talos
1// This Source Code Form is subject to the terms of the Mozilla Public
2// License, v. 2.0. If a copy of the MPL was not distributed with this
3// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4
5//go:build sidero.debug
6
7package client
8
9import (
10"net/url"
11
12"google.golang.org/grpc/credentials"
13"google.golang.org/grpc/credentials/insecure"
14
15clientconfig "github.com/siderolabs/talos/pkg/machinery/client/config"
16)
17
18// shouldInsecureConnectionsBeAllowed returns true if one endpoint starts with http://
19func shouldInsecureConnectionsBeAllowed(endpoints []string) bool {
20for _, endpoint := range endpoints {
21u, _ := url.Parse(endpoint)
22if u.Scheme == "http" {
23return true
24}
25}
26
27return false
28}
29
30// RequireTransportSecurity enables basic auth with insecure gRPC transport credentials.
31func (c BasicAuth) RequireTransportSecurity() bool {
32return false
33}
34
35func buildCredentials(configContext *clientconfig.Context, endpoints []string) (credentials.TransportCredentials, error) {
36if shouldInsecureConnectionsBeAllowed(endpoints) {
37return insecure.NewCredentials(), nil
38}
39
40tlsConfig, err := buildTLSConfig(configContext)
41if err != nil {
42return nil, err
43}
44
45return credentials.NewTLS(tlsConfig), nil
46}
47