From cda5e71584b0e23e2e160ddd63b2d1e0d780d629 Mon Sep 17 00:00:00 2001 From: David Allen Date: Wed, 26 Jun 2024 11:28:00 -0600 Subject: [PATCH] Added param for CA certs --- cmd/generate.go | 2 ++ internal/client.go | 60 +++++++++++++++++++++++++++++++++ internal/config.go | 1 + internal/generator/generator.go | 11 +++--- 4 files changed, 69 insertions(+), 5 deletions(-) diff --git a/cmd/generate.go b/cmd/generate.go index cdc49e7..2c3a121 100644 --- a/cmd/generate.go +++ b/cmd/generate.go @@ -17,6 +17,7 @@ import ( var ( tokenFetchRetries int pluginPaths []string + cacertPath string ) var generateCmd = &cobra.Command{ @@ -118,6 +119,7 @@ func init() { generateCmd.Flags().StringSliceVar(&targets, "target", []string{}, "set the target configs to make") generateCmd.Flags().StringSliceVar(&pluginPaths, "plugins", []string{}, "set the generator plugins directory path") generateCmd.Flags().StringVarP(&outputPath, "output", "o", "", "set the output path for config targets") + generateCmd.Flags().StringVar(&cacertPath, "ca-cert", "", "path to CA cert. (defaults to system CAs)") generateCmd.Flags().IntVar(&tokenFetchRetries, "fetch-retries", 5, "set the number of retries to fetch an access token") rootCmd.AddCommand(generateCmd) diff --git a/internal/client.go b/internal/client.go index 42a7e6e..1226095 100644 --- a/internal/client.go +++ b/internal/client.go @@ -2,10 +2,15 @@ package configurator import ( "bytes" + "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io" + "net" "net/http" + "os" + "time" "github.com/OpenCHAMI/configurator/internal/util" ) @@ -19,6 +24,61 @@ type SmdClient struct { type Params = map[string]any type Option func(Params) +type ClientOption func(*SmdClient) + +func NewSmdClient(opts ...ClientOption) SmdClient { + client := SmdClient{} + for _, opt := range opts { + opt(&client) + } + return client +} + +func WithHost(host string) ClientOption { + return func(c *SmdClient) { + c.Host = host + } +} + +func WithPort(port int) ClientOption { + return func(c *SmdClient) { + c.Port = port + } +} + +func WithAccessToken(token string) ClientOption { + return func(c *SmdClient) { + c.AccessToken = token + } +} + +func WithCertPool(certPool *x509.CertPool) ClientOption { + return func(c *SmdClient) { + c.Client.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: certPool, + InsecureSkipVerify: true, + }, + DisableKeepAlives: true, + Dial: (&net.Dialer{ + Timeout: 120 * time.Second, + KeepAlive: 120 * time.Second, + }).Dial, + TLSHandshakeTimeout: 120 * time.Second, + ResponseHeaderTimeout: 120 * time.Second, + } + } +} + +func WithSecureTLS(certPath string) ClientOption { + if certPath == "" { + return func(sc *SmdClient) {} + } + cacert, _ := os.ReadFile(certPath) + certPool := x509.NewCertPool() + certPool.AppendCertsFromPEM(cacert) + return WithCertPool(certPool) +} func WithVerbosity() Option { return func(p util.Params) { diff --git a/internal/config.go b/internal/config.go index 5a7b653..df58cc5 100644 --- a/internal/config.go +++ b/internal/config.go @@ -34,6 +34,7 @@ type Config struct { AccessToken string `yaml:"access-token"` Targets map[string]Target `yaml:"targets"` PluginDirs []string `yaml:"plugins"` + CertPath string `yaml:"ca-cert"` Options Options `yaml:"options"` } diff --git a/internal/generator/generator.go b/internal/generator/generator.go index a12acdf..a1840a5 100644 --- a/internal/generator/generator.go +++ b/internal/generator/generator.go @@ -186,11 +186,12 @@ func Generate(config *configurator.Config, params Params) (Files, error) { // load generator plugins to generate configs or to print var ( generators = make(map[string]Generator) - client = configurator.SmdClient{ - Host: config.SmdClient.Host, - Port: config.SmdClient.Port, - AccessToken: config.AccessToken, - } + client = configurator.NewSmdClient( + configurator.WithHost(config.SmdClient.Host), + configurator.WithPort(config.SmdClient.Port), + configurator.WithAccessToken(config.AccessToken), + configurator.WithSecureTLS(config.CertPath), + ) ) // load all plugins from params