github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-10 13:42:02 +00:00
Code Issues Projects Releases Wiki Activity

Rename Secure -> TLS; we may use TLS insecurely.

Browse Source
This commit is contained in:
Eric Tune
2014-11-13 21:42:36 -08:00
parent dd3c85be09
commit 5c24855349
4 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/client/helper.go
View File

@@ -172,7 +172,7 @@ func TransportFor(config *Config) (http.RoundTripper, error) {
// DefaultServerURL converts a host, host:port, or URL string to the default base server API path
// to use with a Client at a given API version following the standard conventions for a
// Kubernetes API.
func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.URL, error) {
func DefaultServerURL(host, prefix, version string, defaultTLS bool) (*url.URL, error) {
if host == "" {
return nil, fmt.Errorf("host must be a URL or a host:port pair")
}
@@ -186,7 +186,7 @@ func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.UR
}
if hostURL.Scheme == "" {
scheme := "http://"
if defaultSecure {
if defaultTLS {
scheme = "https://"
}
hostURL, err = url.Parse(scheme + base)
@@ -213,13 +213,13 @@ func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.UR
return hostURL, nil
}
// IsConfigTransportSecure returns true iff the provided config will result in a protected
// IsConfigTransportTLS returns true iff the provided config will result in a protected
// connection to the server when it is passed to client.New() or client.RESTClientFor().
// Use to determine when to send credentials over the wire.
//
// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
// still possible.
func IsConfigTransportSecure(config *Config) bool {
func IsConfigTransportTLS(config *Config) bool {
baseURL, err := defaultServerUrlFor(config)
if err != nil {
return false
@@ -227,16 +227,17 @@ func IsConfigTransportSecure(config *Config) bool {
return baseURL.Scheme == "https"
}
// defaultServerUrlFor is shared between IsConfigSecure and RESTClientFor
// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor
func defaultServerUrlFor(config *Config) (*url.URL, error) {
version := defaultVersionFor(config)
// TODO: move the default to secure when the apiserver supports TLS by default
defaultSecure := config.CertFile != "" || config.Insecure
// config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA."
defaultTLS := config.CertFile != "" || config.Insecure
host := config.Host
if host == "" {
host = "localhost"
}
return DefaultServerURL(host, config.Prefix, version, defaultSecure)
return DefaultServerURL(host, config.Prefix, version, defaultTLS)
}
// defaultVersionFor is shared between defaultServerUrlFor and RESTClientFor