Add custon http.Transport for supporting TLS (close #6)

rluisr · rluisr · commit f17cd654ee5a · 2022-06-29T23:53:30.000+09:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,27 @@
+name: Test
+
+on:
+  push:
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: latest
+
+  test:
+    name: Test
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Test
+        run: |
+          make test
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.env
+.envrc
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/modules.xml b/.idea/modules.xml
diff --git a/.idea/mysqlrouter-go.iml b/.idea/mysqlrouter-go.iml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/Dockerfile_test b/Dockerfile_test
@@ -0,0 +1,4 @@
+FROM golang:1.18
+
+WORKDIR /go/src/mysqlrouter-go
+COPY . .
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ client for getting mysql-router information.
 
 Supported version
 -----------------
-- 20190715 (8.0.17 - 8.0.27)
+- 20190715 (8.0.17 - 8.0.29)
 
 Enable HTTP Server and REST API
 -------------------------------
@@ -16,14 +16,16 @@ See [MySQL Router 8.0.17 and the REST API by lefred](https://lefred.be/content/m
 Usage
 -----
 ```go
-mr, err := mysqlrouter.New("https://mysqlrouter-test.xzy.pw", "luis", "luis")
-routes, err := mr.GetAllRoutes()
+mysqlrouter.New("http://localhost:8080", "luis", "luis", nil)
 ```
 
-See [example](example/main.go)
+See [example](example/main.go) and [client_test.go](client_test.go)
 
 Supported endpoint
 -------------------
+### server
+- [x] HTTPS with verify
+
 ### cluster
 - [x] /metadata
 - [x] /metadata/metadata_name/config
@@ -38,3 +40,9 @@ Supported endpoint
 - [x] /routes/route_name/health
 - [x] /routes/route_name/destinations
 - [x] /routes/route_name/connections
+
+Developer
+---------
+```shell
+$ cd docker-compose && make local
+```
diff --git a/app_test.go b/app_test.go
@@ -7,7 +7,7 @@ import (
 )
 
 func TestClient_GetRouterStatus(t *testing.T) {
-	setup()
+	setupWithoutTLS()
 
 	routerStatus, err := client.GetRouterStatus()
 	assert.NoError(t, err)
diff --git a/client.go b/client.go
@@ -2,6 +2,7 @@ package mysqlrouter
 
 import (
 	"errors"
+	"net/http"
 )
 
 const apiVer = "20190715"
@@ -11,25 +12,29 @@ type Client struct {
 	URL      string
 	Username string
 	Password string
-	SkipTLSVerify bool
+	Options  *Options
 }
 
-func newClient(url, user, pass string, skipTLSVerify bool) *Client {
+type Options struct {
+	Transport *http.Transport
+}
+
+func newClient(url, user, pass string, Options *Options) *Client {
 	return &Client{
 		URL:      url + "/api/" + apiVer,
 		Username: user,
 		Password: pass,
-		SkipTLSVerify: skipTLSVerify,
+		Options:  Options,
 	}
 }
 
 // New creates a new API client.
-func New(url, user, pass string, skipTLSVerify bool) (*Client, error) {
-	if url == ""  {
+func New(url, user, pass string, Options *Options) (*Client, error) {
+	if url == "" {
 		return nil, errors.New(errEmptyClientInformation)
 	}
 
-	client := newClient(url, user, pass, skipTLSVerify)
+	client := newClient(url, user, pass, Options)
 
 	err := client.verifyConnection()
 	if err != nil {
diff --git a/client_test.go b/client_test.go
@@ -1,13 +1,77 @@
 package mysqlrouter
 
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"net/http"
+	"path/filepath"
+	"testing"
+)
+
 var (
 	client *Client
 )
 
