Added param for CA certs

2025-12-19 19:17:01 -07:00 · 2024-06-26 11:28:00 -06:00 · 2024-06-26 11:28:00 -06:00 · cda5e71584
commit cda5e71584
parent a7d78e8240
4 changed files with 69 additions and 5 deletions
--- a/cmd/generate.go
+++ b/cmd/generate.go
@ -17,6 +17,7 @@ import (
 var (
 	tokenFetchRetries int
 	pluginPaths       []string
+	cacertPath        string
 )

 var generateCmd = &cobra.Command{
@ -118,6 +119,7 @@ func init() {
 	generateCmd.Flags().StringSliceVar(&targets, "target", []string{}, "set the target configs to make")
 	generateCmd.Flags().StringSliceVar(&pluginPaths, "plugins", []string{}, "set the generator plugins directory path")
 	generateCmd.Flags().StringVarP(&outputPath, "output", "o", "", "set the output path for config targets")
+	generateCmd.Flags().StringVar(&cacertPath, "ca-cert", "", "path to CA cert. (defaults to system CAs)")
 	generateCmd.Flags().IntVar(&tokenFetchRetries, "fetch-retries", 5, "set the number of retries to fetch an access token")

 	rootCmd.AddCommand(generateCmd)
--- a/internal/client.go
+++ b/internal/client.go
@ -2,10 +2,15 @@ package configurator

 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
+	"os"
+	"time"

 	"github.com/OpenCHAMI/configurator/internal/util"
 )
@ -19,6 +24,61 @@ type SmdClient struct {

 type Params = map[string]any
 type Option func(Params)
+type ClientOption func(*SmdClient)
+
+func NewSmdClient(opts ...ClientOption) SmdClient {
+	client := SmdClient{}
+	for _, opt := range opts {
+		opt(&client)
+	}
+	return client
+}
+
+func WithHost(host string) ClientOption {
+	return func(c *SmdClient) {
+		c.Host = host
+	}
+}
+
+func WithPort(port int) ClientOption {
+	return func(c *SmdClient) {
+		c.Port = port
+	}
+}
+
+func WithAccessToken(token string) ClientOption {
+	return func(c *SmdClient) {
+		c.AccessToken = token
+	}
+}
+
+func WithCertPool(certPool *x509.CertPool) ClientOption {
+	return func(c *SmdClient) {
+		c.Client.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs:            certPool,
+				InsecureSkipVerify: true,
+			},
+			DisableKeepAlives: true,
+			Dial: (&net.Dialer{
+				Timeout:   120 * time.Second,
+				KeepAlive: 120 * time.Second,
+			}).Dial,
+			TLSHandshakeTimeout:   120 * time.Second,
+			ResponseHeaderTimeout: 120 * time.Second,
+		}
+	}
+}
+
+func WithSecureTLS(certPath string) ClientOption {
+	if certPath == "" {
+		return func(sc *SmdClient) {}
+	}
+	cacert, _ := os.ReadFile(certPath)
+	certPool := x509.NewCertPool()
+	certPool.AppendCertsFromPEM(cacert)
+	return WithCertPool(certPool)
+}

 func WithVerbosity() Option {
 	return func(p util.Params) {
--- a/internal/config.go
+++ b/internal/config.go
@ -34,6 +34,7 @@ type Config struct {
 	AccessToken string            `yaml:"access-token"`
 	Targets     map[string]Target `yaml:"targets"`
 	PluginDirs  []string          `yaml:"plugins"`
+	CertPath    string            `yaml:"ca-cert"`
 	Options     Options           `yaml:"options"`
 }

--- a/internal/generator/generator.go
+++ b/internal/generator/generator.go
@ -186,11 +186,12 @@ func Generate(config *configurator.Config, params Params) (Files, error) {
 	// load generator plugins to generate configs or to print
 	var (
 		generators = make(map[string]Generator)
-		client     = configurator.SmdClient{
-			Host:        config.SmdClient.Host,
-			Port:        config.SmdClient.Port,
-			AccessToken: config.AccessToken,
-		}
+		client     = configurator.NewSmdClient(
+			configurator.WithHost(config.SmdClient.Host),
+			configurator.WithPort(config.SmdClient.Port),
+			configurator.WithAccessToken(config.AccessToken),
+			configurator.WithSecureTLS(config.CertPath),
+		)
 	)

 	// load all plugins from params