vendor/github.com/moby/buildkit/client/client.go - third_party/github.com/moby/moby - Git at Google

 package client

 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"io/ioutil"

 	"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
 	controlapi "github.com/moby/buildkit/api/services/control"
 	"github.com/moby/buildkit/util/appdefaults"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )

 type Client struct {
 	conn *grpc.ClientConn
 }

 type ClientOpt interface{}

 // New returns a new buildkit client. Address can be empty for the system-default address.
 func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error) {
 	gopts := []grpc.DialOption{
 		grpc.WithDialer(dialer),
 		grpc.FailOnNonTempDialError(true),
 	}
 	needWithInsecure := true
 	for _, o := range opts {
 		if _, ok := o.(*withBlockOpt); ok {
 			gopts = append(gopts, grpc.WithBlock(), grpc.FailOnNonTempDialError(true))
 		}
 		if credInfo, ok := o.(*withCredentials); ok {
 			opt, err := loadCredentials(credInfo)
 			if err != nil {
 				return nil, err
 			}
 			gopts = append(gopts, opt)
 			needWithInsecure = false
 		}
 		if wt, ok := o.(*withTracer); ok {
 			gopts = append(gopts,
 				grpc.WithUnaryInterceptor(otgrpc.OpenTracingClientInterceptor(wt.tracer, otgrpc.LogPayloads())),
 				grpc.WithStreamInterceptor(otgrpc.OpenTracingStreamClientInterceptor(wt.tracer)))
 		}
 	}
 	if needWithInsecure {
 		gopts = append(gopts, grpc.WithInsecure())
 	}
 	if address == "" {
 		address = appdefaults.Address
 	}

 	conn, err := grpc.DialContext(ctx, address, gopts...)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to dial %q . make sure buildkitd is running", address)
 	}
 	c := &Client{
 		conn: conn,
 	}
 	return c, nil
 }

 func (c *Client) controlClient() controlapi.ControlClient {
 	return controlapi.NewControlClient(c.conn)
 }

 func (c *Client) Close() error {
 	return c.conn.Close()
 }

 type withBlockOpt struct{}

 func WithBlock() ClientOpt {
 	return &withBlockOpt{}
 }

 type withCredentials struct {
 	ServerName string
 	CACert     string
 	Cert       string
 	Key        string
 }

 // WithCredentials configures the TLS parameters of the client.
 // Arguments:
 // * serverName: specifies the name of the target server
 // * ca:				 specifies the filepath of the CA certificate to use for verification
 // * cert:			 specifies the filepath of the client certificate
 // * key:				 specifies the filepath of the client key
 func WithCredentials(serverName, ca, cert, key string) ClientOpt {
 	return &withCredentials{serverName, ca, cert, key}
 }

 func loadCredentials(opts *withCredentials) (grpc.DialOption, error) {
 	ca, err := ioutil.ReadFile(opts.CACert)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not read ca certificate")
 	}

 	certPool := x509.NewCertPool()
 	if ok := certPool.AppendCertsFromPEM(ca); !ok {
 		return nil, errors.New("failed to append ca certs")
 	}

 	cfg := &tls.Config{
 		ServerName: opts.ServerName,
 		RootCAs:    certPool,
 	}

 	// we will produce an error if the user forgot about either cert or key if at least one is specified
 	if opts.Cert != "" || opts.Key != "" {
 		cert, err := tls.LoadX509KeyPair(opts.Cert, opts.Key)
 		if err != nil {
 			return nil, errors.Wrap(err, "could not read certificate/key")
 		}
 		cfg.Certificates = []tls.Certificate{cert}
 		cfg.BuildNameToCertificate()
 	}

 	return grpc.WithTransportCredentials(credentials.NewTLS(cfg)), nil
 }

 func WithTracer(t opentracing.Tracer) ClientOpt {
 	return &withTracer{t}
 }

 type withTracer struct {
 	tracer opentracing.Tracer
 }
	package client

	import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"

