LoadServerTLSConfigForInternalPort loads the TLS config for the internal ports of the cluster
(v *viper.Viper)
| 110 | |
| 111 | // LoadServerTLSConfigForInternalPort loads the TLS config for the internal ports of the cluster |
| 112 | func LoadServerTLSConfigForInternalPort(v *viper.Viper) (*tls.Config, error) { |
| 113 | tlsFlag := z.NewSuperFlag(v.GetString("tls")).MergeAndCheckDefault(TLSDefaults) |
| 114 | |
| 115 | if !tlsFlag.GetBool("internal-port") { |
| 116 | return nil, nil |
| 117 | } |
| 118 | if tlsFlag.GetPath("server-cert") == "" || tlsFlag.GetPath("server-key") == "" { |
| 119 | return nil, errors.Errorf(`Inter-node TLS is enabled but server node certs are not provided. ` + |
| 120 | `Please provide --tls "server-cert=...; server-key=...;"`) |
| 121 | } |
| 122 | conf := TLSHelperConfig{} |
| 123 | conf.UseSystemCACerts = tlsFlag.GetBool("use-system-ca") |
| 124 | conf.RootCACert = tlsFlag.GetPath("ca-cert") |
| 125 | conf.CertRequired = true |
| 126 | conf.Cert = tlsFlag.GetPath("server-cert") |
| 127 | conf.Key = tlsFlag.GetPath("server-key") |
| 128 | conf.ClientAuth = "REQUIREANDVERIFY" |
| 129 | return GenerateServerTLSConfig(&conf) |
| 130 | } |
| 131 | |
| 132 | // LoadServerTLSConfig loads the TLS config into the server with the given parameters. |
| 133 | func LoadServerTLSConfig(v *viper.Viper) (*tls.Config, error) { |
no test coverage detected