diff options
author | Arne H Juul <arnej27959@users.noreply.github.com> | 2022-09-07 10:14:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-07 10:14:45 +0200 |
commit | 76b6d2dad060941eae3ba16d220444b8a0b13b98 (patch) | |
tree | 79a82547493542560215f7e772335735619f51c0 /client | |
parent | 13a1c96df7ea794ceca6d1ff4d154d898cae798b (diff) | |
parent | f5528b9ad50bcee4b21b4a47b71c485992a0cf42 (diff) |
Merge pull request #23929 from vespa-engine/arnej/json-tls-config-for-go
add parsing of tls config
Diffstat (limited to 'client')
-rw-r--r-- | client/go/vespa/tls_options.go | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/client/go/vespa/tls_options.go b/client/go/vespa/tls_options.go new file mode 100644 index 00000000000..46b0171fae5 --- /dev/null +++ b/client/go/vespa/tls_options.go @@ -0,0 +1,64 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package vespa + +import ( + "bytes" + "encoding/json" + "os" +) + +type VespaTlsConfig struct { + DisableHostnameValidation bool `json:"disable-hostname-validation"` + Files struct { + PrivateKey string `json:"private-key"` + CaCertificates string `json:"ca-certificates"` + Certificates string `json:"certificates"` + } `json:"files"` +} + +func LoadTlsConfig() (*VespaTlsConfig, error) { + fn := os.Getenv("VESPA_TLS_CONFIG_FILE") + if fn == "" { + return nil, nil + } + contents, err := os.ReadFile(fn) + if err != nil { + return nil, err + } + codec := json.NewDecoder(bytes.NewReader(contents)) + var parsedJson VespaTlsConfig + err = codec.Decode(&parsedJson) + if err != nil { + return nil, err + } + return &parsedJson, nil +} + +func ExportSecurityEnvToSh() { + LoadDefaultEnv() + cfg, _ := LoadTlsConfig() + helper := newShellEnvExporter() + if cfg == nil { + helper.unsetVar("VESPA_TLS_ENABLED") + } else { + if fn := cfg.Files.PrivateKey; fn != "" { + helper.overrideVar("VESPA_TLS_PRIVATE_KEY", fn) + } + if fn := cfg.Files.CaCertificates; fn != "" { + helper.overrideVar("VESPA_TLS_CA_CERT", fn) + } + if fn := cfg.Files.Certificates; fn != "" { + helper.overrideVar("VESPA_TLS_CERT", fn) + } + if cfg.DisableHostnameValidation { + helper.overrideVar("VESPA_TLS_HOSTNAME_VALIDATION_DISABLED", "1") + } else { + helper.unsetVar("VESPA_TLS_HOSTNAME_VALIDATION_DISABLED") + } + if os.Getenv("VESPA_TLS_INSECURE_MIXED_MODE") == "" { + helper.overrideVar("VESPA_TLS_ENABLED", "1") + } + } + helper.dump() +} |