MCPcopy Index your code
hub / github.com/bytebase/bytebase / validateAndSanitizeDataSourceTLS

Function validateAndSanitizeDataSourceTLS

backend/api/v1/instance_service.go:271–333  ·  view source on GitHub ↗
(ds *storepb.DataSource)

Source from the content-addressed store, hash-verified

269}
270
271func validateAndSanitizeDataSourceTLS(ds *storepb.DataSource) error {
272 if !ds.GetUseSsl() {
273 ds.SslCa = ""
274 ds.SslCert = ""
275 ds.SslKey = ""
276 ds.SslCaPath = ""
277 ds.SslCertPath = ""
278 ds.SslKeyPath = ""
279 return nil
280 }
281 for _, conflict := range []struct {
282 inlineField string
283 pathField string
284 inlineValue string
285 pathValue string
286 }{
287 {"ssl_ca", "ssl_ca_path", ds.GetSslCa(), ds.GetSslCaPath()},
288 {"ssl_cert", "ssl_cert_path", ds.GetSslCert(), ds.GetSslCertPath()},
289 {"ssl_key", "ssl_key_path", ds.GetSslKey(), ds.GetSslKeyPath()},
290 } {
291 if conflict.inlineValue != "" && conflict.pathValue != "" {
292 return errors.Errorf("cannot set both %s and %s; clear one of them by including the field in the update_mask with an empty value when switching TLS material source", conflict.inlineField, conflict.pathField)
293 }
294 }
295 for _, pathField := range []struct {
296 field string
297 path string
298 }{
299 {"ssl_ca_path", ds.GetSslCaPath()},
300 {"ssl_cert_path", ds.GetSslCertPath()},
301 {"ssl_key_path", ds.GetSslKeyPath()},
302 } {
303 if pathField.path != "" && !filepath.IsAbs(pathField.path) {
304 return errors.Errorf("%s must be an absolute path", pathField.field)
305 }
306 }
307 if ds.GetSslCa() != "" {
308 if err := validateInlineCAPEM([]byte(ds.GetSslCa())); err != nil {
309 return errors.Wrap(err, "invalid ssl_ca PEM")
310 }
311 }
312 certSet := ds.GetSslCert() != "" || ds.GetSslCertPath() != ""
313 keySet := ds.GetSslKey() != "" || ds.GetSslKeyPath() != ""
314 if certSet != keySet {
315 return errors.New("ssl_cert and ssl_key must be both set or unset")
316 }
317 if ds.GetSslCert() != "" && ds.GetSslKey() != "" {
318 if _, err := tls.X509KeyPair([]byte(ds.GetSslCert()), []byte(ds.GetSslKey())); err != nil {
319 return errors.Wrap(err, "invalid ssl_cert or ssl_key PEM")
320 }
321 }
322 if ds.GetSslCert() != "" && ds.GetSslKey() == "" {
323 if err := validateInlineCertPEM([]byte(ds.GetSslCert())); err != nil {
324 return errors.Wrap(err, "invalid ssl_cert PEM")
325 }
326 }
327 if ds.GetSslKey() != "" && ds.GetSslCert() == "" {
328 if err := validateInlineKeyPEM([]byte(ds.GetSslKey())); err != nil {

Calls 11

validateInlineCAPEMFunction · 0.85
validateInlineCertPEMFunction · 0.85
validateInlineKeyPEMFunction · 0.85
ErrorfMethod · 0.80
GetUseSslMethod · 0.45
GetSslCaMethod · 0.45
GetSslCaPathMethod · 0.45
GetSslCertMethod · 0.45
GetSslCertPathMethod · 0.45
GetSslKeyMethod · 0.45
GetSslKeyPathMethod · 0.45