client: moved cacert logic from 'serve' cmd to client

2025-12-20 03:27:02 -07:00 · 2024-11-14 16:53:00 -07:00 · 2024-11-14 16:53:00 -07:00 · dac6c2306f
commit dac6c2306f
parent 043f8ec120
3 changed files with 70 additions and 59 deletions
--- a/pkg/generator/generator.go
+++ b/pkg/generator/generator.go
@ -36,6 +36,7 @@ type (
 		TemplatePaths []string
 		PluginPath    string
 		Target        string
+		Client        *configurator.SmdClient
 		Verbose       bool
 	}
 )
@ -409,17 +410,24 @@ func Generate(config *configurator.Config, params Params) (FileMap, error) {
 func GenerateWithTarget(config *configurator.Config, params Params) (FileMap, error) {
 	// load generator plugins to generate configs or to print
 	var (
+		client    configurator.SmdClient
+		target    configurator.Target
+		generator Generator
+		err       error
+		ok        bool
+	)
+
+	// check if we have a client from params first and create new one if not
+	if params.Client == nil {
 		client = configurator.NewSmdClient(
 			configurator.WithHost(config.SmdClient.Host),
 			configurator.WithPort(config.SmdClient.Port),
 			configurator.WithAccessToken(config.AccessToken),
 			configurator.WithCertPoolFile(config.CertPath),
 		)
-		target    configurator.Target
-		generator Generator
-		err       error
-		ok        bool
-	)
+	} else {
+		client = *params.Client
+	}

 	// check if a target is supplied
 	if len(params.Args) == 0 && params.Target == "" {
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@ -4,8 +4,11 @@
 package server

 import (
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
+	"net"
 	"net/http"
 	"os"
 	"time"
@ -60,13 +63,33 @@ func New(config *configurator.Config) *Server {
 }

 // Main function to start up configurator as a service.
-func (s *Server) Serve() error {
+func (s *Server) Serve(cacertPath string) error {
 	// create client just for the server to use to fetch data from SMD
-	_ = &configurator.SmdClient{
+	client := &configurator.SmdClient{
 		Host: s.Config.SmdClient.Host,
 		Port: s.Config.SmdClient.Port,
 	}

+	// add cert to client if `--cacert` flag is passed
+	if cacertPath != "" {
+		cacert, _ := os.ReadFile(cacertPath)
+		certPool := x509.NewCertPool()
+		certPool.AppendCertsFromPEM(cacert)
+		client.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs:            certPool,
+				InsecureSkipVerify: true,
+			},
+			DisableKeepAlives: true,
+			Dial: (&net.Dialer{
+				Timeout:   120 * time.Second,
+				KeepAlive: 120 * time.Second,
+			}).Dial,
+			TLSHandshakeTimeout:   120 * time.Second,
+			ResponseHeaderTimeout: 120 * time.Second,
+		}
+	}
+
 	// set the server address with config values
 	s.Server.Addr = fmt.Sprintf("%s:%d", s.Config.Server.Host, s.Config.Server.Port)

@ -104,12 +127,12 @@ func (s *Server) Serve() error {
 			)

 			// protected routes if using auth
-			r.HandleFunc("/generate", s.Generate)
+			r.HandleFunc("/generate", s.Generate(client))
 			r.HandleFunc("/templates", s.ManageTemplates)
 		})
 	} else {
 		// public routes without auth
-		router.HandleFunc("/generate", s.Generate)
+		router.HandleFunc("/generate", s.Generate(client))
 		router.HandleFunc("/templates", s.ManageTemplates)
 	}

@ -127,32 +150,36 @@ func (s *Server) Close() {
 // This is the corresponding service function to generate templated files, that
 // works similarly to the CLI variant. This function takes similiar arguments as
 // query parameters that are included in the HTTP request URL.
-func (s *Server) Generate(w http.ResponseWriter, r *http.Request) {
-	// get all of the expect query URL params and validate
-	s.GeneratorParams.Target = r.URL.Query().Get("target")
-	if s.GeneratorParams.Target == "" {
-		writeErrorResponse(w, "must specify a target")
-		return
-	}
+func (s *Server) Generate(client *configurator.SmdClient) func(w http.ResponseWriter, r *http.Request) {

-	// generate a new config file from supplied params
-	outputs, err := generator.GenerateWithTarget(s.Config, s.GeneratorParams)
-	if err != nil {
-		writeErrorResponse(w, "failed to generate file: %v", err)
-		return
-	}
+	return func(w http.ResponseWriter, r *http.Request) {
+		// get all of the expect query URL params and validate
+		s.GeneratorParams.Target = r.URL.Query().Get("target")
+		s.GeneratorParams.Client = client
+		if s.GeneratorParams.Target == "" {
+			writeErrorResponse(w, "must specify a target")
+			return
+		}

-	// marshal output to JSON then send response to client
-	tmp := generator.ConvertContentsToString(outputs)
-	b, err := json.Marshal(tmp)
-	if err != nil {
-		writeErrorResponse(w, "failed to marshal output: %v", err)
-		return
-	}
-	_, err = w.Write(b)
-	if err != nil {
-		writeErrorResponse(w, "failed to write response: %v", err)
-		return
+		// generate a new config file from supplied params
+		outputs, err := generator.GenerateWithTarget(s.Config, s.GeneratorParams)
+		if err != nil {
+			writeErrorResponse(w, "failed to generate file: %v", err)
+			return
+		}
+
+		// marshal output to JSON then send response to client
+		tmp := generator.ConvertContentsToString(outputs)
+		b, err := json.Marshal(tmp)
+		if err != nil {
+			writeErrorResponse(w, "failed to marshal output: %v", err)
+			return
+		}
+		_, err = w.Write(b)
+		if err != nil {
+			writeErrorResponse(w, "failed to write response: %v", err)
+			return
+		}
 	}
 }