louis/oktopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #309 from OktopUSP/add_tls_nats

Browse Source 
Add TLS to NATS connection
This commit is contained in:
Adriano Chiesa 2024-07-06 12:41:39 -03:00 committed by GitHub
commit 17abeed7af
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 252 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
backend/services/acs/internal/config/config.go
View File

@ -16,7 +16,8 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
@ -40,6 +41,12 @@ type Config struct {
Nats Nats Nats Nats
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() *Config { func NewConfig() *Config {
loadEnvVariables() loadEnvVariables()
@ -47,7 +54,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
acsPort := flag.String("acs_port", lookupEnvOrString("ACS_PORT", ":9292"), "port for acs server") acsPort := flag.String("acs_port", lookupEnvOrString("ACS_PORT", ":9292"), "port for acs server")
acsRoute := flag.String("acs_route", lookupEnvOrString("ACS_ROUTE", "/acs"), "route for acs server") acsRoute := flag.String("acs_route", lookupEnvOrString("ACS_ROUTE", "/acs"), "route for acs server")
connReqUser := flag.String("connrq_user", lookupEnvOrString("CONN_RQ_USER", ""), "Connection Request Username") connReqUser := flag.String("connrq_user", lookupEnvOrString("CONN_RQ_USER", ""), "Connection Request Username")
@ -79,8 +89,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
Acs: Acs{ Acs: Acs{
Port: *acsPort, Port: *acsPort,

6
backend/services/acs/internal/nats/nats.go
View File

@ -141,8 +141,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/bulkdata/http/internal/config/config.go
View File

@ -15,7 +15,8 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
@ -29,6 +30,12 @@ type Config struct {
Nats Nats Nats Nats
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() *Config { func NewConfig() *Config {
loadEnvVariables() loadEnvVariables()
@ -36,7 +43,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flApiPort := flag.String("api_port", lookupEnvOrString("REST_API_PORT", "4000"), "Rest api port") flApiPort := flag.String("api_port", lookupEnvOrString("REST_API_PORT", "4000"), "Rest api port")
flHelp := flag.Bool("help", false, "Help") flHelp := flag.Bool("help", false, "Help")
@ -64,8 +74,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
} }
} }

6
backend/services/bulkdata/http/internal/nats/nats.go
View File

@ -70,8 +70,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/controller/internal/config/config.go
View File

@ -15,7 +15,8 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
@ -42,6 +43,12 @@ type Config struct {
Enterprise Enterprise Enterprise Enterprise
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() *Config { func NewConfig() *Config {
loadEnvVariables() loadEnvVariables()
@ -49,7 +56,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "controller"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "controller"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flApiPort := flag.String("api_port", lookupEnvOrString("REST_API_PORT", "8000"), "Rest api port") flApiPort := flag.String("api_port", lookupEnvOrString("REST_API_PORT", "8000"), "Rest api port")
mongoUri := flag.String("mongo_uri", lookupEnvOrString("MONGO_URI", "mongodb://localhost:27017"), "uri for mongodb server") mongoUri := flag.String("mongo_uri", lookupEnvOrString("MONGO_URI", "mongodb://localhost:27017"), "uri for mongodb server")
enterpise := flag.Bool("enterprise", lookupEnvOrBool("ENTERPRISE", false), "enterprise version enable") enterpise := flag.Bool("enterprise", lookupEnvOrBool("ENTERPRISE", false), "enterprise version enable")
@ -81,8 +91,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
Mongo: Mongo{ Mongo: Mongo{
Uri: *mongoUri, Uri: *mongoUri,

6
backend/services/controller/internal/nats/nats.go
View File

@ -77,8 +77,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/mtp/adapter/internal/config/config.go
View File

@ -15,10 +15,17 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Mongo struct { type Mongo struct {
Uri string Uri string
Ctx context.Context Ctx context.Context
@ -42,7 +49,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
mongoUri := flag.String("mongo_uri", lookupEnvOrString("MONGO_URI", "mongodb://localhost:27017"), "uri for mongodb server") mongoUri := flag.String("mongo_uri", lookupEnvOrString("MONGO_URI", "mongodb://localhost:27017"), "uri for mongodb server")
controllerId := flag.String("controller_id", lookupEnvOrString("CONTROLLER_ID", "oktopusController"), "usp controller endpoint id") controllerId := flag.String("controller_id", lookupEnvOrString("CONTROLLER_ID", "oktopusController"), "usp controller endpoint id")
controllerPassword := flag.String("controller_passwd", lookupEnvOrString("CONTROLLER_PASSWORD", ""), "usp controller endpoint password to connect to") controllerPassword := flag.String("controller_passwd", lookupEnvOrString("CONTROLLER_PASSWORD", ""), "usp controller endpoint password to connect to")
@ -68,8 +78,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
Mongo: Mongo{ Mongo: Mongo{
Uri: *mongoUri, Uri: *mongoUri,

