From 628dc035264127e19b00314dc1e7eb586b4ede04 Mon Sep 17 00:00:00 2001 From: Connor1996 Date: Mon, 18 Dec 2023 16:19:28 +0800 Subject: [PATCH] pass tls info to dashboard Signed-off-by: Connor1996 --- go.mod | 2 +- go.sum | 2 ++ pkg/dashboard/adapter/config.go | 3 +++ pkg/utils/grpcutil/grpcutil.go | 32 ++++++++++++++++++++------------ 4 files changed, 26 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 676d350d22d..0e58f631e88 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/pingcap/kvproto v0.0.0-20231018065736-c0689aded40c github.com/pingcap/log v1.1.1-0.20221110025148-ca232912c9f3 github.com/pingcap/sysutil v1.0.1-0.20230407040306-fb007c5aff21 - github.com/pingcap/tidb-dashboard v0.0.0-20231127105651-ce4097837c5e + github.com/pingcap/tidb-dashboard v0.0.0-20231218071133-1f39ee09c535 github.com/prometheus/client_golang v1.11.1 github.com/prometheus/common v0.26.0 github.com/sasha-s/go-deadlock v0.2.0 diff --git a/go.sum b/go.sum index c7ceeee028c..bb5335409d3 100644 --- a/go.sum +++ b/go.sum @@ -468,6 +468,8 @@ github.com/pingcap/sysutil v1.0.1-0.20230407040306-fb007c5aff21 h1:QV6jqlfOkh8hq github.com/pingcap/sysutil v1.0.1-0.20230407040306-fb007c5aff21/go.mod h1:QYnjfA95ZaMefyl1NO8oPtKeb8pYUdnDVhQgf+qdpjM= github.com/pingcap/tidb-dashboard v0.0.0-20231127105651-ce4097837c5e h1:SJUSDejvKtj9vSh5ptRHh4iMrvPV3oKO8yp6/SYE8vc= github.com/pingcap/tidb-dashboard v0.0.0-20231127105651-ce4097837c5e/go.mod h1:ucZBRz52icb23T/5Z4CsuUHmarYiin7p2MeiVBe+o8c= +github.com/pingcap/tidb-dashboard v0.0.0-20231218071133-1f39ee09c535 h1:hS42PjriDULhQSy1oOEAkBpxgDgIsgRDLcSbCEHyTYY= +github.com/pingcap/tidb-dashboard v0.0.0-20231218071133-1f39ee09c535/go.mod h1:ucZBRz52icb23T/5Z4CsuUHmarYiin7p2MeiVBe+o8c= github.com/pingcap/tipb v0.0.0-20220718022156-3e2483c20a9e h1:FBaTXU8C3xgt/drM58VHxojHo/QoG1oPsgWTGvaSpO4= github.com/pingcap/tipb v0.0.0-20220718022156-3e2483c20a9e/go.mod h1:A7mrd7WHBl1o63LE2bIBGEJMTNWXqhgmYiOvMLxozfs= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= diff --git a/pkg/dashboard/adapter/config.go b/pkg/dashboard/adapter/config.go index 63c900acf77..a1661b84f2b 100644 --- a/pkg/dashboard/adapter/config.go +++ b/pkg/dashboard/adapter/config.go @@ -38,6 +38,9 @@ func GenDashboardConfig(srv *server.Server) (*config.Config, error) { if dashboardCfg.ClusterTLSConfig, err = cfg.Security.ToTLSConfig(); err != nil { return nil, err } + if dashboardCfg.ClusterTLSInfo, err = cfg.Security.ToTLSInfo(); err != nil { + return nil, err + } if dashboardCfg.TiDBTLSConfig, err = cfg.Dashboard.ToTiDBTLSConfig(); err != nil { return nil, err } diff --git a/pkg/utils/grpcutil/grpcutil.go b/pkg/utils/grpcutil/grpcutil.go index a001ec4bd03..3ce6b06bbca 100644 --- a/pkg/utils/grpcutil/grpcutil.go +++ b/pkg/utils/grpcutil/grpcutil.go @@ -56,6 +56,24 @@ type TLSConfig struct { SSLKEYBytes []byte } +// ToTLSInfo converts TLSConfig to transport.TLSInfo. +func (s TLSConfig) ToTLSInfo() (*transport.TLSInfo, error) { + if len(s.CertPath) == 0 && len(s.KeyPath) == 0 { + return nil, nil + } + allowedCN, err := s.GetOneAllowedCN() + if err != nil { + return nil, err + } + + return &transport.TLSInfo{ + CertFile: s.CertPath, + KeyFile: s.KeyPath, + TrustedCAFile: s.CAPath, + AllowedCN: allowedCN, + }, nil +} + // ToTLSConfig generates tls config. func (s TLSConfig) ToTLSConfig() (*tls.Config, error) { if len(s.SSLCABytes) != 0 || len(s.SSLCertBytes) != 0 || len(s.SSLKEYBytes) != 0 { @@ -77,19 +95,9 @@ func (s TLSConfig) ToTLSConfig() (*tls.Config, error) { }, nil } - if len(s.CertPath) == 0 && len(s.KeyPath) == 0 { - return nil, nil - } - allowedCN, err := s.GetOneAllowedCN() + tlsInfo, err := s.ToTLSInfo() if err != nil { - return nil, err - } - - tlsInfo := transport.TLSInfo{ - CertFile: s.CertPath, - KeyFile: s.KeyPath, - TrustedCAFile: s.CAPath, - AllowedCN: allowedCN, + return nil, errs.ErrEtcdTLSConfig.Wrap(err).GenWithStackByCause() } tlsConfig, err := tlsInfo.ClientConfig()