go-pkg/asynqmon
2
0
Fork 0
mirror of https://github.com/hibiken/asynqmon.git synced 2025-01-19 03:05:53 +08:00
Code Issues Projects Releases Wiki Activity

Move tls certificate and ca cert configuring to makeTLSConfig function

Browse Source
This commit is contained in:
Nick Sherron 2024-03-06 00:13:58 -05:00
parent cca2f00788
commit 99f33bc66a
No known key found for this signature in database
GPG Key ID: 3D8176919889DF27
1 changed files with 38 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
cmd/asynqmon/main.go
View File

@ -88,23 +88,48 @@ func parseFlags(progname string, args []string) (cfg *Config, output string, err
return &conf, buf.String(), nil return &conf, buf.String(), nil
} }
func makeTLSConfig(cfg *Config) *tls.Config { func makeTLSConfig(cfg *Config) (*tls.Config, error) {
if cfg.RedisTLS == "" && !cfg.RedisInsecureTLS { if cfg.RedisTLS == "" && !cfg.RedisInsecureTLS && cfg.RedisClientCert == "" && cfg.RedisClientKey == "" && cfg.RedisCaCert == "" {
return nil return nil, nil
} }
return &tls.Config{
tlsConfig := &tls.Config{
ServerName: cfg.RedisTLS, ServerName: cfg.RedisTLS,
InsecureSkipVerify: cfg.RedisInsecureTLS, InsecureSkipVerify: cfg.RedisInsecureTLS,
} }
if cfg.RedisClientCert != "" {
cert, err := tls.LoadX509KeyPair(cfg.RedisClientCert, cfg.RedisClientKey)
if err != nil {
return nil, fmt.Errorf("get certificate error RedisClientCert:%s RedisClientKey:%s error:%s", cfg.RedisClientCert, cfg.RedisClientKey, err)
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
if cfg.RedisCaCert != "" {
caCert, err := os.ReadFile(cfg.RedisCaCert)
if err != nil {
return nil, fmt.Errorf("read ca cert error RedisCaCert:%s error:%s", cfg.RedisCaCert, err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig.RootCAs = caCertPool
}
return tlsConfig, nil
} }
func makeRedisConnOpt(cfg *Config) (asynq.RedisConnOpt, error) { func makeRedisConnOpt(cfg *Config) (asynq.RedisConnOpt, error) {
// Connecting to redis-cluster // Connecting to redis-cluster
if len(cfg.RedisClusterNodes) > 0 { if len(cfg.RedisClusterNodes) > 0 {
tlsConfig, err := makeTLSConfig(cfg)
if err != nil {
return nil, err
}
return asynq.RedisClusterClientOpt{ return asynq.RedisClusterClientOpt{
Addrs: strings.Split(cfg.RedisClusterNodes, ","), Addrs: strings.Split(cfg.RedisClusterNodes, ","),
Password: cfg.RedisPassword, Password: cfg.RedisPassword,
TLSConfig: makeTLSConfig(cfg), TLSConfig: tlsConfig,
}, nil }, nil
} }
@ -115,7 +140,11 @@ func makeRedisConnOpt(cfg *Config) (asynq.RedisConnOpt, error) {
return nil, err return nil, err
} }
connOpt := res.(asynq.RedisFailoverClientOpt) // safe to type-assert connOpt := res.(asynq.RedisFailoverClientOpt) // safe to type-assert
connOpt.TLSConfig = makeTLSConfig(cfg) tlsConfig, err := makeTLSConfig(cfg)
if err != nil {
return nil, err
}
connOpt.TLSConfig = tlsConfig
return connOpt, nil return connOpt, nil
} }
@ -133,32 +162,11 @@ func makeRedisConnOpt(cfg *Config) (asynq.RedisConnOpt, error) {
connOpt.Password = cfg.RedisPassword connOpt.Password = cfg.RedisPassword
} }
if connOpt.TLSConfig == nil { if connOpt.TLSConfig == nil {
connOpt.TLSConfig = makeTLSConfig(cfg) tlsConfig, err := makeTLSConfig(cfg)
}
if cfg.RedisClientCert == "" && cfg.RedisCaCert == "" {
return connOpt, nil
}
if connOpt.TLSConfig == nil {
connOpt.TLSConfig = &tls.Config{}
}
if cfg.RedisClientCert != "" {
cert, err := tls.LoadX509KeyPair(cfg.RedisClientCert, cfg.RedisClientKey)
if err != nil { if err != nil {
return nil, fmt.Errorf("get certificate error RedisClientCert:%s RedisClientKey:%s error:%s", cfg.RedisClientCert, cfg.RedisClientKey, err) return nil, err
} }
connOpt.TLSConfig.Certificates = []tls.Certificate{cert} connOpt.TLSConfig = tlsConfig
}
if cfg.RedisCaCert != "" {
caCert, err := os.ReadFile(cfg.RedisCaCert)
if err != nil {
return nil, fmt.Errorf("read ca cert error RedisCaCert:%s error:%s", cfg.RedisCaCert, err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
connOpt.TLSConfig.RootCAs = caCertPool
} }
return connOpt, nil return connOpt, nil