config/cmd: secure broker (#1806)

* config/cmd: secure broker

* config/cmd: remove testing

broker/nats/nats.go

@@ -131,6 +131,10 @@ func (n *natsBroker) Connect() error {
 
 		c, err := opts.Connect()
 		if err != nil {
+			if logger.V(logger.WarnLevel, logger.DefaultLogger) {
+				logger.Warnf("Error connecting to broker: %v", err)
+			}
+
 			return err
 		}
 		n.conn = c

config/cmd/cmd.go

@@ -202,6 +202,11 @@ var (
 			EnvVars: []string{"MICRO_BROKER_ADDRESS"},
 			Usage:   "Comma-separated list of broker addresses",
 		},
+		&cli.BoolFlag{
+			Name:    "broker_secure",
+			Usage:   "Secure connection to broker",
+			EnvVars: []string{"MICRO_BROKER_SECURE"},
+		},
 		&cli.StringFlag{
 			Name:    "profile",
 			Usage:   "Debug profiler for cpu and memory stats",
@@ -673,6 +678,17 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		brokerOpts = append(brokerOpts, broker.Addrs(ctx.String("broker_address")))
 	}
 
+	// Parse broker TLS certs
+	if ctx.Bool("broker_secure") {
+		cert, err := tls.LoadX509KeyPair("/certs/broker/cert.pem", "/certs/broker/key.pem")
+		if err != nil {
+			logger.Fatalf("Error loading broker x509 key pair: %v", err)
+		}
+
+		cfg := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: caCertPool}
+		brokerOpts = append(brokerOpts, broker.TLSConfig(cfg))
+	}
+
 	// Setup registry options
 	registryOpts := []registry.Option{registrySrv.WithClient(microClient)}
 
@@ -680,7 +696,7 @@ func (c *cmd) Before(ctx *cli.Context) error {
 	if ctx.Bool("registry_secure") {
 		cert, err := tls.LoadX509KeyPair("/certs/registry/cert.pem", "/certs/registry/key.pem")
 		if err != nil {
-			logger.Fatalf("Error loading x509 key pair: %v", err)
+			logger.Fatalf("Error loading registry x509 key pair: %v", err)
 		}
 
 		cfg := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: caCertPool}