aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-04-12 19:41:19 +0200
committerAlex Auvolat <alex@adnab.me>2020-04-12 19:41:19 +0200
commit9f8b3b5a1820f575e6621fd5f4f6cdf47b0a7742 (patch)
tree3dc1a8b6dd08c0d913a088fc7dc0299be125c8b1
parentc788fc9f9e2c9128ea0dd5f28c1bafe8ba3b369c (diff)
downloadgarage-9f8b3b5a1820f575e6621fd5f4f6cdf47b0a7742.tar.gz
garage-9f8b3b5a1820f575e6621fd5f4f6cdf47b0a7742.zip
TLS for command line client
-rw-r--r--src/api_server.rs4
-rw-r--r--src/main.rs25
2 files changed, 26 insertions, 3 deletions
diff --git a/src/api_server.rs b/src/api_server.rs
index 13fd5038..056d2aaf 100644
--- a/src/api_server.rs
+++ b/src/api_server.rs
@@ -1,5 +1,5 @@
use std::collections::VecDeque;
-use std::net::SocketAddr;
+use std::net::{Ipv6Addr, SocketAddr};
use std::sync::Arc;
use futures::future::Future;
@@ -24,7 +24,7 @@ pub async fn run_api_server(
garage: Arc<Garage>,
shutdown_signal: impl Future<Output = ()>,
) -> Result<(), Error> {
- let addr = ([0, 0, 0, 0, 0, 0, 0, 0], garage.system.config.api_port).into();
+ let addr = (Ipv6Addr::LOCALHOST, garage.system.config.api_port).into();
let service = make_service_fn(|conn: &AddrStream| {
let garage = garage.clone();
diff --git a/src/main.rs b/src/main.rs
index 619f3422..ea6124b5 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -27,6 +27,7 @@ use data::*;
use error::Error;
use proto::*;
use rpc_client::RpcClient;
+use server::TlsConfig;
#[derive(StructOpt, Debug)]
#[structopt(name = "garage")]
@@ -35,6 +36,13 @@ pub struct Opt {
#[structopt(short = "h", long = "rpc-host", default_value = "127.0.0.1:3901")]
rpc_host: SocketAddr,
+ #[structopt(long="ca-cert")]
+ ca_cert: Option<String>,
+ #[structopt(long="client-cert")]
+ client_cert: Option<String>,
+ #[structopt(long="client-key")]
+ client_key: Option<String>,
+
#[structopt(subcommand)]
cmd: Command,
}
@@ -77,7 +85,22 @@ pub struct ConfigureOpt {
async fn main() {
let opt = Opt::from_args();
- let rpc_cli = RpcClient::new(&None).expect("Could not create RPC client");
+ let tls_config = match (opt.ca_cert, opt.client_cert, opt.client_key) {
+ (Some(ca_cert), Some(client_cert), Some(client_key)) => {
+ Some(TlsConfig{
+ ca_cert,
+ node_cert: client_cert,
+ node_key: client_key,
+ })
+ }
+ (None, None, None) => None,
+ _ => {
+ eprintln!("Missing one of: --ca-cert, --node-cert, --node-key. Not using TLS.");
+ None
+ }
+ };
+
+ let rpc_cli = RpcClient::new(&tls_config).expect("Could not create RPC client");
let resp = match opt.cmd {
Command::Server(server_opt) => server::run_server(server_opt.config_file).await,