Add support for Consul TLS

1 files changed, 34 insertions, 5 deletions

diff --git a/src/consul.rs b/src/consul.rs
index ee1935c..8eafcc2 100644
--- a/src/consul.rs
+++ b/src/consul.rs
@@ -1,4 +1,6 @@
 use std::collections::HashMap;
+use std::fs::File;
+use std::io::Read;
 
 use anyhow::Result;
 use bytes::Bytes;
@@ -6,6 +8,13 @@ use log::*;
 use reqwest::StatusCode;
 use serde::{Deserialize, Serialize};
 
+pub struct ConsulConfig {
+	pub addr: String,
+	pub ca_cert: Option<String>,
+	pub client_cert: Option<String>,
+	pub client_key: Option<String>,
+}
+
 // ---- Watch and retrieve Consul catalog ----
 //
 #[derive(Serialize, Deserialize, Debug)]
@@ -76,13 +85,33 @@ pub struct Consul {
 }
 
 impl Consul {
-	pub fn new(url: &str, kv_prefix: &str, local_node: &str) -> Self {
-		return Self {
-			client: reqwest::Client::new(),
-			url: url.trim_end_matches('/').to_string(),
+	pub fn new(config: ConsulConfig, kv_prefix: &str, local_node: &str) -> Result<Self> {
+		let client = match (&config.ca_cert, &config.client_cert, &config.client_key) {
+			(Some(ca_cert), Some(client_cert), Some(client_key)) => {
+				let mut ca_cert_buf = vec![];
+				File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
+
+				let mut client_cert_buf = vec![];
+				File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
+
+				let mut client_key_buf = vec![];
+				File::open(client_key)?.read_to_end(&mut client_key_buf)?;
+
+				reqwest::Client::builder()
+					.use_rustls_tls()
+					.add_root_certificate(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
+					.identity(reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?)
+					.build()?
+			}
+			_ => reqwest::Client::new(),
+		};
+
+		Ok(Self {
+			client,
+			url: config.addr.trim_end_matches('/').to_string(),
 			kv_prefix: kv_prefix.to_string(),
 			local_node: local_node.into(),
-		};
+		})
 	}
 
 	pub async fn list_nodes(&self) -> Result<Vec<String>> {