talos

1
// This Source Code Form is subject to the terms of the Mozilla Public
2
// License, v. 2.0. If a copy of the MPL was not distributed with this
3
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4

5
//go:build sidero.debug
6

7
package client
8

9
import (
10
	"net/url"
11

12
	"google.golang.org/grpc/credentials"
13
	"google.golang.org/grpc/credentials/insecure"
14

15
	clientconfig "github.com/siderolabs/talos/pkg/machinery/client/config"
16
)
17

18
// shouldInsecureConnectionsBeAllowed returns true if one endpoint starts with http://
19
func shouldInsecureConnectionsBeAllowed(endpoints []string) bool {
20
	for _, endpoint := range endpoints {
21
		u, _ := url.Parse(endpoint)
22
		if u.Scheme == "http" {
23
			return true
24
		}
25
	}
26

27
	return false
28
}
29

30
// RequireTransportSecurity enables basic auth with insecure gRPC transport credentials.
31
func (c BasicAuth) RequireTransportSecurity() bool {
32
	return false
33
}
34

35
func buildCredentials(configContext *clientconfig.Context, endpoints []string) (credentials.TransportCredentials, error) {
36
	if shouldInsecureConnectionsBeAllowed(endpoints) {
37
		return insecure.NewCredentials(), nil
38
	}
39

40
	tlsConfig, err := buildTLSConfig(configContext)
41
	if err != nil {
42
		return nil, err
43
	}
44

45
	return credentials.NewTLS(tlsConfig), nil
46
}
47