	"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
	controlapi "github.com/moby/buildkit/api/services/control"
	"github.com/moby/buildkit/util/appdefaults"
	opentracing "github.com/opentracing/opentracing-go"
	"github.com/pkg/errors"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
	)

	type Client struct {
	conn *grpc.ClientConn
	}

	type ClientOpt interface{}

	// New returns a new buildkit client. Address can be empty for the system-default address.
	func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error) {
	gopts := []grpc.DialOption{
	grpc.WithDialer(dialer),
	grpc.FailOnNonTempDialError(true),
	}
	needWithInsecure := true
	for _, o := range opts {
	if _, ok := o.(*withBlockOpt); ok {
	gopts = append(gopts, grpc.WithBlock(), grpc.FailOnNonTempDialError(true))
	}
	if credInfo, ok := o.(*withCredentials); ok {
	opt, err := loadCredentials(credInfo)
	if err != nil {
	return nil, err
	}
	gopts = append(gopts, opt)
	needWithInsecure = false
	}
	if wt, ok := o.(*withTracer); ok {
	gopts = append(gopts,
	grpc.WithUnaryInterceptor(otgrpc.OpenTracingClientInterceptor(wt.tracer, otgrpc.LogPayloads())),
	grpc.WithStreamInterceptor(otgrpc.OpenTracingStreamClientInterceptor(wt.tracer)))
	}
	}
	if needWithInsecure {
	gopts = append(gopts, grpc.WithInsecure())
	}
	if address == "" {
	address = appdefaults.Address
	}

	conn, err := grpc.DialContext(ctx, address, gopts...)
	if err != nil {
	return nil, errors.Wrapf(err, "failed to dial %q . make sure buildkitd is running", address)
	}
	c := &Client{
	conn: conn,
	}
	return c, nil
	}

	func (c *Client) controlClient() controlapi.ControlClient {
	return controlapi.NewControlClient(c.conn)
	}

	func (c *Client) Close() error {
	return c.conn.Close()
	}

	type withBlockOpt struct{}

	func WithBlock() ClientOpt {
	return &withBlockOpt{}
	}

	type withCredentials struct {
	ServerName string
	CACert string
	Cert string
	Key string
	}

	// WithCredentials configures the TLS parameters of the client.
	// Arguments:
	// * serverName: specifies the name of the target server
	// * ca: specifies the filepath of the CA certificate to use for verification
	// * cert: specifies the filepath of the client certificate
	// * key: specifies the filepath of the client key
	func WithCredentials(serverName, ca, cert, key string) ClientOpt {
	return &withCredentials{serverName, ca, cert, key}
	}

	func loadCredentials(opts *withCredentials) (grpc.DialOption, error) {
	ca, err := ioutil.ReadFile(opts.CACert)
	if err != nil {
	return nil, errors.Wrap(err, "could not read ca certificate")
	}

	certPool := x509.NewCertPool()
	if ok := certPool.AppendCertsFromPEM(ca); !ok {
	return nil, errors.New("failed to append ca certs")
	}

	cfg := &tls.Config{
	ServerName: opts.ServerName,
	RootCAs: certPool,
	}

	// we will produce an error if the user forgot about either cert or key if at least one is specified
	if opts.Cert != "" \|\| opts.Key != "" {
	cert, err := tls.LoadX509KeyPair(opts.Cert, opts.Key)
	if err != nil {
	return nil, errors.Wrap(err, "could not read certificate/key")
	}
	cfg.Certificates = []tls.Certificate{cert}
	cfg.BuildNameToCertificate()
	}

	return grpc.WithTransportCredentials(credentials.NewTLS(cfg)), nil
	}

	func WithTracer(t opentracing.Tracer) ClientOpt {
	return &withTracer{t}
	}

	type withTracer struct {
	tracer opentracing.Tracer
	}