[#1170] node: Support morph mTLS
All checks were successful
Vulncheck / Vulncheck (pull_request) Successful in 3m18s
DCO action / DCO (pull_request) Successful in 3m33s
Build / Build Components (1.21) (pull_request) Successful in 4m15s
Build / Build Components (1.22) (pull_request) Successful in 4m28s
Tests and linters / gopls check (pull_request) Successful in 4m58s
Tests and linters / Staticcheck (pull_request) Successful in 5m8s
Tests and linters / Lint (pull_request) Successful in 6m14s
Pre-commit hooks / Pre-commit (pull_request) Successful in 8m13s
Tests and linters / Tests (1.21) (pull_request) Successful in 9m59s
Tests and linters / Tests with -race (pull_request) Successful in 9m52s
Tests and linters / Tests (1.22) (pull_request) Successful in 10m6s

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
Evgenii Stratonikov 2024-06-11 15:48:06 +03:00
parent 96fe271bab
commit dbd3b238f7
5 changed files with 33 additions and 3 deletions

View file

@ -54,9 +54,20 @@ func RPCEndpoint(c *config.Config) []client.Endpoint {
priority = PriorityDefault priority = PriorityDefault
} }
var mtlsConfig *client.MTLSConfig
rootCAs := config.StringSliceSafe(s, "trusted_ca_list")
if len(rootCAs) != 0 {
mtlsConfig = &client.MTLSConfig{
TrustedCAList: rootCAs,
KeyFile: config.StringSafe(s, "key"),
CertFile: config.StringSafe(s, "certificate"),
}
}
es = append(es, client.Endpoint{ es = append(es, client.Endpoint{
Address: addr, Address: addr,
Priority: priority, Priority: priority,
MTLSConfig: mtlsConfig,
}) })
} }

View file

@ -28,6 +28,13 @@ func TestMorphSection(t *testing.T) {
{ {
Address: "wss://rpc1.morph.frostfs.info:40341/ws", Address: "wss://rpc1.morph.frostfs.info:40341/ws",
Priority: 1, Priority: 1,
MTLSConfig: &client.MTLSConfig{
TrustedCAList: []string{
"/path/to/ca.pem",
},
KeyFile: "/path/to/key",
CertFile: "/path/to/cert",
},
}, },
{ {
Address: "wss://rpc2.morph.frostfs.info:40341/ws", Address: "wss://rpc2.morph.frostfs.info:40341/ws",

View file

@ -61,6 +61,9 @@ FROSTFS_MORPH_CACHE_TTL=15s
FROSTFS_MORPH_SWITCH_INTERVAL=3m FROSTFS_MORPH_SWITCH_INTERVAL=3m
FROSTFS_MORPH_RPC_ENDPOINT_0_ADDRESS="wss://rpc1.morph.frostfs.info:40341/ws" FROSTFS_MORPH_RPC_ENDPOINT_0_ADDRESS="wss://rpc1.morph.frostfs.info:40341/ws"
FROSTFS_MORPH_RPC_ENDPOINT_0_PRIORITY=0 FROSTFS_MORPH_RPC_ENDPOINT_0_PRIORITY=0
FROSTFS_MORPH_RPC_ENDPOINT_0_TRUSTED_CA_LIST="/path/to/ca.pem"
FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE="/path/to/cert"
FROSTFS_MORPH_RPC_ENDPOINT_0_KEY="/path/to/key"
FROSTFS_MORPH_RPC_ENDPOINT_1_ADDRESS="wss://rpc2.morph.frostfs.info:40341/ws" FROSTFS_MORPH_RPC_ENDPOINT_1_ADDRESS="wss://rpc2.morph.frostfs.info:40341/ws"
FROSTFS_MORPH_RPC_ENDPOINT_1_PRIORITY=2 FROSTFS_MORPH_RPC_ENDPOINT_1_PRIORITY=2
FROSTFS_MORPH_APE_CHAIN_CACHE_SIZE=100000 FROSTFS_MORPH_APE_CHAIN_CACHE_SIZE=100000

View file

@ -95,7 +95,12 @@
"rpc_endpoint": [ "rpc_endpoint": [
{ {
"address": "wss://rpc1.morph.frostfs.info:40341/ws", "address": "wss://rpc1.morph.frostfs.info:40341/ws",
"priority": 0 "priority": 0,
"trusted_ca_list": [
"/path/to/ca.pem"
],
"certificate": "/path/to/cert",
"key": "/path/to/key"
}, },
{ {
"address": "wss://rpc2.morph.frostfs.info:40341/ws", "address": "wss://rpc2.morph.frostfs.info:40341/ws",

View file

@ -84,6 +84,10 @@ morph:
rpc_endpoint: # side chain NEO RPC endpoints; are shuffled and used one by one until the first success rpc_endpoint: # side chain NEO RPC endpoints; are shuffled and used one by one until the first success
- address: wss://rpc1.morph.frostfs.info:40341/ws - address: wss://rpc1.morph.frostfs.info:40341/ws
priority: 0 priority: 0
trusted_ca_list:
- "/path/to/ca.pem"
certificate: "/path/to/cert"
key: "/path/to/key"
- address: wss://rpc2.morph.frostfs.info:40341/ws - address: wss://rpc2.morph.frostfs.info:40341/ws
priority: 2 priority: 2
ape_chain_cache_size: 100000 ape_chain_cache_size: 100000