diff options
| author | Alex <alex@adnab.me> | 2022-12-01 16:51:20 +0000 |
|---|---|---|
| committer | Alex <alex@adnab.me> | 2022-12-01 16:51:20 +0000 |
| commit | f306e8dc8d0e93478353ce39b6064e8c06a8bca6 (patch) | |
| tree | 2f7ee2b28a161dc0d5268a6c053c6a8126f64e68 /src/config | |
| parent | 862e8ce8768338ccdb190055fd05dc7f8e0a01cd (diff) | |
| parent | f8431271d9021bfd4bfb85d8c3ba331d5dff9dac (diff) | |
| download | diplonat-f306e8dc8d0e93478353ce39b6064e8c06a8bca6.tar.gz diplonat-f306e8dc8d0e93478353ce39b6064e8c06a8bca6.zip | |
Merge pull request 'Make repoa Nix flake' (#16) from nix-flake into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/diplonat/pulls/16
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/options.rs | 9 | ||||
| -rw-r--r-- | src/config/runtime.rs | 37 |
2 files changed, 44 insertions, 2 deletions
diff --git a/src/config/options.rs b/src/config/options.rs index f62d14c..793838a 100644 --- a/src/config/options.rs +++ b/src/config/options.rs @@ -37,6 +37,15 @@ pub struct ConfigOptsConsul { pub node_name: Option<String>, /// Consul's REST URL [default: "http://127.0.0.1:8500"] pub url: Option<String>, + /// Consul's CA certificate [default: None] + pub ca_cert: Option<String>, + /// Skip TLS verification for Consul server [default: false] + #[serde(default)] + pub tls_skip_verify: bool, + /// Consul's client certificate [default: None] + pub client_cert: Option<String>, + /// Consul's client key [default: None] + pub client_key: Option<String>, } /// Model of all potential configuration options diff --git a/src/config/runtime.rs b/src/config/runtime.rs index a1582e4..2e7b573 100644 --- a/src/config/runtime.rs +++ b/src/config/runtime.rs @@ -1,6 +1,8 @@ +use std::fs::File; +use std::io::Read; use std::time::Duration; -use anyhow::{anyhow, Result}; +use anyhow::{anyhow, bail, Result}; use crate::config::{ConfigOpts, ConfigOptsAcme, ConfigOptsBase, ConfigOptsConsul}; @@ -18,6 +20,7 @@ pub struct RuntimeConfigAcme { pub struct RuntimeConfigConsul { pub node_name: String, pub url: String, + pub tls: Option<(Option<reqwest::Certificate>, bool, reqwest::Identity)>, } #[derive(Debug)] @@ -77,7 +80,37 @@ impl RuntimeConfigConsul { .expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required"); let url = opts.url.unwrap_or(super::CONSUL_URL.to_string()); - Ok(Self { node_name, url }) + let tls = match (&opts.client_cert, &opts.client_key) { + (Some(client_cert), Some(client_key)) => { + let cert = match &opts.ca_cert { + Some(ca_cert) => { + let mut ca_cert_buf = vec![]; + File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?; + Some(reqwest::Certificate::from_pem(&ca_cert_buf[..])?) + } + None => None, + }; + + let mut client_cert_buf = vec![]; + File::open(client_cert)?.read_to_end(&mut client_cert_buf)?; + + let mut client_key_buf = vec![]; + File::open(client_key)?.read_to_end(&mut client_key_buf)?; + + let ident = + reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?; + + Some((cert, opts.tls_skip_verify, ident)) + } + (None, None) => None, + _ => bail!("Incomplete TLS configuration parameters"), + }; + + Ok(Self { + node_name, + url, + tls, + }) } } |