From 5850fc2d032ac5dccb392bf745180f559b32a171 Mon Sep 17 00:00:00 2001 From: Antonio Huete Jimenez Date: Sun, 16 Jun 2024 14:34:18 +0200 Subject: [PATCH 1/2] Add support for TLS skip verification Signed-off-by: Antonio Huete Jimenez --- main.go | 6 ++++++ pkg/tls/config.go | 14 ++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/main.go b/main.go index ced11dc0..e535d619 100644 --- a/main.go +++ b/main.go @@ -56,6 +56,12 @@ func main() { Usage: "Key file for etcd connection", Destination: &config.ServerTLSConfig.KeyFile, }, + &cli.BoolFlag{ + Name: "skip-verify", + Usage: "Whether the TLS client should verify the server certificate.", + Destination: &config.BackendTLSConfig.SkipVerify, + Value: false, + }, &cli.IntFlag{ Name: "datastore-max-idle-connections", Usage: "Maximum number of idle connections retained by datastore. If value = 0, the system default will be used. If value < 0, idle connections will not be reused.", diff --git a/pkg/tls/config.go b/pkg/tls/config.go index 50e5efe2..6f8f8105 100644 --- a/pkg/tls/config.go +++ b/pkg/tls/config.go @@ -7,9 +7,10 @@ import ( ) type Config struct { - CAFile string - CertFile string - KeyFile string + CAFile string + CertFile string + KeyFile string + SkipVerify bool } func (c Config) ClientConfig() (*tls.Config, error) { @@ -18,9 +19,10 @@ func (c Config) ClientConfig() (*tls.Config, error) { } info := &transport.TLSInfo{ - CertFile: c.CertFile, - KeyFile: c.KeyFile, - TrustedCAFile: c.CAFile, + CertFile: c.CertFile, + KeyFile: c.KeyFile, + TrustedCAFile: c.CAFile, + InsecureSkipVerify: c.SkipVerify, } tlsConfig, err := info.ClientConfig() if err != nil { From 55a0a9d438e4962c3c86b03432d26ea73bb909c9 Mon Sep 17 00:00:00 2001 From: Antonio Huete Jimenez Date: Mon, 26 Aug 2024 21:26:35 +0200 Subject: [PATCH 2/2] Reorganize options a bit Signed-off-by: Antonio Huete Jimenez --- main.go | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/main.go b/main.go index e535d619..0da56a4b 100644 --- a/main.go +++ b/main.go @@ -46,6 +46,23 @@ func main() { Usage: "Certificate for DB connection", Destination: &config.BackendTLSConfig.CertFile, }, + &cli.StringFlag{ + Name: "key-file", + Usage: "Key file for DB connection", + Destination: &config.BackendTLSConfig.KeyFile, + }, + &cli.BoolFlag{ + Name: "skip-verify", + Usage: "Whether the TLS client should verify the server certificate.", + Destination: &config.BackendTLSConfig.SkipVerify, + Value: false, + }, + &cli.StringFlag{ + Name: "metrics-bind-address", + Usage: "The address the metric endpoint binds to. Default :8080, set 0 to disable metrics serving.", + Destination: &metricsConfig.ServerAddress, + Value: ":8080", + }, &cli.StringFlag{ Name: "server-cert-file", Usage: "Certificate for etcd connection", @@ -56,12 +73,6 @@ func main() { Usage: "Key file for etcd connection", Destination: &config.ServerTLSConfig.KeyFile, }, - &cli.BoolFlag{ - Name: "skip-verify", - Usage: "Whether the TLS client should verify the server certificate.", - Destination: &config.BackendTLSConfig.SkipVerify, - Value: false, - }, &cli.IntFlag{ Name: "datastore-max-idle-connections", Usage: "Maximum number of idle connections retained by datastore. If value = 0, the system default will be used. If value < 0, idle connections will not be reused.", @@ -80,17 +91,6 @@ func main() { Destination: &config.ConnectionPoolConfig.MaxLifetime, Value: 0, }, - &cli.StringFlag{ - Name: "key-file", - Usage: "Key file for DB connection", - Destination: &config.BackendTLSConfig.KeyFile, - }, - &cli.StringFlag{ - Name: "metrics-bind-address", - Usage: "The address the metric endpoint binds to. Default :8080, set 0 to disable metrics serving.", - Destination: &metricsConfig.ServerAddress, - Value: ":8080", - }, &cli.DurationFlag{ Name: "slow-sql-threshold", Usage: "The duration which SQL executed longer than will be logged. Default 1s, set <= 0 to disable slow SQL log.",