Add mutual authentication settings for resty (#34)

ricardo-ch · Jun 1, 2019 · 0384154 · 0384154
1 parent a3b9cb6
commit 0384154
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 11 deletions.
diff --git a/cli/cmd/helper.go b/cli/cmd/helper.go
@@ -1,9 +1,11 @@
 package cmd
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"github.com/ricardo-ch/go-kafka-connect/lib/connectors"
+	"log"
 )
 
 func printResponse(response interface{}) error {
@@ -23,5 +25,13 @@ func getClient() connectors.HighLevelClient {
 	if SSLInsecure {
 		client.SetInsecureSSL()
 	}
+	if len(SSLClientCertificate) > 0 && len(SSLClientPrivateKey) > 0 {
+		cert, err := tls.LoadX509KeyPair(SSLClientCertificate, SSLClientPrivateKey)
+		if err != nil {
+			log.Fatalf("client: loadkeys: %s", err)
+		} else {
+			client.SetClientCertificates(cert)
+		}
+	}
 	return client
 }
diff --git a/cli/cmd/root.go b/cli/cmd/root.go
@@ -22,17 +22,19 @@ import (
 )
 
 var (
-	url          string
-	connector    string
-	filePath     string
-	configString string
-	sync         bool
-	status       bool
-	config       bool
-	tasks        bool
-	verbose      bool
-	SSLInsecure  bool
-	parallel     int
+	url          	        string
+	connector    	        string
+	filePath     	        string
+	configString 	        string
+	sync         	        bool
+	status       	        bool
+	config       	        bool
+	tasks        	        bool
+	verbose      	        bool
+	SSLInsecure  	        bool
+	parallel     	        int
+	SSLClientCertificate    string
+	SSLClientPrivateKey     string
 )
 
 var RootCmd = &cobra.Command{
@@ -56,4 +58,6 @@ func init() {
 	RootCmd.PersistentFlags().StringVarP(&url, "url", "u", "http://localhost:8083", "kafka connect URL")
 	RootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, `/!\ very verbose`)
 	RootCmd.PersistentFlags().BoolVarP(&SSLInsecure, "insecure-skip-verify", "i", false, `skip SSL/TLS verification`)
+	RootCmd.PersistentFlags().StringVarP(&SSLClientCertificate, "ssl-client-certificate", "C", "", `client certificate, must contain PEM encoded data`)
+	RootCmd.PersistentFlags().StringVarP(&SSLClientPrivateKey, "ssl-client-key", "K", "", `client private key`)
 }
diff --git a/lib/connectors/base_client.go b/lib/connectors/base_client.go
@@ -28,6 +28,7 @@ type BaseClient interface {
 
 	SetInsecureSSL()
 	SetDebug()
+	SetClientCertificates(certs ...tls.Certificate)
 }
 
 type baseClient struct {
@@ -42,6 +43,10 @@ func (c *baseClient) SetDebug() {
 	c.restClient.SetDebug(true)
 }
 
+func (c *baseClient) SetClientCertificates(certs ...tls.Certificate) {
+	c.restClient.SetCertificates(certs...)
+}
+
 //ErrorResponse is generic error returned by kafka connect
 type ErrorResponse struct {
 	ErrorCode int    `json:"error_code,omitempty"`

diff --git a/lib/connectors/highlevel_client.go b/lib/connectors/highlevel_client.go
@@ -1,6 +1,7 @@
 package connectors
 
 import (
+	"crypto/tls"
 	"fmt"
 	"sync"
 	"time"
@@ -32,6 +33,7 @@ type HighLevelClient interface {
 	DeployMultipleConnector(connectors []CreateConnectorRequest) (err error)
 	SetInsecureSSL()
 	SetDebug()
+	SetClientCertificates(certs ...tls.Certificate)
 	SetParallelism(value int)
 }
 
@@ -59,6 +61,10 @@ func (c *highLevelClient) SetDebug() {
 	c.client.SetDebug()
 }
 
+func (c *highLevelClient) SetClientCertificates(certs ...tls.Certificate) {
+	c.client.SetClientCertificates(certs...)
+}
+
 //GetAll gets the list of all active connectors
 func (c *highLevelClient) GetAll() (GetAllConnectorsResponse, error) {
 	return c.client.GetAll()

diff --git a/lib/connectors/mock_base_client.go b/lib/connectors/mock_base_client.go