singchia · singchia · Apr 4, 2024 · Apr 3, 2024 · Apr 4, 2024
diff --git a/cmd/frontctl/main.go b/cmd/frontctl/main.go
@@ -0,0 +1,3 @@
+package main
+
+func main() {}
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -19,3 +19,9 @@ type Listen struct {
 	Addr    string `yaml:"addr"`
 	TLS     TLS    `yaml:"tls"`
 }
+
+type Dial struct {
+	Network string `yaml:"network"`
+	Addr    string `yaml:"addr"`
+	TLS     TLS    `yaml:"tls"`
+}
diff --git a/pkg/frontier/config/config.go b/pkg/frontier/config/config.go
@@ -43,8 +43,9 @@ type Bypass struct {
 	TLS     config.TLS `yaml:"tls"`  // certs to dial or ca to auth
 }
 type Edgebound struct {
-	Listen config.Listen `yaml:"listen"`
-	Bypass Bypass        `yaml:"bypass"`
+	Listen       config.Listen `yaml:"listen"`
+	Bypass       config.Dial   `yaml:"bypass"`
+	BypassEnable bool          `yaml:"bypass_enable"`
 	// alloc edgeID when no get_id function online
 	EdgeIDAllocWhenNoIDServiceOn bool `yaml:"edgeid_alloc_when_no_idservice_on"`
 }
@@ -243,10 +244,7 @@ type Dao struct {
 
 // frontlas
 type Frontlas struct {
-	Enable  bool       `yaml:"enable"`
-	Network string     `yaml:"network"`
-	Addr    string     `yaml:"addr"` // addr to dial
-	TLS     config.TLS `yaml:"tls"`  // certs to dial or ca to auth
+	Dial config.Dial
 }
 
 type Configuration struct {
@@ -386,8 +384,8 @@ func genDefaultConfig(writer io.Writer) error {
 				},
 			},
 			EdgeIDAllocWhenNoIDServiceOn: true,
-			Bypass: Bypass{
-				Enable:  false,
+			BypassEnable:                 false,
+			Bypass: config.Dial{
 				Network: "tcp",
 				Addr:    "192.168.1.10:8443",
 				TLS: config.TLS{

diff --git a/pkg/frontier/edgebound/edge_manager.go b/pkg/frontier/edgebound/edge_manager.go
@@ -2,10 +2,7 @@ package edgebound
 
 import (
 	"context"
-	"crypto/tls"
-	"crypto/x509"
 	"net"
-	"os"
 	"strings"
 	"sync"
 
@@ -87,7 +84,7 @@ func newEdgeManager(conf *config.Configuration, repo apis.Repo, informer apis.Ed
 	}
 
 	geminioLn := ln
-	bypass := conf.Edgebound.Bypass.Enable
+	bypass := conf.Edgebound.BypassEnable
 	if bypass {
 		// multiplexer
 		cm := cmux.New(ln)
@@ -108,76 +105,12 @@ func newEdgeManager(conf *config.Configuration, repo apis.Repo, informer apis.Ed
 }
 
 func (em *edgeManager) bypassDial(_ net.Addr, _ interface{}) (net.Conn, error) {
-	bypass := &em.conf.Edgebound.Bypass
-	var (
-		network string = bypass.Network
-		addr    string = bypass.Addr
-	)
-
-	if !bypass.TLS.Enable {
-		conn, err := net.Dial(network, addr)
-		if err != nil {
-			return nil, err
-		}
-		return conn, err
-	} else {
-		// load all certs to dial
-		certs := []tls.Certificate{}
-		for _, certFile := range bypass.TLS.Certs {
-			cert, err := tls.LoadX509KeyPair(certFile.Cert, certFile.Key)
-			if err != nil {
-				klog.Errorf("edge manager bypass tls load x509 cert err: %s, cert: %s, key: %s", err, certFile.Cert, certFile.Key)
-				continue
-			}
-			certs = append(certs, cert)
-		}
-
-		if !bypass.TLS.MTLS {
-			// tls
-			conn, err := tls.Dial(network, addr, &tls.Config{
-				Certificates: certs,
-				// it's user's call to verify the server certs or not.
-				InsecureSkipVerify: bypass.TLS.InsecureSkipVerify,
-			})
-			if err != nil {
-				klog.Errorf("edge manager bypass tls dial err: %s, network: %s, addr: %s", err, network, addr)
-				return nil, err
-			}
-			return conn, nil
-		} else {
-			// mtls, dial with our certs
-			// load all ca certs to pool
-			caPool := x509.NewCertPool()
-			for _, caFile := range bypass.TLS.CACerts {
-				ca, err := os.ReadFile(caFile)
-				if err != nil {
-					klog.Errorf("edge manager bypass read ca cert err: %s, file: %s", err, caFile)
-					return nil, err
-				}
-				if !caPool.AppendCertsFromPEM(ca) {
-					klog.Warningf("edge manager bypass append ca cert to ca pool err: %s, file: %s", err, caFile)
-					continue
-				}
-			}
-			conn, err := tls.Dial(network, addr, &tls.Config{
-				Certificates: certs,
-				// we should not skip the verify.
-				InsecureSkipVerify: bypass.TLS.InsecureSkipVerify,
-				RootCAs:            caPool,
-			})
-			if err != nil {
-				klog.Errorf("edge manager bypass tls dial err: %s, network: %s, addr: %s", err, network, addr)
-				return nil, err
-			}
-			return conn, nil
-		}
-	}
+	return utils.Dial(&em.conf.Edgebound.Bypass)
 }
 
