[#139] Add root ca cert for telemetry configuration

Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
2024-09-10 10:09:51 +03:00 · 2024-09-10 10:09:51 +03:00 · 032c313308
commit 032c313308
parent 843708a558
7 changed files with 102 additions and 102 deletions
--- a/cmd/http-gw/app.go
+++ b/cmd/http-gw/app.go
@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"context"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"net/http"
@ -737,6 +738,22 @@ func (a *app) initTracing(ctx context.Context) {
 		InstanceID: instanceID,
 		Version:    Version,
 	}
+
+	if trustedCa := a.cfg.GetString(cfgTracingTrustedCa); trustedCa != "" {
+		caBytes, err := os.ReadFile(trustedCa)
+		if err != nil {
+			a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err))
+			return
+		}
+		certPool := x509.NewCertPool()
+		ok := certPool.AppendCertsFromPEM(caBytes)
+		if !ok {
+			a.log.Warn(logs.FailedToInitializeTracing, zap.String("error", "can't fill cert pool by ca cert"))
+			return
+		}
+		cfg.ServerCaCertPool = certPool
+	}
+
 	updated, err := tracing.Setup(ctx, cfg)
 	if err != nil {
 		a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err))
--- a/cmd/http-gw/settings.go
+++ b/cmd/http-gw/settings.go
@ -75,9 +75,10 @@ const (
 	cfgPprofAddress      = "pprof.address"

 	// Tracing ...
-	cfgTracingEnabled  = "tracing.enabled"
-	cfgTracingExporter = "tracing.exporter"
-	cfgTracingEndpoint = "tracing.endpoint"
+	cfgTracingEnabled   = "tracing.enabled"
+	cfgTracingExporter  = "tracing.exporter"
+	cfgTracingEndpoint  = "tracing.endpoint"
+	cfgTracingTrustedCa = "tracing.trusted_ca"

 	// Pool config.
 	cfgConTimeout         = "connect_timeout"