Add support for gitaly tlsgitaly-tls

1 files changed, 20 insertions, 1 deletions

diff --git a/go/internal/handler/handler.go b/go/internal/handler/handler.go
index f8e8bee..abe59ec 100644
--- a/go/internal/handler/handler.go
+++ b/go/internal/handler/handler.go
@@ -1,11 +1,14 @@
 package handler
 
 import (
+	"crypto/x509"
 	"os"
 	"os/exec"
+	"strings"
 	"syscall"
 
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 
 	"gitlab.com/gitlab-org/gitaly/auth"
 	"gitlab.com/gitlab-org/gitaly/client"
@@ -31,6 +34,14 @@ func Prepare() error {
 	return nil
 }
 
+func transFormTls(gitalyAddress string) (string, bool) {
+	if !strings.HasPrefix(gitalyAddress, "tls://") {
+		return gitalyAddress, false
+	}
+
+	return strings.Replace(gitalyAddress, "tls://", "tcp://", 1), true
+}
+
 func execCommand(command string, args ...string) error {
 	binPath, err := exec.LookPath(command)
 	if err != nil {
@@ -41,11 +52,19 @@ func execCommand(command string, args ...string) error {
 	return syscall.Exec(binPath, args, os.Environ())
 }
 
-func dialOpts() []grpc.DialOption {
+func dialOpts(tls bool) []grpc.DialOption {
 	connOpts := client.DefaultDialOpts
 	if token := os.Getenv("GITALY_TOKEN"); token != "" {
 		connOpts = append(client.DefaultDialOpts, grpc.WithPerRPCCredentials(gitalyauth.RPCCredentialsV2(token)))
 	}
 
+	if tls {
+		certPool, err := x509.SystemCertPool()
+		if err == nil {
+			creds := credentials.NewClientTLSFromCert(certPool, "")
+			connOpts = append(connOpts, grpc.WithTransportCredentials(creds))
+		}
+	}
+
 	return connOpts
 }