[#1170] morph: Support mTLS

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-06-10 11:48:14 +03:00 · 2024-06-10 11:48:14 +03:00 · 42ecc2f2b9
commit 42ecc2f2b9
parent 68ac490729
5 changed files with 42 additions and 12 deletions
--- a/pkg/morph/client/constructor.go
+++ b/pkg/morph/client/constructor.go
@ -141,7 +141,7 @@ func New(ctx context.Context, key *keys.PrivateKey, opts ...Option) (*Client, er
 	} else {
 		var endpoint Endpoint
 		for cli.endpoints.curr, endpoint = range cli.endpoints.list {
-			cli.client, act, err = cli.newCli(ctx, endpoint.Address)
+			cli.client, act, err = cli.newCli(ctx, endpoint)
 			if err != nil {
 				cli.logger.Warn(logs.FrostFSIRCouldntCreateRPCClientForEndpoint,
 					zap.Error(err), zap.String("endpoint", endpoint.Address))
@ -162,10 +162,15 @@ func New(ctx context.Context, key *keys.PrivateKey, opts ...Option) (*Client, er
 	return cli, nil
 }

-func (c *Client) newCli(ctx context.Context, endpoint string) (*rpcclient.WSClient, *actor.Actor, error) {
-	cli, err := rpcclient.NewWS(ctx, endpoint, rpcclient.WSOptions{
+func (c *Client) newCli(ctx context.Context, endpoint Endpoint) (*rpcclient.WSClient, *actor.Actor, error) {
+	cfg, err := endpoint.MTLSConfig.parse()
+	if err != nil {
+		return nil, nil, fmt.Errorf("read mtls certificates: %w", err)
+	}
+	cli, err := rpcclient.NewWS(ctx, endpoint.Address, rpcclient.WSOptions{
 		Options: rpcclient.Options{
-			DialTimeout: c.cfg.dialTimeout,
+			DialTimeout:     c.cfg.dialTimeout,
+			TLSClientConfig: cfg,
 		},
 	})
 	if err != nil {