mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-08 04:20:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

add config option to enable or disable TLS for nats

Browse Source
This commit is contained in:
David Christofas
2022-10-20 17:13:11 +02:00
committed by Michael Barz
parent ff8b16f9da
commit 45b92fc56f
26 changed files with 132 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/notifications/pkg/command/server.go
+18 -14
View File
@@ -39,23 +39,27 @@ func Server(cfg *config.Config) *cli.Command {
}
evtsCfg := cfg.Notifications.Events
var rootCAPool *x509.CertPool
if evtsCfg.TLSRootCACertificate != "" {
rootCrtFile, err := os.Open(evtsCfg.TLSRootCACertificate)
if err != nil {
return err
var tlsConf *tls.Config
if evtsCfg.EnableTLS {
var rootCAPool *x509.CertPool
if evtsCfg.TLSRootCACertificate != "" {
rootCrtFile, err := os.Open(evtsCfg.TLSRootCACertificate)
if err != nil {
return err
}
rootCAPool, err = crypto.NewCertPoolFromPEM(rootCrtFile)
if err != nil {
return err
}
evtsCfg.TLSInsecure = false
}
rootCAPool, err = crypto.NewCertPoolFromPEM(rootCrtFile)
if err != nil {
return err
tlsConf = &tls.Config{
InsecureSkipVerify: evtsCfg.TLSInsecure, //nolint:gosec
RootCAs: rootCAPool,
}
evtsCfg.TLSInsecure = false
}
tlsConf := &tls.Config{
InsecureSkipVerify: evtsCfg.TLSInsecure, //nolint:gosec
RootCAs: rootCAPool,
}
client, err := server.NewNatsStream(
natsjs.TLSConfig(tlsConf),
services/notifications/pkg/config/config.go
+1
View File
@@ -48,4 +48,5 @@ type Events struct {
ConsumerGroup string `yaml:"group" env:"NOTIFICATIONS_EVENTS_GROUP" desc:"Name of the event group / queue on the event system."`
TLSInsecure bool `yaml:"tls_insecure" env:"OCIS_INSECURE;NOTIFICATIONS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates."`
TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"NOTIFICATIONS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false."`
EnableTLS bool `yaml:"enable_tls" env:"OCIS_EVENTS_ENABLE_TLS;NOTIFICATIONS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker."`
}
services/notifications/pkg/config/defaults/defaultconfig.go
+1
View File
@@ -34,6 +34,7 @@ func DefaultConfig() *config.Config {
Endpoint: "127.0.0.1:9233",
Cluster: "ocis-cluster",
ConsumerGroup: "notifications",
EnableTLS: false,
},
RevaGateway: "127.0.0.1:9142",
},