 // Serve blocks until the Accept error
 func (em *edgeManager) Serve() error {
-	bypass := &em.conf.Edgebound.Bypass
-	if bypass.Enable {
+	if em.conf.Edgebound.BypassEnable {
 		go em.cm.Serve()
 		go em.rp.Proxy(context.TODO())
 	}
@@ -264,8 +197,7 @@ func (em *edgeManager) DelEdgeByID(edgeID uint64) error {
 
 // Close all edges and manager
 func (em *edgeManager) Close() error {
-	bypass := &em.conf.Edgebound.Bypass
-	if bypass.Enable {
+	if em.conf.Edgebound.BypassEnable {
 		em.cm.Close()
 		em.rp.Close()
 	}

diff --git a/pkg/utils/dial.go b/pkg/utils/dial.go
@@ -0,0 +1,77 @@
+package utils
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"net"
+	"os"
+
+	"github.com/singchia/frontier/pkg/config"
+	"k8s.io/klog/v2"
+)
+
+func Dial(dial *config.Dial) (net.Conn, error) {
+	var (
+		network string = dial.Network
+		addr    string = dial.Addr
+	)
+
+	if dial.TLS.Enable {
+		conn, err := net.Dial(network, addr)
+		if err != nil {
+			return nil, err
+		}
+		return conn, err
+	} else {
+		// load all certs to dial
+		certs := []tls.Certificate{}
+		for _, certFile := range dial.TLS.Certs {
+			cert, err := tls.LoadX509KeyPair(certFile.Cert, certFile.Key)
+			if err != nil {
+				klog.Errorf("dial, tls load x509 cert err: %s, cert: %s, key: %s", err, certFile.Cert, certFile.Key)
+				continue
+			}
+			certs = append(certs, cert)
+		}
+
+		if !dial.TLS.MTLS {
+			// tls
+			conn, err := tls.Dial(network, addr, &tls.Config{
+				Certificates: certs,
+				// it's user's call to verify the server certs or not.
+				InsecureSkipVerify: dial.TLS.InsecureSkipVerify,
+			})
+			if err != nil {
+				klog.Errorf("tls dial err: %s, network: %s, addr: %s", err, network, addr)
+				return nil, err
+			}
+			return conn, nil
+		} else {
+			// mtls, dial with our certs
+			// load all ca certs to pool
+			caPool := x509.NewCertPool()
+			for _, caFile := range dial.TLS.CACerts {
+				ca, err := os.ReadFile(caFile)
+				if err != nil {
+					klog.Errorf("dial read ca cert err: %s, file: %s", err, caFile)
+					return nil, err
+				}
+				if !caPool.AppendCertsFromPEM(ca) {
+					klog.Warningf("dial append ca cert to ca pool err: %s, file: %s", err, caFile)
+					continue
+				}
+			}
+			conn, err := tls.Dial(network, addr, &tls.Config{
+				Certificates: certs,
+				// we should not skip the verify.
+				InsecureSkipVerify: dial.TLS.InsecureSkipVerify,
+				RootCAs:            caPool,
+			})
+			if err != nil {
+				klog.Errorf("dial tls dial err: %s, network: %s, addr: %s", err, network, addr)
+				return nil, err
+			}
+			return conn, nil
+		}
+	}
+}