coredns/core/setup/etcd.go

package setup

import (
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"
	"net"
	"net/http"
	"time"

	"github.com/miekg/coredns/middleware"
	"github.com/miekg/coredns/middleware/etcd"

	etcdc "github.com/coreos/etcd/client"
)

const defaultEndpoint = "http://127.0.0.1:2379"

// Etcd sets up the etcd middleware.
func Etcd(c *Controller) (middleware.Middleware, error) {
	client, err := etcdParse(c)
	if err != nil {
		return nil, err
	}

	return func(next middleware.Handler) middleware.Handler {
		return etcd.NewEtcd(client, next, c.ServerBlockHosts)
	}, nil
}

func etcdParse(c *Controller) (etcdc.KeysAPI, error) {
	for c.Next() {
		if c.Val() == "etcd" {
			// etcd [address...]
			if !c.NextArg() {
				// TODO(certs) and friends, this is client side
				client, err := newEtcdClient([]string{defaultEndpoint}, "", "", "")
				return client, err
			}
			client, err := newEtcdClient(c.RemainingArgs(), "", "", "")
			return client, err
		}
	}
	return nil, nil
}

func newEtcdClient(endpoints []string, tlsCert, tlsKey, tlsCACert string) (etcdc.KeysAPI, error) {
	etcdCfg := etcdc.Config{
		Endpoints: endpoints,
		Transport: newHTTPSTransport(tlsCert, tlsKey, tlsCACert),
	}
	cli, err := etcdc.New(etcdCfg)
	if err != nil {
		return nil, err
	}
	return etcdc.NewKeysAPI(cli), nil
}

func newHTTPSTransport(tlsCertFile, tlsKeyFile, tlsCACertFile string) etcdc.CancelableTransport {
	var cc *tls.Config = nil

	if tlsCertFile != "" && tlsKeyFile != "" {
		var rpool *x509.CertPool
		if tlsCACertFile != "" {
			if pemBytes, err := ioutil.ReadFile(tlsCACertFile); err == nil {
				rpool = x509.NewCertPool()
				rpool.AppendCertsFromPEM(pemBytes)
			}
		}

		if tlsCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile); err == nil {
			cc = &tls.Config{
				RootCAs:            rpool,
				Certificates:       []tls.Certificate{tlsCert},
				InsecureSkipVerify: true,
			}
		}
	}

	tr := &http.Transport{
		Proxy: http.ProxyFromEnvironment,
		Dial: (&net.Dialer{
			Timeout:   30 * time.Second,
			KeepAlive: 30 * time.Second,
		}).Dial,
		TLSHandshakeTimeout: 10 * time.Second,
		TLSClientConfig:     cc,
	}

	return tr
}
more 2016-03-20 17:54:21 +00:00			`package setup`

			`import (`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`"crypto/tls"`
			`"crypto/x509"`
			`"io/ioutil"`
			`"net"`
			`"net/http"`
			`"time"`
more 2016-03-20 17:54:21 +00:00
			`"github.com/miekg/coredns/middleware"`
more etcd stuff 2016-03-20 21:36:55 +00:00			`"github.com/miekg/coredns/middleware/etcd"`

			`etcdc "github.com/coreos/etcd/client"`
more 2016-03-20 17:54:21 +00:00			`)`

more etcd stuff 2016-03-20 21:36:55 +00:00			`const defaultEndpoint = "http://127.0.0.1:2379"`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00
			`// Etcd sets up the etcd middleware.`
			`func Etcd(c *Controller) (middleware.Middleware, error) {`
more etcd stuff 2016-03-20 21:36:55 +00:00			`client, err := etcdParse(c)`
more 2016-03-20 17:54:21 +00:00			`if err != nil {`
			`return nil, err`
			`}`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00
more 2016-03-20 17:54:21 +00:00			`return func(next middleware.Handler) middleware.Handler {`
more etcd stuff 2016-03-20 21:36:55 +00:00			`return etcd.NewEtcd(client, next, c.ServerBlockHosts)`
more 2016-03-20 17:54:21 +00:00			`}, nil`
			`}`

More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`func etcdParse(c *Controller) (etcdc.KeysAPI, error) {`
more 2016-03-20 17:54:21 +00:00			`for c.Next() {`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`if c.Val() == "etcd" {`
			`// etcd [address...]`
more 2016-03-20 17:54:21 +00:00			`if !c.NextArg() {`
more etcd stuff 2016-03-20 21:36:55 +00:00			`// TODO(certs) and friends, this is client side`
			`client, err := newEtcdClient([]string{defaultEndpoint}, "", "", "")`
			`return client, err`
more 2016-03-20 17:54:21 +00:00			`}`
more etcd stuff 2016-03-20 21:36:55 +00:00			`client, err := newEtcdClient(c.RemainingArgs(), "", "", "")`
			`return client, err`
more 2016-03-20 17:54:21 +00:00			`}`
			`}`
more etcd stuff 2016-03-20 21:36:55 +00:00			`return nil, nil`
more 2016-03-20 17:54:21 +00:00			`}`

more etcd stuff 2016-03-20 21:36:55 +00:00			`func newEtcdClient(endpoints []string, tlsCert, tlsKey, tlsCACert string) (etcdc.KeysAPI, error) {`
			`etcdCfg := etcdc.Config{`
			`Endpoints: endpoints,`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`Transport: newHTTPSTransport(tlsCert, tlsKey, tlsCACert),`
			`}`
more etcd stuff 2016-03-20 21:36:55 +00:00			`cli, err := etcdc.New(etcdCfg)`
more 2016-03-20 17:54:21 +00:00			`if err != nil {`
			`return nil, err`
			`}`
more etcd stuff 2016-03-20 21:36:55 +00:00			`return etcdc.NewKeysAPI(cli), nil`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`}`

more etcd stuff 2016-03-20 21:36:55 +00:00			`func newHTTPSTransport(tlsCertFile, tlsKeyFile, tlsCACertFile string) etcdc.CancelableTransport {`
More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`var cc *tls.Config = nil`

			`if tlsCertFile != "" && tlsKeyFile != "" {`
			`var rpool *x509.CertPool`
			`if tlsCACertFile != "" {`
			`if pemBytes, err := ioutil.ReadFile(tlsCACertFile); err == nil {`
			`rpool = x509.NewCertPool()`
			`rpool.AppendCertsFromPEM(pemBytes)`
			`}`
			`}`

			`if tlsCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile); err == nil {`
			`cc = &tls.Config{`
			`RootCAs: rpool,`
			`Certificates: []tls.Certificate{tlsCert},`
			`InsecureSkipVerify: true,`
			`}`
more 2016-03-20 17:54:21 +00:00			`}`
			`}`

More stuff copied from SkyDNS 2016-03-20 18:17:07 +00:00			`tr := &http.Transport{`
			`Proxy: http.ProxyFromEnvironment,`
			`Dial: (&net.Dialer{`
			`Timeout: 30 * time.Second,`
			`KeepAlive: 30 * time.Second,`
			`}).Dial,`
			`TLSHandshakeTimeout: 10 * time.Second,`
			`TLSClientConfig: cc,`
			`}`

			`return tr`
			`}`