Merge pull request #23929 from vespa-engine/arnej/json-tls-config-for-go

add parsing of tls config

1 files changed, 64 insertions, 0 deletions

diff --git a/client/go/vespa/tls_options.go b/client/go/vespa/tls_options.go
new file mode 100644
index 00000000000..46b0171fae5
--- /dev/null
+++ b/client/go/vespa/tls_options.go
@@ -0,0 +1,64 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package vespa
+
+import (
+	"bytes"
+	"encoding/json"
+	"os"
+)
+
+type VespaTlsConfig struct {
+	DisableHostnameValidation bool `json:"disable-hostname-validation"`
+	Files                     struct {
+		PrivateKey     string `json:"private-key"`
+		CaCertificates string `json:"ca-certificates"`
+		Certificates   string `json:"certificates"`
+	} `json:"files"`
+}
+
+func LoadTlsConfig() (*VespaTlsConfig, error) {
+	fn := os.Getenv("VESPA_TLS_CONFIG_FILE")
+	if fn == "" {
+		return nil, nil
+	}
+	contents, err := os.ReadFile(fn)
+	if err != nil {
+		return nil, err
+	}
+	codec := json.NewDecoder(bytes.NewReader(contents))
+	var parsedJson VespaTlsConfig
+	err = codec.Decode(&parsedJson)
+	if err != nil {
+		return nil, err
+	}
+	return &parsedJson, nil
+}
+
+func ExportSecurityEnvToSh() {
+	LoadDefaultEnv()
+	cfg, _ := LoadTlsConfig()
+	helper := newShellEnvExporter()
+	if cfg == nil {
+		helper.unsetVar("VESPA_TLS_ENABLED")
+	} else {
+		if fn := cfg.Files.PrivateKey; fn != "" {
+			helper.overrideVar("VESPA_TLS_PRIVATE_KEY", fn)
+		}
+		if fn := cfg.Files.CaCertificates; fn != "" {
+			helper.overrideVar("VESPA_TLS_CA_CERT", fn)
+		}
+		if fn := cfg.Files.Certificates; fn != "" {
+			helper.overrideVar("VESPA_TLS_CERT", fn)
+		}
+		if cfg.DisableHostnameValidation {
+			helper.overrideVar("VESPA_TLS_HOSTNAME_VALIDATION_DISABLED", "1")
+		} else {
+			helper.unsetVar("VESPA_TLS_HOSTNAME_VALIDATION_DISABLED")
+		}
+		if os.Getenv("VESPA_TLS_INSECURE_MIXED_MODE") == "" {
+			helper.overrideVar("VESPA_TLS_ENABLED", "1")
+		}
+	}
+	helper.dump()
+}