unistack-org/micro
4
0
Fork 3
Code Issues 14 Pull Requests 2 Actions 2 Packages Projects Releases 252 Wiki Activity

config/cmd: secure broker (#1806)

Browse Source 
* config/cmd: secure broker

* config/cmd: remove testing
This commit is contained in:
ben-toogood 2020-07-08 16:22:48 +01:00 committed by GitHub
parent ce12c040fa
commit 333320dcb8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
broker/nats/nats.go
View File

@ -131,6 +131,10 @@ func (n *natsBroker) Connect() error {
c, err := opts.Connect() c, err := opts.Connect()
if err != nil { if err != nil {
if logger.V(logger.WarnLevel, logger.DefaultLogger) {
logger.Warnf("Error connecting to broker: %v", err)
}
return err return err
} }
n.conn = c n.conn = c

18
config/cmd/cmd.go
View File

@ -202,6 +202,11 @@ var (
EnvVars: []string{"MICRO_BROKER_ADDRESS"}, EnvVars: []string{"MICRO_BROKER_ADDRESS"},
Usage: "Comma-separated list of broker addresses", Usage: "Comma-separated list of broker addresses",
}, },
&cli.BoolFlag{
Name: "broker_secure",
Usage: "Secure connection to broker",
EnvVars: []string{"MICRO_BROKER_SECURE"},
},
&cli.StringFlag{ &cli.StringFlag{
Name: "profile", Name: "profile",
Usage: "Debug profiler for cpu and memory stats", Usage: "Debug profiler for cpu and memory stats",
@ -673,6 +678,17 @@ func (c *cmd) Before(ctx *cli.Context) error {
brokerOpts = append(brokerOpts, broker.Addrs(ctx.String("broker_address"))) brokerOpts = append(brokerOpts, broker.Addrs(ctx.String("broker_address")))
} }
// Parse broker TLS certs
if ctx.Bool("broker_secure") {
cert, err := tls.LoadX509KeyPair("/certs/broker/cert.pem", "/certs/broker/key.pem")
if err != nil {
logger.Fatalf("Error loading broker x509 key pair: %v", err)
}
cfg := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: caCertPool}
brokerOpts = append(brokerOpts, broker.TLSConfig(cfg))
}
// Setup registry options // Setup registry options
registryOpts := []registry.Option{registrySrv.WithClient(microClient)} registryOpts := []registry.Option{registrySrv.WithClient(microClient)}
@ -680,7 +696,7 @@ func (c *cmd) Before(ctx *cli.Context) error {
if ctx.Bool("registry_secure") { if ctx.Bool("registry_secure") {
cert, err := tls.LoadX509KeyPair("/certs/registry/cert.pem", "/certs/registry/key.pem") cert, err := tls.LoadX509KeyPair("/certs/registry/cert.pem", "/certs/registry/key.pem")
if err != nil { if err != nil {
logger.Fatalf("Error loading x509 key pair: %v", err) logger.Fatalf("Error loading registry x509 key pair: %v", err)
} }
cfg := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: caCertPool} cfg := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: caCertPool}