lncfg+etcd: add TLS config

This commit extends lncfg with etcd TLS config and passes these
parameters to the etcd client upon construction.
This commit is contained in:
Andras Banki-Horvath 2020-05-08 18:38:46 +02:00
parent b54f8a1b97
commit 3ef331e016
3 changed files with 37 additions and 3 deletions

View File

@ -10,6 +10,7 @@ import (
"github.com/btcsuite/btcwallet/walletdb"
"github.com/coreos/etcd/clientv3"
"github.com/coreos/etcd/pkg/transport"
)
const (
@ -130,6 +131,16 @@ type BackendConfig struct {
// Pass is the password for the etcd peer.
Pass string
// CertFile holds the path to the TLS certificate for etcd RPC.
CertFile string
// KeyFile holds the path to the TLS private key for etcd RPC.
KeyFile string
// InsecureSkipVerify should be set to true if we intend to
// skip TLS verification.
InsecureSkipVerify bool
// CollectCommitStats indicates wheter to commit commit stats.
CollectCommitStats bool
}
@ -137,12 +148,25 @@ type BackendConfig struct {
// newEtcdBackend returns a db object initialized with the passed backend
// config. If etcd connection cannot be estabished, then returns error.
func newEtcdBackend(config BackendConfig) (*db, error) {
tlsInfo := transport.TLSInfo{
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: config.InsecureSkipVerify,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return nil, err
}
cli, err := clientv3.New(clientv3.Config{
Endpoints: []string{config.Host},
DialTimeout: etcdConnectionTimeout,
Username: config.User,
Password: config.Pass,
TLS: tlsConfig,
})
if err != nil {
return nil, err
}

View File

@ -61,9 +61,10 @@ func NewEmbeddedEtcdInstance(path string) (*BackendConfig, func(), error) {
}
connConfig := &BackendConfig{
Host: "http://" + peerURL,
User: "user",
Pass: "pass",
Host: "http://" + peerURL,
User: "user",
Pass: "pass",
InsecureSkipVerify: true,
}
return connConfig, func() {

View File

@ -26,6 +26,12 @@ type EtcdDB struct {
Pass string `long:"pass" description:"Password for the database user."`
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
InsecureSkipVerify bool `long:"insecure_skip_verify" description:"Whether we intend to skip TLS verification"`
CollectStats bool `long:"collect_stats" description:"Wheter to collect etcd commit stats."`
}
@ -73,6 +79,9 @@ func (db *DB) GetBackend(path string) (kvdb.Backend, error) {
Host: db.Etcd.Host,
User: db.Etcd.User,
Pass: db.Etcd.Pass,
CertFile: db.Etcd.CertFile,
KeyFile: db.Etcd.KeyFile,
InsecureSkipVerify: db.Etcd.InsecureSkipVerify,
CollectCommitStats: db.Etcd.CollectStats,
}
return kvdb.Open(kvdb.EtcdBackendName, backendConfig)