6
backend/services/mtp/adapter/internal/nats/nats.go
View File

@ -150,8 +150,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/mtp/mqtt-adapter/internal/config/config.go
View File

@ -15,10 +15,17 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Mqtt struct { type Mqtt struct {
Url string Url string
UrlForTls string UrlForTls string
@ -42,7 +49,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "mqtt-adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "mqtt-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
mqttUrl := flag.String("mqtt_url", lookupEnvOrString("MQTT_URL", "tcp://localhost:1883"), "url for mqtt server") mqttUrl := flag.String("mqtt_url", lookupEnvOrString("MQTT_URL", "tcp://localhost:1883"), "url for mqtt server")
mqttsUrl := flag.String("mqtts_url", lookupEnvOrString("MQTTS_URL", ""), "url for mqtts server") mqttsUrl := flag.String("mqtts_url", lookupEnvOrString("MQTTS_URL", ""), "url for mqtts server")
mqttsSkipVerify := flag.Bool("mqtts_skip_verify", lookupEnvOrBool("MQTTS_SKIP_VERIFY", false), "skip verification of server certificate for mqtts") mqttsSkipVerify := flag.Bool("mqtts_skip_verify", lookupEnvOrBool("MQTTS_SKIP_VERIFY", false), "skip verification of server certificate for mqtts")
@ -71,8 +81,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
Mqtt: Mqtt{ Mqtt: Mqtt{
Url: *mqttUrl, Url: *mqttUrl,

6
backend/services/mtp/mqtt-adapter/internal/nats/nats.go
View File

@ -92,8 +92,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/mtp/mqtt/internal/config/config.go
View File

@ -34,10 +34,17 @@ type Config struct {
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() Config { func NewConfig() Config {
loadEnvVariables() loadEnvVariables()
@ -66,7 +73,10 @@ func NewConfig() Config {
logLevel := flag.Int("log_level", lookupEnvOrInt("LOG_LEVEL", 1), "0=DEBUG, 1=INFO, 2=WARNING, 3=ERROR") logLevel := flag.Int("log_level", lookupEnvOrInt("LOG_LEVEL", 1), "0=DEBUG, 1=INFO, 2=WARNING, 3=ERROR")
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flag.Parse() flag.Parse()
flHelp := flag.Bool("help", false, "Help") flHelp := flag.Bool("help", false, "Help")
@ -101,8 +111,13 @@ func NewConfig() Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
} }

6
backend/services/mtp/mqtt/internal/nats/nats.go
View File

@ -74,8 +74,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/mtp/stomp-adapter/internal/config/config.go
View File

@ -15,10 +15,17 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Stomp struct { type Stomp struct {
Url string Url string
User string User string
@ -37,7 +44,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "mqtt-adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "mqtt-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
stompAddr := flag.String("stomp_server", lookupEnvOrString("STOMP_SERVER", "localhost:61613"), "STOMP server endpoint") stompAddr := flag.String("stomp_server", lookupEnvOrString("STOMP_SERVER", "localhost:61613"), "STOMP server endpoint")
stompUser := flag.String("stomp_user", lookupEnvOrString("STOMP_USER", ""), "stomp server user") stompUser := flag.String("stomp_user", lookupEnvOrString("STOMP_USER", ""), "stomp server user")
stompPassword := flag.String("stomp_passsword", lookupEnvOrString("STOMP_PASSWD", ""), "stomp server password") stompPassword := flag.String("stomp_passsword", lookupEnvOrString("STOMP_PASSWD", ""), "stomp server password")
@ -63,8 +73,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
Stomp: Stomp{ Stomp: Stomp{
Url: *stompAddr, Url: *stompAddr,

