func()

in internal/pkg/config/instrumentation.go [53:116]

• 57 lines of code
• 14 McCabe index (conditional complexity)

func (c *Instrumentation) APMHTTPTransportOptions() (apmtransport.HTTPTransportOptions, error) {
	hosts := make([]*url.URL, 0, len(c.Hosts))
	for _, host := range c.Hosts {
		u, err := url.Parse(host)
		if err != nil {
			return apmtransport.HTTPTransportOptions{}, fmt.Errorf("failed parsing %s: %w", host, err)
		}
		hosts = append(hosts, u)
	}

	tlsConfig := &tls.Config{
		InsecureSkipVerify: c.TLS.SkipVerify, //nolint:gosec // users can disable tls validation
	}

	if c.TLS.ServerCertificate != "" {
		p, err := os.ReadFile(c.TLS.ServerCertificate)
		if err != nil {
			return apmtransport.HTTPTransportOptions{}, fmt.Errorf("unable to read instrumentation certificate: %w", err)
		}
		block, _ := pem.Decode(p)
		cert, err := x509.ParseCertificate(block.Bytes)
		if err != nil {
			return apmtransport.HTTPTransportOptions{}, fmt.Errorf("unable to parse instrumentation certificate: %w", err)
		}
		tlsConfig.InsecureSkipVerify = true
		tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
			return verifyPeerCertificate(rawCerts, cert)
		}
	}

	if c.TLS.ServerCA != "" {
		pool, errs := tlscommon.LoadCertificateAuthorities([]string{c.TLS.ServerCA})
		// FIXME once we update elastic-agent-libs to go 1.20 we can return multiple errors directly with errors.Join()
		if len(errs) != 0 {
			return apmtransport.HTTPTransportOptions{}, fmt.Errorf("unable to load instrumentation cas: %w", errors.Join(errs...))
		}
		tlsConfig.RootCAs = pool
	}

	apiKey := c.APIKey
	if c.APIKey == "" && c.APIKeyPath != "" {
		p, err := os.ReadFile(c.APIKeyPath)
		if err != nil {
			return apmtransport.HTTPTransportOptions{}, fmt.Errorf("unable to read API key file: %w", err)
		}
		apiKey = string(p)
	}

	secretToken := c.SecretToken
	if c.SecretToken == "" && c.SecretTokenPath != "" {
		p, err := os.ReadFile(c.SecretTokenPath)
		if err != nil {
			return apmtransport.HTTPTransportOptions{}, fmt.Errorf("unable to read secret token file: %w", err)
		}
		secretToken = string(p)
	}

	return apmtransport.HTTPTransportOptions{
		APIKey:          apiKey,
		SecretToken:     secretToken,
		ServerURLs:      hosts,
		TLSClientConfig: tlsConfig,
	}, nil
}