHosts, httpHosts, tlsConfig, bucket, password, authFn)
 	if err != nil {
 		return nil, err
 	}
@@ -89,9 +96,7 @@ func (c *Cluster) OpenBucket(bucket, password string) (*Bucket, error) {
 		client:   cli,
 		httpCli: &http.Client{
 			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: true,
-				},
+				TLSClientConfig: tlsConfig,
 			},
 		},
 		transcoder: &DefaultTranscoder{},
@@ -110,15 +115,20 @@ func (c *Cluster) Manager(username, password string) *ClusterManager {
 		}
 	}
 
+	var tlsConfig *tls.Config
+	if isSslHosts {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
 	return &ClusterManager{
 		hosts:    mgmtHosts,
 		username: username,
 		password: password,
 		httpCli: &http.Client{
 			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: true,
-				},
+				TLSClientConfig: tlsConfig,
 			},
 		},
 	}
@@ -169,7 +179,14 @@ func (c *Cluster) OpenStreamingBucket(streamName, bucket, password string) (*Str
 		return err
 	}
 
-	cli, err := gocbcore.CreateDcpAgent(memdHosts, httpHosts, isSslHosts, bucket, password, authFn, streamName)
+	var tlsConfig *tls.Config
+	if isSslHosts {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
+	cli, err := gocbcore.CreateDcpAgent(memdHosts, httpHosts, tlsConfig, bucket, password, authFn, streamName)
 	if err != nil {
 		return nil, err
 	}

diff --git a/gocbcore/agent.go b/gocbcore/agent.go
@@ -11,10 +11,10 @@ import (
 // This is used internally by the higher level classes for communicating with the cluster,
 // it can also be used to perform more advanced operations with a cluster.
 type Agent struct {
-	bucket   string
-	password string
-	useSsl   bool
-	initFn   memdInitFunc
+	bucket    string
+	password  string
+	tlsConfig *tls.Config
+	initFn    memdInitFunc
 
 	routingInfo routeDataPtr
 	numVbuckets int
@@ -24,7 +24,7 @@ type Agent struct {
 
 type AuthFunc func(AuthClient) error
 
-func CreateDcpAgent(memdAddrs, httpAddrs []string, useSsl bool, bucketName, password string, authFn AuthFunc, dcpStreamName string) (*Agent, error) {
+func CreateDcpAgent(memdAddrs, httpAddrs []string, tlsConfig *tls.Config, bucketName, password string, authFn AuthFunc, dcpStreamName string) (*Agent, error) {
 	// We wrap the authorization system to force DCP channel opening
 	//   as part of the "initialization" for any servers.
 	dcpInitFn := func(pipeline *memdPipeline) error {
@@ -33,26 +33,23 @@ func CreateDcpAgent(memdAddrs, httpAddrs []string, useSsl bool, bucketName, pass
 		}
 		return doOpenDcpChannel(pipeline, dcpStreamName)
 	}
-	return createAgent(memdAddrs, httpAddrs, useSsl, bucketName, password, dcpInitFn)
+	return createAgent(memdAddrs, httpAddrs, tlsConfig, bucketName, password, dcpInitFn)
 }
 
-func CreateAgent(memdAddrs, httpAddrs []string, useSsl bool, bucketName, password string, authFn AuthFunc) (*Agent, error) {
+func CreateAgent(memdAddrs, httpAddrs []string, tlsConfig *tls.Config, bucketName, password string, authFn AuthFunc) (*Agent, error) {
 	initFn := func(pipeline *memdPipeline) error {
 		return authFn(&authClient{pipeline})
 	}
-	return createAgent(memdAddrs, httpAddrs, useSsl, bucketName, password, initFn)
+	return createAgent(memdAddrs, httpAddrs, tlsConfig, bucketName, password, initFn)
 }
 
-func createAgent(memdAddrs, httpAddrs []string, useSsl bool, bucketName, password string, initFn memdInitFunc) (*Agent, error) {
-	tlsc := &tls.Config{
-		InsecureSkipVerify: true,
-	}
+func createAgent(memdAddrs, httpAddrs []string, tlsConfig *tls.Config, bucketName, password string, initFn memdInitFunc) (*Agent, error) {
 	c := &Agent{
-		bucket:   bucketName,
-		password: password,
-		useSsl:   useSsl,
-		initFn:   initFn,
-		httpCli:  &http.Client{Transport: &http.Transport{TLSClientConfig: tlsc}},
+		bucket:    bucketName,
+		password:  password,
+		tlsConfig: tlsConfig,
+		initFn:    initFn,
+		httpCli:   &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}},
 	}
 	if err := c.connect(memdAddrs, httpAddrs); err != nil {
 		return nil, err
@@ -117,7 +114,7 @@ func (c *Agent) connect(memdAddrs, httpAddrs []string) error {
 			servers: []*memdPipeline{srv},
 		})
 
-		routeCfg := buildRouteConfig(bk, c.useSsl)
+		routeCfg := buildRouteConfig(bk, c.IsSecure())
 		c.numVbuckets = len(routeCfg.vbMap)
 		c.applyConfig(routeCfg)
 
@@ -130,7 +127,7 @@ func (c *Agent) connect(memdAddrs, httpAddrs []string) error {
 
 	var epList []string
 	for _, hostPort := range httpAddrs {
-		if !c.useSsl {
+		if !c.IsSecure() {
 			epList = append(epList, fmt.Sprintf("http://%s", hostPort))
 		} else {
 			epList = append(epList, fmt.Sprintf("https://%s", hostPort))
@@ -153,7 +150,7 @@ func (c *Agent) connect(memdAddrs, httpAddrs []string) error {
 		return err
 	}
 
-	routeCfg := buildRouteConfig(bk, c.useSsl)
+	routeCfg := buildRouteConfig(bk, c.IsSecure())
 	c.numVbuckets = len(routeCfg.vbMap)
 	c.applyConfig(routeCfg)
 
@@ -167,6 +164,10 @@ func (agent *Agent) CloseTest() {
 	}
 }
 
+func (c *Agent) IsSecure() bool {
+	return c.tlsConfig != nil
+}
+
 func (c *Agent) KeyToVbucket(key []byte) uint16 {
 	return uint16(cbCrc(key) % uint32(c.NumVbuckets()))
 }

diff --git a/gocbcore/agentrouting.go b/gocbcore/agentrouting.go
@@ -294,7 +294,7 @@ func (agent *Agent) updateConfig(bk *cfgBucket) {
 		agent.applyConfig(oldRouting.source)
 	} else {
 		// Normalize the cfgBucket to a routeConfig and apply it.
-		routeCfg := buildRouteConfig(bk, agent.useSsl)
+		routeCfg := buildRouteConfig(bk, agent.IsSecure())
 		agent.applyConfig(routeCfg)
 	}
 }