From dbd3b238f75eab70d50cea01569269d505cb2b13 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Tue, 11 Jun 2024 15:48:06 +0300 Subject: [PATCH] [#1170] node: Support morph mTLS Signed-off-by: Evgenii Stratonikov --- cmd/frostfs-node/config/morph/config.go | 15 +++++++++++++-- cmd/frostfs-node/config/morph/config_test.go | 7 +++++++ config/example/node.env | 3 +++ config/example/node.json | 7 ++++++- config/example/node.yaml | 4 ++++ 5 files changed, 33 insertions(+), 3 deletions(-) diff --git a/cmd/frostfs-node/config/morph/config.go b/cmd/frostfs-node/config/morph/config.go index b0c6527d..1c536a0e 100644 --- a/cmd/frostfs-node/config/morph/config.go +++ b/cmd/frostfs-node/config/morph/config.go @@ -54,9 +54,20 @@ func RPCEndpoint(c *config.Config) []client.Endpoint { priority = PriorityDefault } + var mtlsConfig *client.MTLSConfig + rootCAs := config.StringSliceSafe(s, "trusted_ca_list") + if len(rootCAs) != 0 { + mtlsConfig = &client.MTLSConfig{ + TrustedCAList: rootCAs, + KeyFile: config.StringSafe(s, "key"), + CertFile: config.StringSafe(s, "certificate"), + } + } + es = append(es, client.Endpoint{ - Address: addr, - Priority: priority, + Address: addr, + Priority: priority, + MTLSConfig: mtlsConfig, }) } diff --git a/cmd/frostfs-node/config/morph/config_test.go b/cmd/frostfs-node/config/morph/config_test.go index 13da3d70..5a021abc 100644 --- a/cmd/frostfs-node/config/morph/config_test.go +++ b/cmd/frostfs-node/config/morph/config_test.go @@ -28,6 +28,13 @@ func TestMorphSection(t *testing.T) { { Address: "wss://rpc1.morph.frostfs.info:40341/ws", Priority: 1, + MTLSConfig: &client.MTLSConfig{ + TrustedCAList: []string{ + "/path/to/ca.pem", + }, + KeyFile: "/path/to/key", + CertFile: "/path/to/cert", + }, }, { Address: "wss://rpc2.morph.frostfs.info:40341/ws", diff --git a/config/example/node.env b/config/example/node.env index 9f15c404..eedbe501 100644 --- a/config/example/node.env +++ b/config/example/node.env @@ -61,6 +61,9 @@ FROSTFS_MORPH_CACHE_TTL=15s FROSTFS_MORPH_SWITCH_INTERVAL=3m FROSTFS_MORPH_RPC_ENDPOINT_0_ADDRESS="wss://rpc1.morph.frostfs.info:40341/ws" FROSTFS_MORPH_RPC_ENDPOINT_0_PRIORITY=0 +FROSTFS_MORPH_RPC_ENDPOINT_0_TRUSTED_CA_LIST="/path/to/ca.pem" +FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE="/path/to/cert" +FROSTFS_MORPH_RPC_ENDPOINT_0_KEY="/path/to/key" FROSTFS_MORPH_RPC_ENDPOINT_1_ADDRESS="wss://rpc2.morph.frostfs.info:40341/ws" FROSTFS_MORPH_RPC_ENDPOINT_1_PRIORITY=2 FROSTFS_MORPH_APE_CHAIN_CACHE_SIZE=100000 diff --git a/config/example/node.json b/config/example/node.json index 79e6fe89..2589f2c3 100644 --- a/config/example/node.json +++ b/config/example/node.json @@ -95,7 +95,12 @@ "rpc_endpoint": [ { "address": "wss://rpc1.morph.frostfs.info:40341/ws", - "priority": 0 + "priority": 0, + "trusted_ca_list": [ + "/path/to/ca.pem" + ], + "certificate": "/path/to/cert", + "key": "/path/to/key" }, { "address": "wss://rpc2.morph.frostfs.info:40341/ws", diff --git a/config/example/node.yaml b/config/example/node.yaml index 34e796ac..1a9516ef 100644 --- a/config/example/node.yaml +++ b/config/example/node.yaml @@ -84,6 +84,10 @@ morph: rpc_endpoint: # side chain NEO RPC endpoints; are shuffled and used one by one until the first success - address: wss://rpc1.morph.frostfs.info:40341/ws priority: 0 + trusted_ca_list: + - "/path/to/ca.pem" + certificate: "/path/to/cert" + key: "/path/to/key" - address: wss://rpc2.morph.frostfs.info:40341/ws priority: 2 ape_chain_cache_size: 100000