From 65607d6117b72cefa64ec13189e904f34cff871b Mon Sep 17 00:00:00 2001 From: Martin Polden Date: Tue, 4 Apr 2023 16:33:18 +0200 Subject: Use slice of certificates instead of pointer --- client/go/internal/cli/auth/zts/zts.go | 2 +- client/go/internal/cli/cmd/root.go | 4 ++-- client/go/internal/cli/cmd/test.go | 2 +- client/go/internal/util/http.go | 2 +- client/go/internal/vespa/target.go | 22 ++++++++-------------- client/go/internal/vespa/target_cloud.go | 4 ++-- 6 files changed, 15 insertions(+), 21 deletions(-) (limited to 'client') diff --git a/client/go/internal/cli/auth/zts/zts.go b/client/go/internal/cli/auth/zts/zts.go index 1e84912a271..caa2d03367d 100644 --- a/client/go/internal/cli/auth/zts/zts.go +++ b/client/go/internal/cli/auth/zts/zts.go @@ -37,7 +37,7 @@ func (c *Client) AccessToken(domain string, certificate tls.Certificate) (string if err != nil { return "", err } - util.SetCertificate(c.client, []tls.Certificate{certificate}) + util.SetCertificates(c.client, []tls.Certificate{certificate}) response, err := c.client.Do(req, 10*time.Second) if err != nil { return "", err diff --git a/client/go/internal/cli/cmd/root.go b/client/go/internal/cli/cmd/root.go index 58e940d59ef..360af9d0dcf 100644 --- a/client/go/internal/cli/cmd/root.go +++ b/client/go/internal/cli/cmd/root.go @@ -366,7 +366,7 @@ func (c *CLI) createCloudTarget(targetType string, opts targetOptions) (vespa.Ta return nil, errHint(err, "Deployment to cloud requires a certificate. Try 'vespa auth cert'") } deploymentTLSOptions = vespa.TLSOptions{ - KeyPair: &kp.KeyPair, + KeyPair: []tls.Certificate{kp.KeyPair}, CertificateFile: kp.CertificateFile, PrivateKeyFile: kp.PrivateKeyFile, } @@ -377,7 +377,7 @@ func (c *CLI) createCloudTarget(targetType string, opts targetOptions) (vespa.Ta return nil, errHint(err, "Deployment to hosted requires an Athenz certificate", "Try renewing certificate with 'athenz-user-cert'") } apiTLSOptions = vespa.TLSOptions{ - KeyPair: &kp.KeyPair, + KeyPair: []tls.Certificate{kp.KeyPair}, CertificateFile: kp.CertificateFile, PrivateKeyFile: kp.PrivateKeyFile, } diff --git a/client/go/internal/cli/cmd/test.go b/client/go/internal/cli/cmd/test.go index 4a53fe6bed3..05633b1135e 100644 --- a/client/go/internal/cli/cmd/test.go +++ b/client/go/internal/cli/cmd/test.go @@ -263,7 +263,7 @@ func verify(step step, defaultCluster string, defaultParameters map[string]strin var response *http.Response if externalEndpoint { - util.SetCertificate(context.cli.httpClient, []tls.Certificate{}) + util.SetCertificates(context.cli.httpClient, []tls.Certificate{}) response, err = context.cli.httpClient.Do(request, 60*time.Second) } else { response, err = service.Do(request, 600*time.Second) // Vespa should provide a response within the given request timeout diff --git a/client/go/internal/util/http.go b/client/go/internal/util/http.go index b1646b06a80..a3de212134d 100644 --- a/client/go/internal/util/http.go +++ b/client/go/internal/util/http.go @@ -32,7 +32,7 @@ func (c *defaultHTTPClient) Do(request *http.Request, timeout time.Duration) (re return c.client.Do(request) } -func SetCertificate(client HTTPClient, certificates []tls.Certificate) { +func SetCertificates(client HTTPClient, certificates []tls.Certificate) { c, ok := client.