From 03ef1800718b86ad07a2e42d058b790523cc37c6 Mon Sep 17 00:00:00 2001
From: Garet Halliday <me@garet.holiday>
Date: Fri, 15 Sep 2023 19:48:57 -0500
Subject: [PATCH] certs in DO mode
---
.../modes/digitalocean_discovery/config.go | 28 +++++++++++++++++--
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/lib/gat/modes/digitalocean_discovery/config.go b/lib/gat/modes/digitalocean_discovery/config.go
index 39883b5e..05839877 100644
--- a/lib/gat/modes/digitalocean_discovery/config.go
+++ b/lib/gat/modes/digitalocean_discovery/config.go
@@ -28,9 +28,11 @@ import (
)
type Config struct {
- APIKey string `env:"PGGAT_DO_API_KEY"`
- Private string `env:"PGGAT_DO_PRIVATE"`
- PoolMode string `env:"PGGAT_POOL_MODE"`
+ APIKey string `env:"PGGAT_DO_API_KEY"`
+ Private string `env:"PGGAT_DO_PRIVATE"`
+ PoolMode string `env:"PGGAT_POOL_MODE"`
+ TLSCrtFile string `env:"PGGAT_TLS_CRT_FILE" default:"/etc/ssl/certs/pgbouncer.crt"`
+ TLSKeyFile string `env:"PGGAT_TLS_KEY_FILE" default:"/etc/ssl/certs/pgbouncer.key"`
}
func Load() (Config, error) {
@@ -44,6 +46,25 @@ func Load() (Config, error) {
}
func (T *Config) ListenAndServe() error {
+ // load certificate
+ var sslConfig *tls.Config
+ certificate, err := tls.LoadX509KeyPair(T.TLSCrtFile, T.TLSKeyFile)
+ if err == nil {
+ sslConfig = &tls.Config{
+ Certificates: []tls.Certificate{
+ certificate,
+ },
+ }
+ return err
+ } else {
+ log.Printf("failed to load certificate, ssl is disabled")
+ }
+ sslConfig = &tls.Config{
+ Certificates: []tls.Certificate{
+ certificate,
+ },
+ }
+
client := godo.NewFromToken(T.APIKey)
clusters, _, err := client.Databases.List(context.Background(), nil)
@@ -169,6 +190,7 @@ func (T *Config) ListenAndServe() error {
b.Queue(func() error {
log.Print("listening on :5432")
return gat.ListenAndServe("tcp", ":5432", frontends.AcceptOptions{
+ SSLConfig: sslConfig,
AllowedStartupOptions: []strutil.CIString{
strutil.MakeCIString("client_encoding"),
strutil.MakeCIString("datestyle"),
--
GitLab