@@ -16,8 +16,14 @@ package client
16
16
17
17
import (
18
18
"context"
19
+ "crypto/tls"
20
+ "crypto/x509"
19
21
"fmt"
22
+ "io/ioutil"
20
23
"log"
24
+ "net"
25
+ "net/http"
26
+ "net/url"
21
27
"os"
22
28
"strings"
23
29
"time"
@@ -91,10 +97,20 @@ func New(configPath string) (Interface, error) {
91
97
if err != nil {
92
98
return nil , err
93
99
}
100
+ err = configureCustomTransport (& computeClient .BaseClient )
101
+ if err != nil {
102
+ return nil , err
103
+ }
104
+
94
105
virtualNetworkClient , err := core .NewVirtualNetworkClientWithConfigurationProvider (configProvider )
95
106
if err != nil {
96
107
return nil , err
97
108
}
109
+ err = configureCustomTransport (& virtualNetworkClient .BaseClient )
110
+ if err != nil {
111
+ return nil , err
112
+ }
113
+
98
114
return & client {
99
115
compute : & computeClient ,
100
116
network : & virtualNetworkClient ,
@@ -432,3 +448,53 @@ func (c *client) WaitForVolumeDetached(volumeAttachmentId string) error {
432
448
func (c * client ) GetConfig () * Config {
433
449
return c .config
434
450
}
451
+
452
+ // configureCustomTransport customises the base client's transport to use
453
+ // the environment variable specified proxy and/or certificate.
454
+ func configureCustomTransport (baseClient * common.BaseClient ) error {
455
+
456
+ httpClient := baseClient .HTTPClient .(* http.Client )
457
+
458
+ var transport * http.Transport
459
+ if httpClient .Transport == nil {
460
+ transport = & http.Transport {
461
+ DialContext : (& net.Dialer {
462
+ Timeout : 30 * time .Second ,
463
+ KeepAlive : 30 * time .Second ,
464
+ DualStack : true ,
465
+ }).DialContext ,
466
+ MaxIdleConns : 100 ,
467
+ IdleConnTimeout : 90 * time .Second ,
468
+ TLSHandshakeTimeout : 10 * time .Second ,
469
+ ExpectContinueTimeout : 1 * time .Second ,
470
+ }
471
+ } else {
472
+ transport = httpClient .Transport .(* http.Transport )
473
+ }
474
+
475
+ ociProxy := os .Getenv ("OCI_PROXY" )
476
+ if ociProxy != "" {
477
+ proxyURL , err := url .Parse (ociProxy )
478
+ if err != nil {
479
+ return fmt .Errorf ("failed to parse OCI proxy url: %s, err: %v" , ociProxy , err )
480
+ }
481
+ transport .Proxy = func (req * http.Request ) (* url.URL , error ) {
482
+ return proxyURL , nil
483
+ }
484
+ }
485
+
486
+ trustedCACertPath := os .Getenv ("TRUSTED_CA_CERT_PATH" )
487
+ if trustedCACertPath != "" {
488
+ trustedCACert , err := ioutil .ReadFile (trustedCACertPath )
489
+ if err != nil {
490
+ return fmt .Errorf ("failed to read root certificate: %s, err: %v" , trustedCACertPath , err )
491
+ }
492
+ caCertPool := x509 .NewCertPool ()
493
+ ok := caCertPool .AppendCertsFromPEM (trustedCACert )
494
+ if ! ok {
495
+ return fmt .Errorf ("failed to parse root certificate: %s" , trustedCACertPath )
496
+ }
497
+ transport .TLSClientConfig = & tls.Config {RootCAs : caCertPool }
498
+ }
499
+ return nil
500
+ }
0 commit comments