7
backend/services/mtp/stomp-adapter/internal/nats/nats.go
View File

@ -81,9 +81,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts
} }

21
backend/services/mtp/ws-adapter/internal/config/config.go
View File

@ -15,10 +15,17 @@ const LOCAL_ENV = ".env.local"
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
type Ws struct { type Ws struct {
AuthEnable bool AuthEnable bool
Addr string Addr string
@ -42,7 +49,10 @@ func NewConfig() *Config {
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "ws-adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "ws-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
wsAuthEnable := flag.Bool("ws_auth_enable", lookupEnvOrBool("WS_AUTH_ENABLE", false), "enable authentication for websocket server") wsAuthEnable := flag.Bool("ws_auth_enable", lookupEnvOrBool("WS_AUTH_ENABLE", false), "enable authentication for websocket server")
wsAddr := flag.String("ws_addr", lookupEnvOrString("WS_ADDR", "localhost"), "websocket server address (domain or ip)") wsAddr := flag.String("ws_addr", lookupEnvOrString("WS_ADDR", "localhost"), "websocket server address (domain or ip)")
wsPort := flag.String("ws_port", lookupEnvOrString("WS_PORT", ":8080"), "websocket server port") wsPort := flag.String("ws_port", lookupEnvOrString("WS_PORT", ":8080"), "websocket server port")
@ -70,8 +80,13 @@ func NewConfig() *Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
Ws: Ws{ Ws: Ws{
AuthEnable: *wsAuthEnable, AuthEnable: *wsAuthEnable,

6
backend/services/mtp/ws-adapter/internal/nats/nats.go
View File

@ -91,8 +91,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts

21
backend/services/mtp/ws/internal/config/config.go
View File

@ -26,10 +26,17 @@ type Config struct {
type Nats struct { type Nats struct {
Url string Url string
Name string Name string
VerifyCertificates bool EnableTls bool
Cert Tls
Ctx context.Context Ctx context.Context
} }
type Tls struct {
CertFile string
KeyFile string
CaFile string
}
func NewConfig() Config { func NewConfig() Config {
//Defines log format //Defines log format
@ -47,7 +54,10 @@ func NewConfig() Config {
/* ------------------------------ define flags ------------------------------ */ /* ------------------------------ define flags ------------------------------ */
natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server") natsUrl := flag.String("nats_url", lookupEnvOrString("NATS_URL", "nats://localhost:4222"), "url for nats server")
natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "ws-adapter"), "name for nats client") natsName := flag.String("nats_name", lookupEnvOrString("NATS_NAME", "ws-adapter"), "name for nats client")
natsVerifyCertificates := flag.Bool("nats_verify_certificates", lookupEnvOrBool("NATS_VERIFY_CERTIFICATES", false), "verify validity of certificates from nats server") natsEnableTls := flag.Bool("nats_enable_tls", lookupEnvOrBool("NATS_ENABLE_TLS", false), "enbale TLS to nats server")
clientCrt := flag.String("client_crt", lookupEnvOrString("CLIENT_CRT", "cert.pem"), "client certificate file to TLS connection")
clientKey := flag.String("client_key", lookupEnvOrString("CLIENT_KEY", "key.pem"), "client key file to TLS connection")
serverCA := flag.String("server_ca", lookupEnvOrString("SERVER_CA", "rootCA.pem"), "server CA file to TLS connection")
flPort := flag.String("port", lookupEnvOrString("SERVER_PORT", ":8080"), "Server port") flPort := flag.String("port", lookupEnvOrString("SERVER_PORT", ":8080"), "Server port")
flAuth := flag.Bool("auth", lookupEnvOrBool("SERVER_AUTH_ENABLE", false), "Server auth enable/disable") flAuth := flag.Bool("auth", lookupEnvOrBool("SERVER_AUTH_ENABLE", false), "Server auth enable/disable")
flControllerEid := flag.String("controller-eid", lookupEnvOrString("CONTROLLER_EID", "oktopusController"), "Controller eid") flControllerEid := flag.String("controller-eid", lookupEnvOrString("CONTROLLER_EID", "oktopusController"), "Controller eid")
@ -83,8 +93,13 @@ func NewConfig() Config {
Nats: Nats{ Nats: Nats{
Url: *natsUrl, Url: *natsUrl,
Name: *natsName, Name: *natsName,
VerifyCertificates: *natsVerifyCertificates, EnableTls: *natsEnableTls,
Ctx: ctx, Ctx: ctx,
Cert: Tls{
CertFile: *clientCrt,
KeyFile: *clientKey,
CaFile: *serverCA,
},
}, },
} }
} }

6
backend/services/mtp/ws/internal/nats/nats.go
View File

@ -66,8 +66,10 @@ func defineOptions(c config.Nats) []nats.Option {
opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) { opts = append(opts, nats.ClosedHandler(func(nc *nats.Conn) {
log.Printf("Connection closed. Reason: %q\n", nc.LastError()) log.Printf("Connection closed. Reason: %q\n", nc.LastError())
})) }))
if c.VerifyCertificates { if c.EnableTls {
opts = append(opts, nats.RootCAs()) log.Printf("Load certificates: %s and %s\n", c.Cert.CertFile, c.Cert.KeyFile)
opts = append(opts, nats.RootCAs(c.Cert.CaFile))
opts = append(opts, nats.ClientCert(c.Cert.CertFile, c.Cert.KeyFile))
} }
return opts return opts