Skip to content
This repository was archived by the owner on Jun 23, 2020. It is now read-only.

Commit 5a5660d

Browse files
authored
Merge pull request #65 from oracle/service-principal-proxy
Add ability to configure bespoke transport settings for using the driver in a proxy scenario.
2 parents dc1a7e7 + 542f125 commit 5a5660d

File tree

1 file changed

+66
-0
lines changed

1 file changed

+66
-0
lines changed

pkg/oci/client/oci.go

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,14 @@ package client
1616

1717
import (
1818
"context"
19+
"crypto/tls"
20+
"crypto/x509"
1921
"fmt"
22+
"io/ioutil"
2023
"log"
24+
"net"
25+
"net/http"
26+
"net/url"
2127
"os"
2228
"strings"
2329
"time"
@@ -91,10 +97,20 @@ func New(configPath string) (Interface, error) {
9197
if err != nil {
9298
return nil, err
9399
}
100+
err = configureCustomTransport(&computeClient.BaseClient)
101+
if err != nil {
102+
return nil, err
103+
}
104+
94105
virtualNetworkClient, err := core.NewVirtualNetworkClientWithConfigurationProvider(configProvider)
95106
if err != nil {
96107
return nil, err
97108
}
109+
err = configureCustomTransport(&virtualNetworkClient.BaseClient)
110+
if err != nil {
111+
return nil, err
112+
}
113+
98114
return &client{
99115
compute: &computeClient,
100116
network: &virtualNetworkClient,
@@ -432,3 +448,53 @@ func (c *client) WaitForVolumeDetached(volumeAttachmentId string) error {
432448
func (c *client) GetConfig() *Config {
433449
return c.config
434450
}
451+
452+
// configureCustomTransport customises the base client's transport to use
453+
// the environment variable specified proxy and/or certificate.
454+
func configureCustomTransport(baseClient *common.BaseClient) error {
455+
456+
httpClient := baseClient.HTTPClient.(*http.Client)
457+
458+
var transport *http.Transport
459+
if httpClient.Transport == nil {
460+
transport = &http.Transport{
461+
DialContext: (&net.Dialer{
462+
Timeout: 30 * time.Second,
463+
KeepAlive: 30 * time.Second,
464+
DualStack: true,
465+
}).DialContext,
466+
MaxIdleConns: 100,
467+
IdleConnTimeout: 90 * time.Second,
468+
TLSHandshakeTimeout: 10 * time.Second,
469+
ExpectContinueTimeout: 1 * time.Second,
470+
}
471+
} else {
472+
transport = httpClient.Transport.(*http.Transport)
473+
}
474+
475+
ociProxy := os.Getenv("OCI_PROXY")
476+
if ociProxy != "" {
477+
proxyURL, err := url.Parse(ociProxy)
478+
if err != nil {
479+
return fmt.Errorf("failed to parse OCI proxy url: %s, err: %v", ociProxy, err)
480+
}
481+
transport.Proxy = func(req *http.Request) (*url.URL, error) {
482+
return proxyURL, nil
483+
}
484+
}
485+
486+
trustedCACertPath := os.Getenv("TRUSTED_CA_CERT_PATH")
487+
if trustedCACertPath != "" {
488+
trustedCACert, err := ioutil.ReadFile(trustedCACertPath)
489+
if err != nil {
490+
return fmt.Errorf("failed to read root certificate: %s, err: %v", trustedCACertPath, err)
491+
}
492+
caCertPool := x509.NewCertPool()
493+
ok := caCertPool.AppendCertsFromPEM(trustedCACert)
494+
if !ok {
495+
return fmt.Errorf("failed to parse root certificate: %s", trustedCACertPath)
496+
}
497+
transport.TLSClientConfig = &tls.Config{RootCAs: caCertPool}
498+
}
499+
return nil
500+
}

0 commit comments

Comments
 (0)