Add possibility to skip tls verification for consul
This commit is contained in:
parent
730c9049ad
commit
e7f6c15bc1
3 changed files with 37 additions and 15 deletions
|
@ -39,6 +39,8 @@ pub struct ConfigOptsConsul {
|
||||||
pub url: Option<String>,
|
pub url: Option<String>,
|
||||||
/// Consul's CA certificate [default: None]
|
/// Consul's CA certificate [default: None]
|
||||||
pub ca_cert: Option<String>,
|
pub ca_cert: Option<String>,
|
||||||
|
/// Skip TLS verification for Consul server
|
||||||
|
pub tls_skip_verify: bool,
|
||||||
/// Consul's client certificate [default: None]
|
/// Consul's client certificate [default: None]
|
||||||
pub client_cert: Option<String>,
|
pub client_cert: Option<String>,
|
||||||
/// Consul's client key [default: None]
|
/// Consul's client key [default: None]
|
||||||
|
|
|
@ -20,7 +20,7 @@ pub struct RuntimeConfigAcme {
|
||||||
pub struct RuntimeConfigConsul {
|
pub struct RuntimeConfigConsul {
|
||||||
pub node_name: String,
|
pub node_name: String,
|
||||||
pub url: String,
|
pub url: String,
|
||||||
pub tls: Option<(reqwest::Certificate, reqwest::Identity)>,
|
pub tls: Option<(Option<reqwest::Certificate>, bool, reqwest::Identity)>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
|
@ -80,11 +80,16 @@ impl RuntimeConfigConsul {
|
||||||
.expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required");
|
.expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required");
|
||||||
let url = opts.url.unwrap_or(super::CONSUL_URL.to_string());
|
let url = opts.url.unwrap_or(super::CONSUL_URL.to_string());
|
||||||
|
|
||||||
let tls = match (&opts.ca_cert, &opts.client_cert, &opts.client_key) {
|
let tls = match (&opts.client_cert, &opts.client_key) {
|
||||||
(Some(ca_cert), Some(client_cert), Some(client_key)) => {
|
(Some(client_cert), Some(client_key)) => {
|
||||||
|
let cert = match &opts.ca_cert {
|
||||||
|
Some(ca_cert) => {
|
||||||
let mut ca_cert_buf = vec![];
|
let mut ca_cert_buf = vec![];
|
||||||
File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
|
File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
|
||||||
let cert = reqwest::Certificate::from_pem(&ca_cert_buf[..])?;
|
Some(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
|
||||||
|
}
|
||||||
|
None => None,
|
||||||
|
};
|
||||||
|
|
||||||
let mut client_cert_buf = vec![];
|
let mut client_cert_buf = vec![];
|
||||||
File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
|
File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
|
||||||
|
@ -95,9 +100,9 @@ impl RuntimeConfigConsul {
|
||||||
let ident =
|
let ident =
|
||||||
reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
|
reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
|
||||||
|
|
||||||
Some((cert, ident))
|
Some((cert, opts.tls_skip_verify, ident))
|
||||||
}
|
}
|
||||||
(None, None, None) => None,
|
(None, None) => None,
|
||||||
_ => bail!("Incomplete TLS configuration parameters"),
|
_ => bail!("Incomplete TLS configuration parameters"),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -23,13 +23,28 @@ pub struct Consul {
|
||||||
|
|
||||||
impl Consul {
|
impl Consul {
|
||||||
pub fn new(config: &RuntimeConfigConsul) -> Self {
|
pub fn new(config: &RuntimeConfigConsul) -> Self {
|
||||||
let client = if let Some((ca, ident)) = config.tls.clone() {
|
let client = if let Some((ca, skip_verify, ident)) = config.tls.clone() {
|
||||||
|
if skip_verify {
|
||||||
|
reqwest::Client::builder()
|
||||||
|
.use_rustls_tls()
|
||||||
|
.danger_accept_invalid_certs(true)
|
||||||
|
.identity(ident)
|
||||||
|
.build()
|
||||||
|
.expect("Unable to build reqwest client")
|
||||||
|
} else if let Some(ca) = ca {
|
||||||
reqwest::Client::builder()
|
reqwest::Client::builder()
|
||||||
.use_rustls_tls()
|
.use_rustls_tls()
|
||||||
.add_root_certificate(ca)
|
.add_root_certificate(ca)
|
||||||
.identity(ident)
|
.identity(ident)
|
||||||
.build()
|
.build()
|
||||||
.expect("Unable to build reqwest client")
|
.expect("Unable to build reqwest client")
|
||||||
|
} else {
|
||||||
|
reqwest::Client::builder()
|
||||||
|
.use_rustls_tls()
|
||||||
|
.identity(ident)
|
||||||
|
.build()
|
||||||
|
.expect("Unable to build reqwest client")
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
reqwest::Client::new()
|
reqwest::Client::new()
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue