diff options
| -rw-r--r-- | Cargo.lock | 128 | ||||
| -rw-r--r-- | Cargo.toml | 2 | ||||
| -rw-r--r-- | src/consul.rs | 39 | ||||
| -rw-r--r-- | src/main.rs | 22 |
4 files changed, 61 insertions, 130 deletions
@@ -831,19 +831,6 @@ dependencies = [ ] [[package]] -name = "hyper-tls" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" -dependencies = [ - "bytes 1.1.0", - "hyper 0.14.15", - "native-tls", - "tokio 1.14.0", - "tokio-native-tls", -] - -[[package]] name = "idna" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1040,24 +1027,6 @@ dependencies = [ ] [[package]] -name = "native-tls" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48ba9f7719b5a0f42f338907614285fb5fd70e53858141f69898a1fb7203b24d" -dependencies = [ - "lazy_static", - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - -[[package]] name = "net2" version = "0.2.37" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1174,7 +1143,7 @@ dependencies = [ "cfg-if 0.1.10", "cloudabi", "libc", - "redox_syscall 0.1.57", + "redox_syscall", "rustc_version", "smallvec", "winapi 0.3.9", @@ -1216,12 +1185,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d1a3ea4f0dd7f1f3e512cf97bf100819aa547f36a6eccac8dbaae839eb92363e" [[package]] -name = "ppv-lite86" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" - -[[package]] name = "pretty_env_logger" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1305,46 +1268,6 @@ dependencies = [ ] [[package]] -name = "rand" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" -dependencies = [ - "libc", - "rand_chacha", - "rand_core", - "rand_hc", -] - -[[package]] -name = "rand_chacha" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" -dependencies = [ - "ppv-lite86", - "rand_core", -] - -[[package]] -name = "rand_core" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" -dependencies = [ - "getrandom", -] - -[[package]] -name = "rand_hc" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" -dependencies = [ - "rand_core", -] - -[[package]] name = "rcgen" version = "0.8.14" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1363,15 +1286,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce" [[package]] -name = "redox_syscall" -version = "0.2.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" -dependencies = [ - "bitflags", -] - -[[package]] name = "regex" version = "1.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1389,15 +1303,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" [[package]] -name = "remove_dir_all" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" -dependencies = [ - "winapi 0.3.9", -] - -[[package]] name = "reqwest" version = "0.11.7" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1411,20 +1316,21 @@ dependencies = [ "http 0.2.5", "http-body 0.4.4", "hyper 0.14.15", - "hyper-tls", + "hyper-rustls", "ipnet", "js-sys", "lazy_static", "log", "mime", - "native-tls", "percent-encoding", "pin-project-lite", + "rustls 0.20.2", + "rustls-pemfile", "serde", "serde_json", "serde_urlencoded", "tokio 1.14.0", - "tokio-native-tls", + "tokio-rustls", "url", "wasm-bindgen", "wasm-bindgen-futures", @@ -1798,20 +1704,6 @@ dependencies = [ ] [[package]] -name = "tempfile" -version = "3.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" -dependencies = [ - "cfg-if 1.0.0", - "libc", - "rand", - "redox_syscall 0.2.10", - "remove_dir_all", - "winapi 0.3.9", -] - -[[package]] name = "termcolor" version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1983,16 +1875,6 @@ dependencies = [ ] [[package]] -name = "tokio-native-tls" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b" -dependencies = [ - "native-tls", - "tokio 1.14.0", -] - -[[package]] name = "tokio-reactor" version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -13,7 +13,7 @@ futures = "0.3" log = "0.4" pretty_env_logger = "0.4" regex = "1" -reqwest = { version = "0.11", features = ["json"] } +reqwest = { version = "0.11", default-features = false, features = ["json", "rustls-tls-manual-roots" ] } serde = { version = "1.0.107", features = ["derive"] } serde_json = "1.0.53" tokio = { version = "1.0", default-features = false, features = ["rt", "rt-multi-thread", "io-util", "net", "time", "macros", "sync", "signal", "fs"] } diff --git a/src/consul.rs b/src/consul.rs index ee1935c..8eafcc2 100644 --- a/src/consul.rs +++ b/src/consul.rs @@ -1,4 +1,6 @@ use std::collections::HashMap; +use std::fs::File; +use std::io::Read; use anyhow::Result; use bytes::Bytes; @@ -6,6 +8,13 @@ use log::*; use reqwest::StatusCode; use serde::{Deserialize, Serialize}; +pub struct ConsulConfig { + pub addr: String, + pub ca_cert: Option<String>, + pub client_cert: Option<String>, + pub client_key: Option<String>, +} + // ---- Watch and retrieve Consul catalog ---- // #[derive(Serialize, Deserialize, Debug)] @@ -76,13 +85,33 @@ pub struct Consul { } impl Consul { - pub fn new(url: &str, kv_prefix: &str, local_node: &str) -> Self { - return Self { - client: reqwest::Client::new(), - url: url.trim_end_matches('/').to_string(), + pub fn new(config: ConsulConfig, kv_prefix: &str, local_node: &str) -> Result<Self> { + let client = match (&config.ca_cert, &config.client_cert, &config.client_key) { + (Some(ca_cert), Some(client_cert), Some(client_key)) => { + let mut ca_cert_buf = vec![]; + File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?; + + let mut client_cert_buf = vec![]; + File::open(client_cert)?.read_to_end(&mut client_cert_buf)?; + + let mut client_key_buf = vec![]; + File::open(client_key)?.read_to_end(&mut client_key_buf)?; + + reqwest::Client::builder() + .use_rustls_tls() + .add_root_certificate(reqwest::Certificate::from_pem(&ca_cert_buf[..])?) + .identity(reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?) + .build()? + } + _ => reqwest::Client::new(), + }; + + Ok(Self { + client, + url: config.addr.trim_end_matches('/').to_string(), kv_prefix: kv_prefix.to_string(), local_node: local_node.into(), - }; + }) } pub async fn list_nodes(&self) -> Result<Vec<String>> { diff --git a/src/main.rs b/src/main.rs index 353af66..857d24e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -27,6 +27,18 @@ struct Opt { )] pub consul_addr: String, + /// CA certificate for Consul server with TLS + #[structopt(long = "consul-ca-cert", env = "TRICOT_CONSUL_CA_CERT")] + pub consul_ca_cert: Option<String>, + + /// Client certificate for Consul server with TLS + #[structopt(long = "consul-client-cert", env = "TRICOT_CONSUL_CLIENT_CERT")] + pub consul_client_cert: Option<String>, + + /// Client key for Consul server with TLS + #[structopt(long = "consul-client-key", env = "TRICOT_CONSUL_CLIENT_KEY")] + pub consul_client_key: Option<String>, + /// Prefix of Tricot's entries in Consul KV space #[structopt( long = "consul-kv-prefix", @@ -89,7 +101,15 @@ async fn main() { info!("Starting Tricot"); - let consul = consul::Consul::new(&opt.consul_addr, &opt.consul_kv_prefix, &opt.node_name); + let consul_config = consul::ConsulConfig{ + addr: opt.consul_addr.clone(), + ca_cert: opt.consul_ca_cert.clone(), + client_cert: opt.consul_client_cert.clone(), + client_key: opt.consul_client_key.clone(), + }; + + let consul = consul::Consul::new(consul_config, &opt.consul_kv_prefix, &opt.node_name) + .expect("Error creating Consul client"); let mut rx_proxy_config = proxy_config::spawn_proxy_config_task(consul.clone()); let cert_store = cert_store::CertStore::new( |