achuprov/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#1170] adm: Support morph mTLS

Browse source 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
Evgenii Stratonikov 2024-06-11 15:46:10 +03:00
parent 42ecc2f2b9
commit a0e49fa5a5
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
View file

@ -2,6 +2,7 @@ package helper
import ( import (
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"time" "time"
@ -60,9 +61,23 @@ func GetN3Client(v *viper.Viper) (Client, error) {
if endpoint == "" { if endpoint == "" {
return nil, errors.New("missing endpoint") return nil, errors.New("missing endpoint")
} }
var cfg *tls.Config
if rootCAs := v.GetStringSlice("tls.trusted_ca_list"); len(rootCAs) != 0 {
certFile := v.GetString("tls.certificate")
keyFile := v.GetString("tls.key")
tlsConfig, err := rpcclient.TLSClientConfig(rootCAs, certFile, keyFile)
if err != nil {
return nil, err
}
cfg = tlsConfig
}
c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{ c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{
MaxConnsPerHost: maxConnsPerHost, MaxConnsPerHost: maxConnsPerHost,
RequestTimeout: requestTimeout, RequestTimeout: requestTimeout,
TLSClientConfig: cfg,
}) })
if err != nil { if err != nil {
return nil, err return nil, err