-func setup() {
+func setupWithoutTLS() {
 	var err error
-	client, err = New("https://mysqlrouter-test.xzy.pw", "luis", "luis", false)
+	client, err = New("http://mysql-router-http:8080", "root", "mysql", nil)
 	if err != nil {
 		panic(err)
 	}
 }
+
+// TestNewClientWithSkipTLSVerify check a connection with InsecureSkipVerify: true
+func TestNewClientWithSkipTLSVerify(t *testing.T) {
+	opts := &Options{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		},
+	}
+
+	_, err := New("https://mysql-router-https:8443", "root", "mysql", opts)
+	assert.NoError(t, err)
+}
+
+// TestNewClientWithTLS check a connection with certificates
+func TestNewClientWithTLS(t *testing.T) {
+	certPath, err := filepath.Abs("docker-compose/mysql-router/certs/localhost.crt")
+	if err != nil {
+		assert.NoError(t, err)
+	}
+	keyPath, err := filepath.Abs("docker-compose/mysql-router/certs/localhost.key")
+	if err != nil {
+		assert.NoError(t, err)
+	}
+	caPath, err := filepath.Abs("docker-compose/mysql-router/certs/localCA.crt")
+	if err != nil {
+		assert.NoError(t, err)
+	}
+
+	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
+	if err != nil {
+		assert.NoError(t, err)
+	}
+
+	caCert, err := ioutil.ReadFile(caPath)
+	if err != nil {
+		assert.NoError(t, err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	tlsConfig := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		RootCAs:      caCertPool,
+	}
+
+	opts := &Options{
+		Transport: &http.Transport{
+			TLSClientConfig: tlsConfig,
+		},
+	}
+
+	_, err = New("https://mysql-router-https:8443", "root", "mysql", opts)
+	assert.NoError(t, err)
+}
diff --git a/docker-compose b/docker-compose
@@ -0,0 +1 @@
+Subproject commit 892cc420a884d9494f62d77f9644c432e000b033
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -e
+
+echo "=============================================================================================="
+echo "To check any other containers log,"
+echo "run \"docker-compose up --build --force-recreate --always-recreate-deps --renew-anon-volumes\""
+echo "=============================================================================================="
+
+readonly MAX_TRIES=120
+
+attempt_num=0
+until curl -I -s http://mysql-router-http:8080 -k >/dev/null; do
+  echo "Waiting for mysql router(http) ($attempt_num/$MAX_TRIES)"
+  sleep $((attempt_num++))
+  if ((attempt_num == MAX_TRIES)); then
+    exit 1
+  fi
+done
+
+attempt_num=0
+until curl -I -s https://mysql-router-https:8443 -k >/dev/null; do
+  echo "Waiting for mysql router(https) ($attempt_num/$MAX_TRIES)"
+  sleep $((attempt_num++))
+  if ((attempt_num == MAX_TRIES)); then
+    exit 1
+  fi
+done
+
+echo "mysql router is ready."
+
+#
+# start go test
+#
+
+cd /go/src/mysqlrouter-go
+go test -v .
+
diff --git a/example/main.go b/example/main.go
@@ -7,7 +7,7 @@ import (
 )
 
 func main() {
-	mr, err := mysqlrouter.New("https://mysqlrouter-test.xzy.pw", "luis", "luis", false)
+	mr, err := mysqlrouter.New("http://localhost:8080", "root", "mysql", nil)
 	if err != nil {
 		panic(err)
 	}
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/rluisr/mysqlrouter-go
 
-go 1.17
+go 1.18
 
 require github.com/stretchr/testify v1.6.1
 
diff --git a/metadata_test.go b/metadata_test.go
@@ -11,7 +11,7 @@ var (
 )
 
 func TestClient_GetAllMetadata(t *testing.T) {
-	setup()
+	setupWithoutTLS()
 
 	metadatas, err := client.GetAllMetadata()
 	assert.NoError(t, err)
@@ -21,15 +21,15 @@ func TestClient_GetAllMetadata(t *testing.T) {
 }
 
 func TestClient_GetMetadataConfig(t *testing.T) {
-	setup()
+	setupWithoutTLS()
 
 	metadataConfig, err := client.GetMetadataConfig(metadata)
 	assert.NoError(t, err)
 	assert.NotEmpty(t, metadataConfig)
 }
 
 func TestClient_GetMetadataStatus(t *testing.T) {
-	setup()
+	setupWithoutTLS()
 
 	metadataStatus, err := client.GetMetadataStatus(metadata)
 	assert.NoError(t, err)
diff --git a/request.go b/request.go
@@ -1,20 +1,21 @@
 package mysqlrouter
 
 import (
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 )
 
 func (c *Client) request(url string) ([]byte, error) {
-	if c.SkipTLSVerify {
-		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-	}
-
 	client := &http.Client{}
 
+	if c.Options != nil {
+		if c.Options.Transport != nil {
+			client.Transport = c.Options.Transport
+		}
+	}
+
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, err
diff --git a/routes_test.go b/routes_test.go

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ import (`
`7`	`7`	`)`
`8`	`8`
`9`	`9`	`func TestClient_GetRouterStatus(t *testing.T) {`
`10`		`- setup()`
	`10`	`+ setupWithoutTLS()`
`11`	`11`
`12`	`12`	`routerStatus, err := client.GetRouterStatus()`
`13`	`13`	`assert.NoError(t, err)`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Subproject commit 892cc420a884d9494f62d77f9644c432e000b033`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ import (`
`7`	`7`	`)`
`8`	`8`
`9`	`9`	`func main() {`
`10`		`- mr, err := mysqlrouter.New("https://mysqlrouter-test.xzy.pw", "luis", "luis", false)`
	`10`	`+ mr, err := mysqlrouter.New("http://localhost:8080", "root", "mysql", nil)`
`11`	`11`	`if err != nil {`
`12`	`12`	`panic(err)`
`13`	`13`	`}`