Moved implementation to "tlsconfig.go" also implemented suggestions.

Suggestions implemented: #104 (comment) #104 (comment) #104 (comment) #104 (comment) Signed-off-by: Martin René Sørensen <[email protected]>
roadrunner-server · Nov 19, 2024 · 4b64f14 · 4b64f14
1 parent f656464
commit 4b64f14
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 40 deletions.
diff --git a/kv/config.go b/kv/config.go
@@ -26,11 +26,7 @@ type Config struct {
 	IdleTimeout      time.Duration `mapstructure:"idle_timeout"`
 	IdleCheckFreq    time.Duration `mapstructure:"idle_check_freq"`
 	ReadOnly         bool          `mapstructure:"read_only"`
-	TLSConfig        TLSConfig     `mapstructure:"tls"`
-}
-
-type TLSConfig struct {
-	CaFile string `mapstructure:"ca_file"`
+	TLSConfig        *TLSConfig    `mapstructure:"tls"`
 }
 
 // InitDefaults initializing fill config with default values

diff --git a/kv/driver.go b/kv/driver.go
@@ -2,10 +2,7 @@ package kv
 
 import (
 	"context"
-	"crypto/tls"
-	"crypto/x509"
 	stderr "errors"
-	"os"
 	"strings"
 	"time"
 	"unsafe"
@@ -56,7 +53,12 @@ func NewRedisDriver(log *zap.Logger, key string, cfgPlugin Configurer, tracer *s
 
 	d.cfg.InitDefaults()
 
-	redisOptions := &redis.UniversalOptions{
+	tlsConfig, tlsConfigErr := NewTLSConfig(d.cfg.TLSConfig, log)
+	if tlsConfigErr != nil {
+		return nil, errors.E(op, tlsConfigErr)
+	}
+
+	d.universalClient = redis.NewUniversalClient(&redis.UniversalOptions{
 		Addrs:            d.cfg.Addrs,
 		DB:               d.cfg.DB,
 		Username:         d.cfg.Username,
@@ -77,37 +79,8 @@ func NewRedisDriver(log *zap.Logger, key string, cfgPlugin Configurer, tracer *s
 		RouteByLatency:   d.cfg.RouteByLatency,
 		RouteRandomly:    d.cfg.RouteRandomly,
 		MasterName:       d.cfg.MasterName,
-	}
-
-	if d.cfg.TLSConfig.CaFile != "" {
-		tlsConfig := &tls.Config{
-			MinVersion: tls.VersionTLS12,
-		}
-
-		rootCAs, sysCertErr := x509.SystemCertPool()
-		if sysCertErr != nil {
-			rootCAs = x509.NewCertPool()
-			d.log.Warn("unable to load system certificate pool, using empty pool", zap.Error(sysCertErr))
-		}
-
-		if _, crtExistErr := os.Stat(d.cfg.TLSConfig.CaFile); crtExistErr != nil {
-			return nil, errors.E(op, crtExistErr)
-		}
-
-		bytes, crtReadErr := os.ReadFile(d.cfg.TLSConfig.CaFile)
-		if crtReadErr != nil {
-			return nil, errors.E(op, crtReadErr)
-		}
-
-		if !rootCAs.AppendCertsFromPEM(bytes) {
-			return nil, errors.E(op, errors.Errorf("failed to parse certificates from PEM file '%s'. Please ensure the file contains valid PEM-encoded certificates", d.cfg.TLSConfig.CaFile))
-		}
-
-		tlsConfig.RootCAs = rootCAs
-		redisOptions.TLSConfig = tlsConfig
-	}
-
-	d.universalClient = redis.NewUniversalClient(redisOptions)
+		TLSConfig:        tlsConfig,
+	})
 
 	err = redisotel.InstrumentMetrics(d.universalClient)
 	if err != nil {

diff --git a/kv/tlsconfig.go b/kv/tlsconfig.go
@@ -0,0 +1,42 @@
+package kv
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"github.com/roadrunner-server/errors"
+	"go.uber.org/zap"
+	"os"
+)
+
+type TLSConfig struct {
+	RootCa string `mapstructure:"root_ca"`
+}
+
+func NewTLSConfig(c *TLSConfig, log *zap.Logger) (*tls.Config, error) {
+	if c == nil || c.RootCa == "" {
+		return nil, nil
+	}
+	tlsConfig := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+	}
+	rootCAs, sysCertErr := x509.SystemCertPool()
+	if sysCertErr != nil {
+		rootCAs = x509.NewCertPool()
+		log.Warn("unable to load system certificate pool, using empty pool", zap.Error(sysCertErr))
+	}
+
+	if _, crtExistErr := os.Stat(c.RootCa); crtExistErr != nil {
+		return nil, crtExistErr
+	}
+
+	bytes, crtReadErr := os.ReadFile(c.RootCa)
+	if crtReadErr != nil {
+		return nil, crtReadErr
+	}
+
+	if !rootCAs.AppendCertsFromPEM(bytes) {
+		return nil, errors.Errorf("failed to parse certificates from PEM file '%s'. Please ensure the file contains valid PEM-encoded certificates", c.RootCa)
+	}
+	tlsConfig.RootCAs = rootCAs
+	return tlsConfig, nil
+}