diff options
| author | Arne Juul <arnej@yahooinc.com> | 2022-09-05 08:42:17 +0000 |
|---|---|---|
| committer | Arne Juul <arnej@yahooinc.com> | 2022-09-05 10:58:34 +0000 |
| commit | e58d8ff348c431ba2970fb206993fe8e2158076f (patch) | |
| tree | 3ac97133ebbb6819719a6f43b60a88d25c61fb46 /client | |
| parent | 8efe91bfb05d060d38ae0cf75faa2d07756492d9 (diff) | |
add parsing of tls config
Diffstat (limited to 'client')
| -rw-r--r-- | client/go/vespa/tls_options.go | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/client/go/vespa/tls_options.go b/client/go/vespa/tls_options.go new file mode 100644 index 00000000000..ca7d0ad0cc5 --- /dev/null +++ b/client/go/vespa/tls_options.go @@ -0,0 +1,72 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package vespa + +import ( + "bytes" + "encoding/json" + "os" +) + +type VespaTlsConfig struct { + DisableHostnameValidation bool `json:"disable-hostname-validation"` + Files struct { + PrivateKey string `json:"private-key"` + CaCertificates string `json:"ca-certificates"` + Certificates string `json:"certificates"` + } `json:"files"` + AuthorizedPeers []struct { + RequiredCredentials []struct { + Field string `json:"field"` + MustMatch string `json:"must-match"` + } `json:"required-credentials"` + Name string `json:"name"` + Capabilities []string `json:"capabilities"` + } `json:"authorized-peers"` +} + +func LoadTlsConfig() (*VespaTlsConfig, error) { + fn := os.Getenv("VESPA_TLS_CONFIG_FILE") + if fn == "" { + return nil, nil + } + contents, err := os.ReadFile(fn) + if err != nil { + return nil, err + } + codec := json.NewDecoder(bytes.NewReader(contents)) + var parsedJson VespaTlsConfig + err = codec.Decode(&parsedJson) + if err != nil { + return nil, err + } + return &parsedJson, nil +} + +func ExportSecurityEnvToSh() { + LoadDefaultEnv() + cfg, _ := LoadTlsConfig() + helper := newShellEnvExporter() + if cfg == nil { + helper.unsetVar("VESPA_TLS_ENABLED") + } else { + if fn := cfg.Files.PrivateKey; fn != "" { + helper.overrideVar("VESPA_TLS_PRIVATE_KEY", fn) + } + if fn := cfg.Files.CaCertificates; fn != "" { + helper.overrideVar("VESPA_TLS_CA_CERT", fn) + } + if fn := cfg.Files.Certificates; fn != "" { + helper.overrideVar("VESPA_TLS_CERT", fn) + } + if cfg.DisableHostnameValidation { + helper.overrideVar("VESPA_TLS_HOSTNAME_VALIDATION_DISABLED", "1") + } else { + helper.unsetVar("VESPA_TLS_HOSTNAME_VALIDATION_DISABLED") + } + if os.Getenv("VESPA_TLS_INSECURE_MIXED_MODE") == "" { + helper.overrideVar("VESPA_TLS_ENABLED", "1") + } + } + helper.dump() +} |