docker/pgcat
1
0
Fork 0
mirror of https://github.com/postgresml/pgcat.git synced 2026-03-27 18:56:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

config check

Browse Source
This commit is contained in:
Lev
2022-06-27 17:01:14 -07:00
parent c11d595ac7
commit 7667fefead
2 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/config.rs
View File

@@ -8,9 +8,11 @@ use std::sync::Arc;
use tokio::fs::File; use tokio::fs::File;
use tokio::io::AsyncReadExt; use tokio::io::AsyncReadExt;
use toml; use toml;
use std::path::Path;
use crate::errors::Error; use crate::errors::Error;
use crate::{ClientServerMap, ConnectionPool}; use crate::{ClientServerMap, ConnectionPool};
use crate::tls::{load_certs, load_keys};
/// Globally available configuration. /// Globally available configuration.
static CONFIG: Lazy<ArcSwap<Config>> = Lazy::new(|| ArcSwap::from_pointee(Config::default())); static CONFIG: Lazy<ArcSwap<Config>> = Lazy::new(|| ArcSwap::from_pointee(Config::default()));
@@ -253,6 +255,25 @@ impl Config {
info!("Primary reads: {}", self.query_router.primary_reads_enabled); info!("Primary reads: {}", self.query_router.primary_reads_enabled);
info!("Query router: {}", self.query_router.query_parser_enabled); info!("Query router: {}", self.query_router.query_parser_enabled);
info!("Number of shards: {}", self.shards.len()); info!("Number of shards: {}", self.shards.len());
match self.general.tls_certificate.clone() {
Some(tls_certificate) => {
info!("TLS certificate: {}", tls_certificate);
match self.general.tls_private_key.clone() {
Some(tls_private_key) => {
info!("TLS private key: {}", tls_private_key);
info!("TLS support is enabled");
},
None => (),
}
}
None => {
info!("TLS support is disabled");
},
};
} }
} }
@@ -372,6 +393,39 @@ pub async fn parse(path: &str) -> Result<(), Error> {
} }
}; };
// Validate TLS!
match config.general.tls_certificate.clone() {
Some(tls_certificate) => {
match load_certs(&Path::new(&tls_certificate)) {
Ok(_) => {
// Cert is okay, but what about the private key?
match config.general.tls_private_key.clone() {
Some(tls_private_key) => {
match load_keys(&Path::new(&tls_private_key)) {
Ok(_) => (),
Err(err) => {
error!("tls_private_key is incorrectly configured: {:?}", err);
return Err(Error::BadConfig);
}
}
}
None => {
error!("tls_certificate is set, but the tls_private_key is not");
return Err(Error::BadConfig);
}
};
}
Err(err) => {
error!("tls_certificate is incorrectly configured: {:?}", err);
return Err(Error::BadConfig);
}
}
},
None => (),
};
config.path = path.to_string(); config.path = path.to_string();
// Update the configuration globally. // Update the configuration globally.

4
src/tls.rs
View File

@@ -10,13 +10,13 @@ use crate::config::get_config;
use crate::errors::Error; use crate::errors::Error;
// TLS // TLS
fn load_certs(path: &Path) -> std::io::Result<Vec<Certificate>> { pub fn load_certs(path: &Path) -> std::io::Result<Vec<Certificate>> {
certs(&mut std::io::BufReader::new(std::fs::File::open(path)?)) certs(&mut std::io::BufReader::new(std::fs::File::open(path)?))
.map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid cert")) .map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid cert"))
.map(|mut certs| certs.drain(..).map(Certificate).collect()) .map(|mut certs| certs.drain(..).map(Certificate).collect())
} }
fn load_keys(path: &Path) -> std::io::Result<Vec<PrivateKey>> { pub fn load_keys(path: &Path) -> std::io::Result<Vec<PrivateKey>> {
rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?)) rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
.map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid key")) .map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid key"))
.map(|mut keys| keys.drain(..).map(PrivateKey).collect()) .map(|mut keys| keys.drain(..).map(PrivateKey).collect())