forked from oVirt/go-ovirt-client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnew.go
186 lines (172 loc) · 5.56 KB
/
new.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
package ovirtclient
import (
"math/rand"
"net/http"
"strings"
"time"
ovirtsdk4 "github.com/ovirt/go-ovirt"
)
// ExtraSettings are the optional settings for the oVirt connection.
//
// For future development, an interface named ExtraSettingsV2, V3, etc. will be added that incorporate this interface.
// This is done for backwards compatibility.
type ExtraSettings interface {
// ExtraHeaders adds headers to the request.
ExtraHeaders() map[string]string
// Compression enables GZIP or DEFLATE compression on HTTP queries
Compression() bool
}
// New creates a new copy of the enhanced oVirt client. It accepts the following options:
//
// url
//
// This is the oVirt engine URL. This must start with http:// or https:// and typically ends with /ovirt-engine/.
//
// username
//
// This is the username for the oVirt engine. This must contain the profile separated with an @ sign. For example,
// admin@internal.
//
// password
//
// This is the password for the oVirt engine. Other authentication mechanisms are not supported.
//
// tls
//
// This is a TLSProvider responsible for supplying TLS configuration to the client. See below for a simple example.
//
// logger
//
// This is an implementation of ovirtclientlog.Logger to provide logging.
//
// extraSettings
//
// This is an implementation of the ExtraSettings interface, allowing for customization of headers and turning on
// compression.
//
// TLS
//
// This library tries to follow best practices when it comes to connection security. Therefore, you will need to pass
// a valid implementation of the TLSProvider interface in the tls parameter. The easiest way to do this is calling
// the ovirtclient.TLS() function and then configuring the resulting variable with the following functions:
//
// tls := ovirtclient.TLS()
//
// // Add certificates from an in-memory byte slice. Certificates must be in PEM format.
// tls.CACertsFromMemory(caCerts)
//
// // Add certificates from a single file. Certificates must be in PEM format.
// tls.CACertsFromFile("/path/to/file.pem")
//
// // Add certificates from a directory. Optionally, regular expressions can be passed that must match the file
// // names.
// tls.CACertsFromDir("/path/to/certs", regexp.MustCompile(`\.pem`))
//
// // Add system certificates
// tls.CACertsFromSystem()
//
// // Disable certificate verification. This is a bad idea.
// tls.Insecure()
//
// client, err := ovirtclient.New(
// url, username, password,
// tls,
// logger, extraSettings
// )
//
// Extra settings
//
// This library also supports customizing the connection settings. In order to stay backwards compatible the
// extraSettings parameter must implement the ovirtclient.ExtraSettings interface. Future versions of this library will
// add new interfaces (e.g. ExtraSettingsV2) to add new features without breaking compatibility.
func New(
url string,
username string,
password string,
tls TLSProvider,
logger Logger,
extraSettings ExtraSettings,
) (ClientWithLegacySupport, error) {
return NewWithVerify(url, username, password, tls, logger, extraSettings, testConnection)
}
// NewWithVerify is equivalent to New, but allows customizing the verification function for the connection.
// Alternatively, a nil can be passed to disable connection verification.
func NewWithVerify(
url string,
username string,
password string,
tls TLSProvider,
logger Logger,
extraSettings ExtraSettings,
verify func(connection Client) error,
) (ClientWithLegacySupport, error) {
if err := validateURL(url); err != nil {
return nil, wrap(err, EBadArgument, "invalid URL: %s", url)
}
if err := validateUsername(username); err != nil {
return nil, wrap(err, "invalid username: %s", username)
}
tlsConfig, err := tls.CreateTLSConfig()
if err != nil {
return nil, wrap(err, ETLSError, "failed to create TLS configuration")
}
connBuilder := ovirtsdk4.NewConnectionBuilder().
URL(url).
Username(username).
Password(password).
TLSConfig(tlsConfig)
if extraSettings != nil {
if len(extraSettings.ExtraHeaders()) > 0 {
connBuilder.Headers(extraSettings.ExtraHeaders())
}
if extraSettings.Compression() {
connBuilder.Compress(true)
}
}
conn, err := connBuilder.Build()
if err != nil {
return nil, wrap(err, EUnidentified, "failed to create underlying oVirt connection")
}
httpClient := http.Client{
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
},
}
client := &oVirtClient{
conn: conn,
httpClient: httpClient,
logger: logger,
url: url,
nonSecureRandom: rand.New(rand.NewSource(time.Now().UnixNano())), //nolint:gosec
}
if verify != nil {
if err := verify(client); err != nil {
return nil, err
}
}
return client, nil
}
func testConnection(conn Client) error {
return conn.Test()
}
func validateUsername(username string) error {
usernameParts := strings.SplitN(username, "@", 2)
//nolint:gomnd
if len(usernameParts) != 2 {
return newError(EBadArgument, "username must contain exactly one @ sign (format should be admin@internal)")
}
if len(usernameParts[0]) == 0 {
return newError(EBadArgument, "no user supplied before @ sign in username (format should be admin@internal)")
}
if len(usernameParts[1]) == 0 {
return newError(EBadArgument, "no scope supplied after @ sign in username (format should be admin@internal)")
}
return nil
}
func validateURL(url string) error {
//goland:noinspection HttpUrlsUsage
if !strings.HasPrefix(url, "http://") && !strings.HasPrefix(url, "https://") {
return newError(EBadArgument, "URL must start with http:// or https://")
}
return nil
}