diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-30 20:42:56 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 20:42:56 +0100 |
| commit | 04bdd029fefbce08184c12809b5d6e4bf2a12fa1 (patch) | |
| tree | 9f03cccf6558df489ff05c65c23d6a01a7a2f02d /src/config | |
| parent | 4560622fa125afb8ac5161f8d0e8a353f99f7a38 (diff) | |
| download | diplonat-04bdd029fefbce08184c12809b5d6e4bf2a12fa1.tar.gz diplonat-04bdd029fefbce08184c12809b5d6e4bf2a12fa1.zip | |
Add TLS support for Consul
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/options.rs | 6 | ||||
| -rw-r--r-- | src/config/runtime.rs | 32 |
2 files changed, 36 insertions, 2 deletions
diff --git a/src/config/options.rs b/src/config/options.rs index f62d14c..7334083 100644 --- a/src/config/options.rs +++ b/src/config/options.rs @@ -37,6 +37,12 @@ pub struct ConfigOptsConsul { pub node_name: Option<String>, /// Consul's REST URL [default: "http://127.0.0.1:8500"] pub url: Option<String>, + /// Consul's CA certificate [default: None] + pub ca_cert: Option<String>, + /// Consul's client certificate [default: None] + pub client_cert: Option<String>, + /// Consul's client key [default: None] + pub client_key: Option<String>, } /// Model of all potential configuration options diff --git a/src/config/runtime.rs b/src/config/runtime.rs index a1582e4..cc80b0d 100644 --- a/src/config/runtime.rs +++ b/src/config/runtime.rs @@ -1,6 +1,8 @@ +use std::fs::File; +use std::io::Read; use std::time::Duration; -use anyhow::{anyhow, Result}; +use anyhow::{anyhow, bail, Result}; use crate::config::{ConfigOpts, ConfigOptsAcme, ConfigOptsBase, ConfigOptsConsul}; @@ -18,6 +20,7 @@ pub struct RuntimeConfigAcme { pub struct RuntimeConfigConsul { pub node_name: String, pub url: String, + pub tls: Option<(reqwest::Certificate, reqwest::Identity)>, } #[derive(Debug)] @@ -77,7 +80,32 @@ impl RuntimeConfigConsul { .expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required"); let url = opts.url.unwrap_or(super::CONSUL_URL.to_string()); - Ok(Self { node_name, url }) + let tls = match (&opts.ca_cert, &opts.client_cert, &opts.client_key) { + (Some(ca_cert), Some(client_cert), Some(client_key)) => { + let mut ca_cert_buf = vec![]; + File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?; + let cert = reqwest::Certificate::from_pem(&ca_cert_buf[..])?; + + let mut client_cert_buf = vec![]; + File::open(client_cert)?.read_to_end(&mut client_cert_buf)?; + + let mut client_key_buf = vec![]; + File::open(client_key)?.read_to_end(&mut client_key_buf)?; + + let ident = + reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?; + + Some((cert, ident)) + } + (None, None, None) => None, + _ => bail!("Incomplete TLS configuration parameters"), + }; + + Ok(Self { + node_name, + url, + tls, + }) } } |