blob: 736677542bee4788732b59da860956ba3f43f5b5 [file] [log] [blame]
// Copyright 2016 The LUCI Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
package client
import (
// Parameters is passed to New.
type Parameters struct {
// PrivateKeyPath is a path to a file with a private key PEM file.
// Required.
PrivateKeyPath string
// CertificatePath is a path to a file with a corresponding certificate.
// Required. It must match the private key (this will be verified).
CertificatePath string
// Backend is a hostname of the token server to talk to.
// Required.
Backend string
// Insecure is true to use 'http' protocol instead of 'https'.
// Useful on localhost. Default is "secure".
Insecure bool
// Client is non-authenticating HTTP client to build pRPC transport on top of.
// Default is http.DefaultClient.
Client *http.Client
// Retry defines how to retry RPC requests on transient errors.
// Use retry.Default for default strategy. Default is "no retries".
Retry retry.Factory
// New returns new Client that uses PEM encoded keys and talks
// to the server via pRPC.
func New(params Parameters) (*Client, error) {
signer, err := LoadX509Signer(params.PrivateKeyPath, params.CertificatePath)
if err != nil {
return nil, err
return &Client{
Client: minter.NewTokenMinterClient(&prpc.Client{
C: params.Client,
Host: params.Backend,
Options: &prpc.Options{
Retry: params.Retry,
Insecure: params.Insecure,
Signer: signer,
}, nil