func newGrpcConnection()

in dex/client.go [22:63]

• 37 lines of code
• 9 McCabe index (conditional complexity)

func newGrpcConnection() (*grpc.ClientConn, error) {
	var creds credentials.TransportCredentials

	if config.CaPath != "" {
		cPool := x509.NewCertPool()
		caCert, err := os.ReadFile(config.CaPath)
		if err != nil {
			return nil, fmt.Errorf("invalid CA crt file: %s", config.CaPath)
		}
		if !cPool.AppendCertsFromPEM(caCert) {
			return nil, fmt.Errorf("failed to parse CA crt")
		}

		if config.ClientCrt != "" && config.ClientKey != "" {
			clientCert, err := tls.LoadX509KeyPair(config.ClientCrt, config.ClientKey)
			if err != nil {
				return nil, fmt.Errorf("invalid client crt file: %s", config.ClientCrt)
			}

			clientTLSConfig := &tls.Config{
				RootCAs:      cPool,
				Certificates: []tls.Certificate{clientCert},
			}

			creds = credentials.NewTLS(clientTLSConfig)
		} else {
			creds, err = credentials.NewClientTLSFromFile(config.CaPath, "")
			if err != nil {
				return nil, fmt.Errorf("failed to load CA crt: %s", err)
			}
		}
	} else {
		creds = insecure.NewCredentials()
	}

	target := fmt.Sprintf("%s:%s", config.Host, config.Port)
	conn, err := grpc.Dial(target, grpc.WithTransportCredentials(creds))
	if err != nil {
		return nil, fmt.Errorf("dial: %v", err)
	}
	return conn, nil
}