github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2025-06-26 23:17:34 +00:00
Code Issues Projects Releases Wiki Activity

Use struct key for TLS cache

Browse Source 
Kubernetes-commit: 5c8fe23722db05dda25a54d4275737af329227eb
This commit is contained in:
Jordan Liggitt 2017-12-04 13:51:29 -06:00 committed by Kubernetes Publisher
parent 6cddcf6b00
commit 60b0546760
1 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
transport/cache.go
View File

@ -31,12 +31,28 @@ import (
// the config has no custom TLS options, http.DefaultTransport is returned. // the config has no custom TLS options, http.DefaultTransport is returned.
type tlsTransportCache struct { type tlsTransportCache struct {
mu sync.Mutex mu sync.Mutex
transports map[string]*http.Transport transports map[tlsCacheKey]*http.Transport
} }
const idleConnsPerHost = 25 const idleConnsPerHost = 25
var tlsCache = &tlsTransportCache{transports: make(map[string]*http.Transport)} var tlsCache = &tlsTransportCache{transports: make(map[tlsCacheKey]*http.Transport)}
type tlsCacheKey struct {
insecure bool
caData string
certData string
keyData string
serverName string
}
func (t tlsCacheKey) String() string {
keyText := "<none>"
if len(t.keyData) > 0 {
keyText = "<redacted>"
}
return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s", t.insecure, t.caData, t.certData, keyText, t.serverName)
}
func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) { func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
key, err := tlsConfigKey(config) key, err := tlsConfigKey(config)
@ -82,11 +98,16 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
} }
// tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor // tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor
func tlsConfigKey(c *Config) (string, error) { func tlsConfigKey(c *Config) (tlsCacheKey, error) {
// Make sure ca/key/cert content is loaded // Make sure ca/key/cert content is loaded
if err := loadTLSFiles(c); err != nil { if err := loadTLSFiles(c); err != nil {
return "", err return tlsCacheKey{}, err
} }
// Only include the things that actually affect the tls.Config return tlsCacheKey{
return fmt.Sprintf("%v/%x/%x/%x/%v", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData, c.TLS.ServerName), nil insecure: c.TLS.Insecure,
caData: string(c.TLS.CAData),
certData: string(c.TLS.CertData),
keyData: string(c.TLS.KeyData),
serverName: c.TLS.ServerName,
}, nil
} }