Make repo a Nix flake #16
3 changed files with 37 additions and 15 deletions
|
@ -39,6 +39,8 @@ pub struct ConfigOptsConsul {
|
|||
pub url: Option<String>,
|
||||
/// Consul's CA certificate [default: None]
|
||||
pub ca_cert: Option<String>,
|
||||
/// Skip TLS verification for Consul server
|
||||
pub tls_skip_verify: bool,
|
||||
/// Consul's client certificate [default: None]
|
||||
pub client_cert: Option<String>,
|
||||
/// Consul's client key [default: None]
|
||||
|
|
|
@ -20,7 +20,7 @@ pub struct RuntimeConfigAcme {
|
|||
pub struct RuntimeConfigConsul {
|
||||
pub node_name: String,
|
||||
pub url: String,
|
||||
pub tls: Option<(reqwest::Certificate, reqwest::Identity)>,
|
||||
pub tls: Option<(Option<reqwest::Certificate>, bool, reqwest::Identity)>,
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
|
@ -80,11 +80,16 @@ impl RuntimeConfigConsul {
|
|||
.expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required");
|
||||
let url = opts.url.unwrap_or(super::CONSUL_URL.to_string());
|
||||
|
||||
let tls = match (&opts.ca_cert, &opts.client_cert, &opts.client_key) {
|
||||
(Some(ca_cert), Some(client_cert), Some(client_key)) => {
|
||||
let mut ca_cert_buf = vec![];
|
||||
File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
|
||||
let cert = reqwest::Certificate::from_pem(&ca_cert_buf[..])?;
|
||||
let tls = match (&opts.client_cert, &opts.client_key) {
|
||||
(Some(client_cert), Some(client_key)) => {
|
||||
let cert = match &opts.ca_cert {
|
||||
Some(ca_cert) => {
|
||||
let mut ca_cert_buf = vec![];
|
||||
File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
|
||||
Some(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
|
||||
}
|
||||
None => None,
|
||||
};
|
||||
|
||||
let mut client_cert_buf = vec![];
|
||||
File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
|
||||
|
@ -95,9 +100,9 @@ impl RuntimeConfigConsul {
|
|||
let ident =
|
||||
reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
|
||||
|
||||
Some((cert, ident))
|
||||
Some((cert, opts.tls_skip_verify, ident))
|
||||
}
|
||||
(None, None, None) => None,
|
||||
(None, None) => None,
|
||||
_ => bail!("Incomplete TLS configuration parameters"),
|
||||
};
|
||||
|
||||
|
|
|
@ -23,13 +23,28 @@ pub struct Consul {
|
|||
|
||||
impl Consul {
|
||||
pub fn new(config: &RuntimeConfigConsul) -> Self {
|
||||
let client = if let Some((ca, ident)) = config.tls.clone() {
|
||||
reqwest::Client::builder()
|
||||
.use_rustls_tls()
|
||||
.add_root_certificate(ca)
|
||||
.identity(ident)
|
||||
.build()
|
||||
.expect("Unable to build reqwest client")
|
||||
let client = if let Some((ca, skip_verify, ident)) = config.tls.clone() {
|
||||
if skip_verify {
|
||||
reqwest::Client::builder()
|
||||
.use_rustls_tls()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.identity(ident)
|
||||
.build()
|
||||
.expect("Unable to build reqwest client")
|
||||
} else if let Some(ca) = ca {
|
||||
reqwest::Client::builder()
|
||||
.use_rustls_tls()
|
||||
.add_root_certificate(ca)
|
||||
.identity(ident)
|
||||
.build()
|
||||
.expect("Unable to build reqwest client")
|
||||
} else {
|
||||
reqwest::Client::builder()
|
||||
.use_rustls_tls()
|
||||
.identity(ident)
|
||||
.build()
|
||||
.expect("Unable to build reqwest client")
|
||||
}
|
||||
} else {
|
||||
reqwest::Client::new()
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue