[#1170] node: Support morph mTLS

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-06-11 15:48:06 +03:00 · 2024-06-11 15:48:06 +03:00 · dbd3b238f7
commit dbd3b238f7
parent 96fe271bab
5 changed files with 33 additions and 3 deletions
--- a/cmd/frostfs-node/config/morph/config.go
+++ b/cmd/frostfs-node/config/morph/config.go
@ -54,9 +54,20 @@ func RPCEndpoint(c *config.Config) []client.Endpoint {
 			priority = PriorityDefault
 		}

+		var mtlsConfig *client.MTLSConfig
+		rootCAs := config.StringSliceSafe(s, "trusted_ca_list")
+		if len(rootCAs) != 0 {
+			mtlsConfig = &client.MTLSConfig{
+				TrustedCAList: rootCAs,
+				KeyFile:       config.StringSafe(s, "key"),
+				CertFile:      config.StringSafe(s, "certificate"),
+			}
+		}
+
 		es = append(es, client.Endpoint{
-			Address:  addr,
-			Priority: priority,
+			Address:    addr,
+			Priority:   priority,
+			MTLSConfig: mtlsConfig,
 		})
 	}

--- a/cmd/frostfs-node/config/morph/config_test.go
+++ b/cmd/frostfs-node/config/morph/config_test.go
@ -28,6 +28,13 @@ func TestMorphSection(t *testing.T) {
 		{
 			Address:  "wss://rpc1.morph.frostfs.info:40341/ws",
 			Priority: 1,
+			MTLSConfig: &client.MTLSConfig{
+				TrustedCAList: []string{
+					"/path/to/ca.pem",
+				},
+				KeyFile:  "/path/to/key",
+				CertFile: "/path/to/cert",
+			},
 		},
 		{
 			Address:  "wss://rpc2.morph.frostfs.info:40341/ws",
--- a/config/example/node.env
+++ b/config/example/node.env
@ -61,6 +61,9 @@ FROSTFS_MORPH_CACHE_TTL=15s
 FROSTFS_MORPH_SWITCH_INTERVAL=3m
 FROSTFS_MORPH_RPC_ENDPOINT_0_ADDRESS="wss://rpc1.morph.frostfs.info:40341/ws"
 FROSTFS_MORPH_RPC_ENDPOINT_0_PRIORITY=0
+FROSTFS_MORPH_RPC_ENDPOINT_0_TRUSTED_CA_LIST="/path/to/ca.pem"
+FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE="/path/to/cert"
+FROSTFS_MORPH_RPC_ENDPOINT_0_KEY="/path/to/key"
 FROSTFS_MORPH_RPC_ENDPOINT_1_ADDRESS="wss://rpc2.morph.frostfs.info:40341/ws"
 FROSTFS_MORPH_RPC_ENDPOINT_1_PRIORITY=2
 FROSTFS_MORPH_APE_CHAIN_CACHE_SIZE=100000
--- a/config/example/node.json
+++ b/config/example/node.json
@ -95,7 +95,12 @@
    "rpc_endpoint": [
      {
        "address": "wss://rpc1.morph.frostfs.info:40341/ws",
-        "priority": 0
+        "priority": 0,
+        "trusted_ca_list": [
+          "/path/to/ca.pem"
+        ],
+        "certificate": "/path/to/cert",
+        "key": "/path/to/key"
      },
      {
        "address": "wss://rpc2.morph.frostfs.info:40341/ws",
--- a/config/example/node.yaml
+++ b/config/example/node.yaml
@ -84,6 +84,10 @@ morph:
  rpc_endpoint:  # side chain NEO RPC endpoints; are shuffled and used one by one until the first success
    - address: wss://rpc1.morph.frostfs.info:40341/ws
      priority: 0
+      trusted_ca_list:
+        - "/path/to/ca.pem"
+      certificate: "/path/to/cert"
+      key: "/path/to/key"
    - address: wss://rpc2.morph.frostfs.info:40341/ws
      priority: 2
  ape_chain_cache_size: 100000