opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2026-03-13 08:01:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Pass all of Options to tcpClient

Browse Source 
This will make it easier to add one more option,
and removes a risk of passing options in an incorrect order.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač
2026-02-10 20:50:00 +01:00
parent d561f13d7c
commit 2d4fb908a1
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/bindings/connection.go
View File

@@ -155,7 +155,7 @@ func NewConnectionWithOptions(ctx context.Context, opts Options) (context.Contex
if !strings.HasPrefix(uri, "tcp://") {
return nil, errors.New("tcp URIs should begin with tcp://")
}
conn, err := tcpClient(_url, opts.TLSCertFile, opts.TLSKeyFile, opts.TLSCAFile)
conn, err := tcpClient(_url, opts)
if err != nil {
return nil, newConnectError(err)
}
@@ -308,7 +308,9 @@ func sshClient(_url *url.URL, uri string, identity string, machine bool) (Connec
return connection, nil
}
func tcpClient(_url *url.URL, tlsCertFile, tlsKeyFile, tlsCAFile string) (Connection, error) {
// tcpClient creates a TCP connection to _url.
// opts are consulted for TLS options only.
func tcpClient(_url *url.URL, opts Options) (Connection, error) {
connection := Connection{
URI: _url,
}
@@ -344,23 +346,23 @@ func tcpClient(_url *url.URL, tlsCertFile, tlsKeyFile, tlsCAFile string) (Connec
DialContext: dialContext,
DisableCompression: true,
}
if len(tlsCAFile) != 0 || len(tlsCertFile) != 0 || len(tlsKeyFile) != 0 {
logrus.Debugf("using TLS cert=%s key=%s ca=%s", tlsCertFile, tlsKeyFile, tlsCAFile)
if len(opts.TLSCAFile) != 0 || len(opts.TLSCertFile) != 0 || len(opts.TLSKeyFile) != 0 {
logrus.Debugf("using TLS cert=%s key=%s ca=%s", opts.TLSCertFile, opts.TLSKeyFile, opts.TLSCAFile)
transport.TLSClientConfig = &tls.Config{}
connection.tls = true
}
if len(tlsCAFile) != 0 {
pool, err := tlsutil.ReadCertBundle(tlsCAFile)
if len(opts.TLSCAFile) != 0 {
pool, err := tlsutil.ReadCertBundle(opts.TLSCAFile)
if err != nil {
return connection, fmt.Errorf("unable to read CA bundle: %w", err)
}
transport.TLSClientConfig.RootCAs = pool
}
if (len(tlsCertFile) == 0) != (len(tlsKeyFile) == 0) {
if (len(opts.TLSCertFile) == 0) != (len(opts.TLSKeyFile) == 0) {
return connection, fmt.Errorf("TLS Key and Certificate must both or neither be provided")
}
if len(tlsCertFile) != 0 && len(tlsKeyFile) != 0 {
keyPair, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
if len(opts.TLSCertFile) != 0 && len(opts.TLSKeyFile) != 0 {
keyPair, err := tls.LoadX509KeyPair(opts.TLSCertFile, opts.TLSKeyFile)
if err != nil {
return connection, fmt.Errorf("unable to read TLS key pair: %w", err)
}