func()

in internal/search/grpc.go [180:236]

• 41 lines of code
• 10 McCabe index (conditional complexity)

func (searcher *Searcher) getGrpcConn(endpoint string) (*grpc.ClientConn, error) {
	endpointInfo, parseErr := parseEndpoint(endpoint)

	if parseErr != nil {
		return nil, fmt.Errorf("failed to parse endpoint: %w", parseErr)
	}

	searcher.grpcMutex.Lock()
	defer searcher.grpcMutex.Unlock()

	if searcher.GrpcConns == nil {
		searcher.GrpcConns = make(map[string]*grpc.ClientConn)
	}

	if conn, ok := searcher.GrpcConns[endpointInfo.HostPort]; ok {
		return conn, nil
	}

	var opts []grpc.DialOption

	if endpointInfo.Protocol == "https" {
		// Setup TLS credentials with system certificates
		tlsConfig := &tls.Config{
			ServerName: searcher.TLSServerName,
			MinVersion: tls.VersionTLS12,
		}

		// If no server name is explicitly set, use the host from the endpoint
		if tlsConfig.ServerName == "" && !tlsConfig.InsecureSkipVerify {
			// Extract hostname from HostPort (remove port if present)
			hostParts := strings.Split(endpointInfo.HostPort, ":")
			tlsConfig.ServerName = hostParts[0]
		}

		// Use system certificates
		systemPool, err := x509.SystemCertPool()
		if err != nil {
			slog.Warn("could not load system certificate pool", "error", err)
		} else if systemPool != nil {
			tlsConfig.RootCAs = systemPool
		}

		creds := credentials.NewTLS(tlsConfig)
		opts = append(opts, grpc.WithTransportCredentials(creds))
	} else {
		// Use insecure connection
		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
	}

	// Create connection only using host:port
	newConn, err := grpc.NewClient(endpointInfo.HostPort, opts...)
	if err != nil {
		return nil, err
	}
	searcher.GrpcConns[endpointInfo.HostPort] = newConn
	return newConn, nil
}