Add client auth support

fstehle · Oct 8, 2013 · 252bb24 · 252bb24
1 parent e888d95
commit 252bb24
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 13 deletions.
diff --git a/config.go b/config.go
@@ -17,16 +17,20 @@ func init() {
 	flag.IntVar(&interval, "i", 600, "etcd polling interval")
 	flag.StringVar(&prefix, "p", "/", "etcd key path prefix")
 	flag.BoolVar(&onetime, "onetime", false, "run once and exit")
+	flag.StringVar(&clientCert, "cert", "", "the client cert")
+	flag.StringVar(&clientKey, "key", "", "the client key")
 }
 
 var (
-	config   Config
-	confFile = "/etc/confd/confd.toml" // default confd configuration file
-	nodes    Nodes
-	confdir  string
-	interval int
-	prefix   string
-	onetime  bool
+	config     Config
+	confFile   = "/etc/confd/confd.toml" // default confd configuration file
+	nodes      Nodes
+	confdir    string
+	interval   int
+	prefix     string
+	onetime    bool
+	clientCert string
+	clientKey  string
 )
 
 // Nodes is a custom flag Var representing a list of etcd nodes. We use a custom
@@ -51,17 +55,29 @@ type Config struct {
 
 // confd represents the parsed configuration settings.
 type confd struct {
-	ConfDir   string
-	Interval  int
-	Prefix    string
-	EtcdNodes []string `toml:"etcd_nodes"`
+	ConfDir    string
+	ClientCert string
+	ClientKey  string
+	Interval   int
+	Prefix     string
+	EtcdNodes  []string `toml:"etcd_nodes"`
 }
 
 // ConfigDir returns the path to the confd config dir.
 func ConfigDir() string {
 	return filepath.Join(config.Confd.ConfDir, "conf.d")
 }
 
+// ClientCert returns the path to the client cert.
+func ClientCert() string {
+	return config.Confd.ClientCert
+}
+
+// ClientKey returns the path to the client key.
+func ClientKey() string {
+	return config.Confd.ClientKey
+}
+
 // EtcdNodes returns a list of etcd node url strings.
 // For example: ["http://203.0.113.30:4001"]
 func EtcdNodes() []string {
@@ -135,6 +151,10 @@ func override(f *flag.Flag) {
 		config.Confd.EtcdNodes = nodes
 	case "p":
 		config.Confd.Prefix = prefix
+	case "cert":
+		config.Confd.ClientCert = clientCert
+	case "key":
+		config.Confd.ClientKey = clientKey
 	}
 }
 

diff --git a/etcd_client.go b/etcd_client.go
@@ -9,8 +9,14 @@ import (
 
 // newEtcdClient returns an *etcd.Client with a connection to named machines.
 // It returns an error if a connection to the cluster cannot be made.
-func newEtcdClient(machines []string) (*etcd.Client, error) {
+func newEtcdClient(machines []string, cert, key string) (*etcd.Client, error) {
 	c := etcd.NewClient()
+	if cert != "" {
+		_, err := c.SetCertAndKey(cert, key)
+		if err != nil {
+			return c, err
+		}
+	}
 	success := c.SetCluster(machines)
 	if !success {
 		return c, errors.New("cannot connect to etcd cluster")

diff --git a/template.go b/template.go
@@ -46,7 +46,7 @@ type Template struct {
 
 // setVars sets the Vars for template config.
 func (t *Template) setVars() error {
-	c, err := newEtcdClient(EtcdNodes())
+	c, err := newEtcdClient(EtcdNodes(), ClientCert(), ClientKey())
 	if err != nil {
 		return err
 	}