mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
d726e9a183
The correct param forMaxCallRecvMsgSize is '--max-recv-bytes' instead of '--max-request-bytes', so I fixed the documentation and description. Signed-off-by: cleverhu <shouping.hu@daocloud.io>
192 lines
6.1 KiB
Go
192 lines
6.1 KiB
Go
// Copyright 2016 The etcd Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package clientv3
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"time"
|
|
|
|
"go.uber.org/zap"
|
|
"google.golang.org/grpc"
|
|
|
|
"go.etcd.io/etcd/client/pkg/v3/transport"
|
|
)
|
|
|
|
type Config struct {
|
|
// Endpoints is a list of URLs.
|
|
Endpoints []string `json:"endpoints"`
|
|
|
|
// AutoSyncInterval is the interval to update endpoints with its latest members.
|
|
// 0 disables auto-sync. By default auto-sync is disabled.
|
|
AutoSyncInterval time.Duration `json:"auto-sync-interval"`
|
|
|
|
// DialTimeout is the timeout for failing to establish a connection.
|
|
DialTimeout time.Duration `json:"dial-timeout"`
|
|
|
|
// DialKeepAliveTime is the time after which client pings the server to see if
|
|
// transport is alive.
|
|
DialKeepAliveTime time.Duration `json:"dial-keep-alive-time"`
|
|
|
|
// DialKeepAliveTimeout is the time that the client waits for a response for the
|
|
// keep-alive probe. If the response is not received in this time, the connection is closed.
|
|
DialKeepAliveTimeout time.Duration `json:"dial-keep-alive-timeout"`
|
|
|
|
// MaxCallSendMsgSize is the client-side request send limit in bytes.
|
|
// If 0, it defaults to 2.0 MiB (2 * 1024 * 1024).
|
|
// Make sure that "MaxCallSendMsgSize" < server-side default send/recv limit.
|
|
// ("--max-request-bytes" flag to etcd or "embed.Config.MaxRequestBytes").
|
|
MaxCallSendMsgSize int
|
|
|
|
// MaxCallRecvMsgSize is the client-side response receive limit.
|
|
// If 0, it defaults to "math.MaxInt32", because range response can
|
|
// easily exceed request send limits.
|
|
// Make sure that "MaxCallRecvMsgSize" >= server-side default send/recv limit.
|
|
// ("--max-recv-bytes" flag to etcd).
|
|
MaxCallRecvMsgSize int
|
|
|
|
// TLS holds the client secure credentials, if any.
|
|
TLS *tls.Config
|
|
|
|
// Username is a user name for authentication.
|
|
Username string `json:"username"`
|
|
|
|
// Password is a password for authentication.
|
|
Password string `json:"password"`
|
|
|
|
// RejectOldCluster when set will refuse to create a client against an outdated cluster.
|
|
RejectOldCluster bool `json:"reject-old-cluster"`
|
|
|
|
// DialOptions is a list of dial options for the grpc client (e.g., for interceptors).
|
|
// For example, pass "grpc.WithBlock()" to block until the underlying connection is up.
|
|
// Without this, Dial returns immediately and connecting the server happens in background.
|
|
DialOptions []grpc.DialOption
|
|
|
|
// Context is the default client context; it can be used to cancel grpc dial out and
|
|
// other operations that do not have an explicit context.
|
|
Context context.Context
|
|
|
|
// Logger sets client-side logger.
|
|
// If nil, fallback to building LogConfig.
|
|
Logger *zap.Logger
|
|
|
|
// LogConfig configures client-side logger.
|
|
// If nil, use the default logger.
|
|
// TODO: configure gRPC logger
|
|
LogConfig *zap.Config
|
|
|
|
// PermitWithoutStream when set will allow client to send keepalive pings to server without any active streams(RPCs).
|
|
PermitWithoutStream bool `json:"permit-without-stream"`
|
|
|
|
// TODO: support custom balancer picker
|
|
}
|
|
|
|
// ConfigSpec is the configuration from users, which comes from command-line flags,
|
|
// environment variables or config file. It is a fully declarative configuration,
|
|
// and can be serialized & deserialized to/from JSON.
|
|
type ConfigSpec struct {
|
|
Endpoints []string `json:"endpoints"`
|
|
RequestTimeout time.Duration `json:"request-timeout"`
|
|
DialTimeout time.Duration `json:"dial-timeout"`
|
|
KeepAliveTime time.Duration `json:"keepalive-time"`
|
|
KeepAliveTimeout time.Duration `json:"keepalive-timeout"`
|
|
Secure *SecureConfig `json:"secure"`
|
|
Auth *AuthConfig `json:"auth"`
|
|
}
|
|
|
|
type SecureConfig struct {
|
|
Cert string `json:"cert"`
|
|
Key string `json:"key"`
|
|
Cacert string `json:"cacert"`
|
|
ServerName string `json:"server-name"`
|
|
|
|
InsecureTransport bool `json:"insecure-transport"`
|
|
InsecureSkipVerify bool `json:"insecure-skip-tls-verify"`
|
|
}
|
|
|
|
type AuthConfig struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
func (cfg AuthConfig) Empty() bool {
|
|
return cfg.Username == "" && cfg.Password == ""
|
|
}
|
|
|
|
// NewClientConfig creates a Config based on the provided ConfigSpec.
|
|
func NewClientConfig(confSpec *ConfigSpec, lg *zap.Logger) (*Config, error) {
|
|
tlsCfg, err := newTLSConfig(confSpec.Secure, lg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cfg := &Config{
|
|
Endpoints: confSpec.Endpoints,
|
|
DialTimeout: confSpec.DialTimeout,
|
|
DialKeepAliveTime: confSpec.KeepAliveTime,
|
|
DialKeepAliveTimeout: confSpec.KeepAliveTimeout,
|
|
TLS: tlsCfg,
|
|
}
|
|
|
|
if confSpec.Auth != nil {
|
|
cfg.Username = confSpec.Auth.Username
|
|
cfg.Password = confSpec.Auth.Password
|
|
}
|
|
|
|
return cfg, nil
|
|
}
|
|
|
|
func newTLSConfig(scfg *SecureConfig, lg *zap.Logger) (*tls.Config, error) {
|
|
var (
|
|
tlsCfg *tls.Config
|
|
err error
|
|
)
|
|
|
|
if scfg == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
if scfg.Cert != "" || scfg.Key != "" || scfg.Cacert != "" || scfg.ServerName != "" {
|
|
cfgtls := &transport.TLSInfo{
|
|
CertFile: scfg.Cert,
|
|
KeyFile: scfg.Key,
|
|
TrustedCAFile: scfg.Cacert,
|
|
ServerName: scfg.ServerName,
|
|
Logger: lg,
|
|
}
|
|
if tlsCfg, err = cfgtls.ClientConfig(); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// If key/cert is not given but user wants secure connection, we
|
|
// should still setup an empty tls configuration for gRPC to setup
|
|
// secure connection.
|
|
if tlsCfg == nil && !scfg.InsecureTransport {
|
|
tlsCfg = &tls.Config{}
|
|
}
|
|
|
|
// If the user wants to skip TLS verification then we should set
|
|
// the InsecureSkipVerify flag in tls configuration.
|
|
if scfg.InsecureSkipVerify {
|
|
if tlsCfg == nil {
|
|
tlsCfg = &tls.Config{}
|
|
}
|
|
tlsCfg.InsecureSkipVerify = scfg.InsecureSkipVerify
|
|
}
|
|
|
|
return tlsCfg, nil
|
|
}
|