mirror of
https://github.com/prymitive/karma
synced 2026-05-07 03:26:52 +00:00
640c701295
Gin comes with a lot of dependencies and doesn't use Go standard http handler. Chi is smaller and allows to use standard middleware.
62 lines
1.4 KiB
Go
62 lines
1.4 KiB
Go
package alertmanager
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"io/ioutil"
|
|
"net/http"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
func configureTLSRootCAs(tlsConfig *tls.Config, caPath string) error {
|
|
log.Debug().
|
|
Str("path", caPath).
|
|
Msg("Loading TLS CA cert")
|
|
caCert, err := ioutil.ReadFile(caPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
tlsConfig.RootCAs = caCertPool
|
|
return nil
|
|
}
|
|
|
|
func configureTLSClientCert(tlsConfig *tls.Config, certPath, keyPath string) error {
|
|
log.Debug().
|
|
Str("cert", certPath).
|
|
Str("key", keyPath).
|
|
Msg("Loading TLS cert and key")
|
|
cert, err := tls.LoadX509KeyPair(certPath, keyPath)
|
|
if err != nil {
|
|
log.Debug().Err(err).Msg("Failed to load TLS cert and key")
|
|
return err
|
|
}
|
|
tlsConfig.Certificates = []tls.Certificate{cert}
|
|
return nil
|
|
}
|
|
|
|
// NewHTTPTransport handles the logic of creating a http.RoundTripper instance
|
|
// with properl tls.Config setup
|
|
func NewHTTPTransport(caPath, certPath, keyPath string, insecureSkipVerify bool) (http.RoundTripper, error) {
|
|
tlsConfig := &tls.Config{InsecureSkipVerify: insecureSkipVerify}
|
|
|
|
if caPath != "" {
|
|
err := configureTLSRootCAs(tlsConfig, caPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
if certPath != "" {
|
|
err := configureTLSClientCert(tlsConfig, certPath, keyPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
transport := http.Transport{TLSClientConfig: tlsConfig}
|
|
return &transport, nil
|
|
}
|