generated from pulumi/pulumi-provider-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add infrastructure for loading certs on the server (#86)
* Move the expect package * Refactor Makefile for better file handling The Makefile has been updated to improve the way it handles '.go' files. The changes include: - Adjusted the GO_SRC variable to exclude './' from the start of file paths. - Added new targets under .make/tidy/ for each Go module (gen, provider, sdk, tests) to ensure their dependencies are tidied up correctly. * Go crap * Create certs and put them in the container * Added TLS support to gRPC server - Introduced a new function to load certificates for TLS configuration - Added a new option in the provisioner struct for gRPC server options - Modified the New function to include these server options when creating a new gRPC server - Created an opt function WithTLS that appends TLS credentials to the gRPC server options - Renamed RegisterCommandServiceServer and State functions for better readability * Added NoOp and If functions to opts Two new utility functions have been added to the opts package. The NoOp function is a no-operation function that returns an error-free function for any type. The If function takes a boolean predicate and an option, returning the option if the predicate is true or a no-op otherwise. * Refactor provisioner with error handling and options Significant changes include: - Added error handling to the 'New' function in the provisioner package. - Introduced new functions for setting gRPC options and TLS configuration. - Created a function to handle optional certificates, which only applies if all certificate files are provided. - Refactored existing functions to use these new option-setting functions. * Enhanced logging and added optional certificate support The provisioner's main.go file has been updated to enhance the logging system. The log level is now set based on the verbose flag, and error messages have been improved for better clarity. Additionally, support for optional certificates (CA, server certificate, and private key) has been introduced. These can be provided via new command line flags: 'ca-file', 'cert-file', and 'key-file'.
- Loading branch information
1 parent
23f3f54
commit 1302582
Showing
15 changed files
with
304 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package provisioner | ||
|
||
import ( | ||
"crypto/tls" | ||
"crypto/x509" | ||
"fmt" | ||
"os" | ||
) | ||
|
||
func LoadCertificates(caPath, certPath, keyPath string) (*tls.Config, error) { | ||
cert, err := tls.LoadX509KeyPair(certPath, keyPath) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed loading keypair: %w", err) | ||
} | ||
|
||
ca := x509.NewCertPool() | ||
caData, err := os.ReadFile(caPath) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed reading ca file: %w", err) | ||
} | ||
if ok := ca.AppendCertsFromPEM(caData); ok { | ||
return nil, fmt.Errorf("unable to append ca data from file %s", caPath) | ||
} | ||
|
||
return &tls.Config{ | ||
ClientAuth: tls.RequireAndVerifyClientCert, | ||
Certificates: []tls.Certificate{cert}, | ||
ClientCAs: ca, | ||
}, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.