(*defaultHTTPClient) if !ok { return diff --git a/client/go/internal/vespa/target.go b/client/go/internal/vespa/target.go index 1ad36b1d799..9eba5c6711f 100644 --- a/client/go/internal/vespa/target.go +++ b/client/go/internal/vespa/target.go @@ -74,7 +74,7 @@ type Target interface { // TLSOptions configures the client certificate to use for cloud API or service requests. type TLSOptions struct { - KeyPair *tls.Certificate + KeyPair []tls.Certificate CertificateFile string PrivateKeyFile string AthenzDomain string @@ -93,7 +93,7 @@ type LogOptions struct { // Do sends request to this service. Any required authentication happens automatically. func (s *Service) Do(request *http.Request, timeout time.Duration) (*http.Response, error) { if s.TLSOptions.AthenzDomain != "" && s.TLSOptions.KeyPair != nil { - accessToken, err := s.zts.AccessToken(s.TLSOptions.AthenzDomain, *s.TLSOptions.KeyPair) + accessToken, err := s.zts.AccessToken(s.TLSOptions.AthenzDomain, s.TLSOptions.KeyPair[0]) if err != nil { return nil, err } @@ -120,13 +120,7 @@ func (s *Service) Wait(timeout time.Duration) (int, error) { } // ForceHTTP2 forces the underlying HTTP client to use HTTP/2. -func (s *Service) ForceHTTP2() { - var certs []tls.Certificate - if s.TLSOptions.KeyPair != nil { - certs = []tls.Certificate{*s.TLSOptions.KeyPair} - } - util.ForceHTTP2(s.httpClient, certs) -} +func (s *Service) ForceHTTP2() { util.ForceHTTP2(s.httpClient, s.TLSOptions.KeyPair) } func (s *Service) Description() string { switch s.Name { @@ -148,18 +142,18 @@ type requestFunc func() *http.Request // waitForOK queries url and returns its status code. If the url returns a non-200 status code, it is repeatedly queried // until timeout elapses. -func waitForOK(client util.HTTPClient, url string, certificate *tls.Certificate, timeout time.Duration) (int, error) { +func waitForOK(client util.HTTPClient, url string, certificates []tls.Certificate, timeout time.Duration) (int, error) { req, err := http.NewRequest("GET", url, nil) if err != nil { return 0, err } okFunc := func(status int, response []byte) (bool, error) { return isOK(status), nil } - return wait(client, okFunc, func() *http.Request { return req }, certificate, timeout) + return wait(client, okFunc, func() *http.Request { return req }, certificates, timeout) } -func wait(client util.HTTPClient, fn responseFunc, reqFn requestFunc, certificate *tls.Certificate, timeout time.Duration) (int, error) { - if certificate != nil { - util.SetCertificate(client, []tls.Certificate{*certificate}) +func wait(client util.HTTPClient, fn responseFunc, reqFn requestFunc, certificates []tls.Certificate, timeout time.Duration) (int, error) { + if certificates != nil { + util.SetCertificates(client, certificates) } var ( httpErr error diff --git a/client/go/internal/vespa/target_cloud.go b/client/go/internal/vespa/target_cloud.go index 2335d4f3432..1fb3edd78c5 100644 --- a/client/go/internal/vespa/target_cloud.go +++ b/client/go/internal/vespa/target_cloud.go @@ -161,7 +161,7 @@ func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, c } if service.TLSOptions.KeyPair != nil { - util.SetCertificate(service.httpClient, []tls.Certificate{*service.TLSOptions.KeyPair}) + util.SetCertificates(service.httpClient, service.TLSOptions.KeyPair) } return service, nil } @@ -175,7 +175,7 @@ func (t *cloudTarget) SignRequest(req *http.Request, keyID string) error { return t.addAuth0AccessToken(req) } } else { - if t.apiOptions.TLSOptions.KeyPair.Certificate == nil { + if t.apiOptions.TLSOptions.KeyPair == nil { return fmt.Errorf("system %s requires a certificate for authentication", t.apiOptions.System.Name) } return nil -- cgit v1.2.3