From a0e49fa5a5b33359ef2def3777aac250022dc225 Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Tue, 11 Jun 2024 15:46:10 +0300
Subject: [PATCH] [#1170] adm: Support morph mTLS

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 .../internal/modules/morph/helper/n3client.go     | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go b/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
index 55449b43..e62a21b3 100644
--- a/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
@@ -2,6 +2,7 @@ package helper
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"time"
@@ -60,9 +61,23 @@ func GetN3Client(v *viper.Viper) (Client, error) {
 	if endpoint == "" {
 		return nil, errors.New("missing endpoint")
 	}
+
+	var cfg *tls.Config
+	if rootCAs := v.GetStringSlice("tls.trusted_ca_list"); len(rootCAs) != 0 {
+		certFile := v.GetString("tls.certificate")
+		keyFile := v.GetString("tls.key")
+
+		tlsConfig, err := rpcclient.TLSClientConfig(rootCAs, certFile, keyFile)
+		if err != nil {
+			return nil, err
+		}
+
+		cfg = tlsConfig
+	}
 	c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{
 		MaxConnsPerHost: maxConnsPerHost,
 		RequestTimeout:  requestTimeout,
+		TLSClientConfig: cfg,
 	})
 	if err != nil {
 		return nil, err