Merge pull request #16 from greenrd/clienthelper-use-lenses

brendandburns · web-flow · commit 12b071f6d4ac · 2018-04-07T08:00:05.000-07:00
Use lenses in client-helper to make functions shorter
diff --git a/kubernetes-client-helper/package.yaml b/kubernetes-client-helper/package.yaml
@@ -15,6 +15,7 @@ dependencies:
   - x509-validation
   - http-client >=0.5 && <0.6
   - http-client-tls
+  - microlens >= 0.4.3 && <0.5
   - bytestring >=0.10.0 && <0.11
   - text >=0.11 && <1.3
   - safe-exceptions <0.2
diff --git a/kubernetes-client-helper/src/Kubernetes/ClientHelper.hs b/kubernetes-client-helper/src/Kubernetes/ClientHelper.hs
@@ -18,8 +18,9 @@ import           Data.Typeable              (Typeable)
 import           Data.X509                  (SignedCertificate,
                                              decodeSignedCertificate)
 import qualified Data.X509                  as X509
-import           Data.X509.CertificateStore (makeCertificateStore)
+import           Data.X509.CertificateStore (CertificateStore, makeCertificateStore)
 import qualified Data.X509.Validation       as X509
+import           Lens.Micro                 (Lens', lens, set)
 import           Network.Connection         (TLSSettings (..))
 import qualified Network.HTTP.Client        as NH
 import           Network.HTTP.Client.TLS    (mkManagerSettings)
@@ -67,25 +68,22 @@ defaultTLSClientParams = do
             }
         }
 
+clientHooksL :: Lens' TLS.ClientParams TLS.ClientHooks
+clientHooksL = lens TLS.clientHooks (\cp ch -> cp { TLS.clientHooks = ch })
+
+onServerCertificateL :: Lens' TLS.ClientParams (CertificateStore -> TLS.ValidationCache -> X509.ServiceID -> X509.CertificateChain -> IO [X509.FailedReason])
+onServerCertificateL =
+  clientHooksL . lens TLS.onServerCertificate (\ch osc -> ch { TLS.onServerCertificate = osc })
+
 -- |Don't check whether the cert presented by the server matches the name of the server you are connecting to.
 -- This is necessary if you specify the server host by its IP address.
 disableServerNameValidation :: TLS.ClientParams -> TLS.ClientParams
-disableServerNameValidation cp = cp
-    { TLS.clientHooks = (TLS.clientHooks cp)
-        { TLS.onServerCertificate = X509.validate
-            X509.HashSHA256
-            def
-            def { X509.checkFQHN = False }
-        }
-    }
+disableServerNameValidation =
+  set onServerCertificateL (X509.validate X509.HashSHA256 def (def { X509.checkFQHN = False }))
 
 -- |Insecure mode. The client will not validate the server cert at all.
 disableServerCertValidation :: TLS.ClientParams -> TLS.ClientParams
-disableServerCertValidation cp = cp
-    { TLS.clientHooks = (TLS.clientHooks cp)
-        { TLS.onServerCertificate = (\_ _ _ _ -> return [])
-        }
-    }
+disableServerCertValidation = set onServerCertificateL (\_ _ _ _ -> return [])
 
 -- |Use a custom CA store.
 setCAStore :: [SignedCertificate] -> TLS.ClientParams -> TLS.ClientParams
@@ -95,13 +93,13 @@ setCAStore certs cp = cp
         }
     }
 
+onCertificateRequestL :: Lens' TLS.ClientParams (([TLS.CertificateType], Maybe [TLS.HashAndSignatureAlgorithm], [X509.DistinguishedName]) -> IO (Maybe (X509.CertificateChain, TLS.PrivKey)))
+onCertificateRequestL =
+  clientHooksL . lens TLS.onCertificateRequest (\ch ocr -> ch { TLS.onCertificateRequest = ocr })
+
 -- |Use a client cert for authentication.
 setClientCert :: Credential -> TLS.ClientParams -> TLS.ClientParams
-setClientCert cred cp = cp
-    { TLS.clientHooks = (TLS.clientHooks cp)
-        { TLS.onCertificateRequest = (\_ -> return (Just cred))
-        }
-    }
+setClientCert cred = set onCertificateRequestL (\_ -> return $ Just cred)
 
 -- |Parses a PEM-encoded @ByteString@ into a list of certificates.
 parsePEMCerts :: B.ByteString -> Either String [SignedCertificate]
