Skip to content

Commit

Permalink
Merge pull request #993 from ripienaar/987.2
Browse files Browse the repository at this point in the history 
(#987) less strict leafnode configuration
  • Loading branch information
@ripienaar
ripienaar authored Sep 13, 2020
2 parents 4988d80 + 080a974 commit 05ed876
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 9 deletions.
1 change: 1 addition & 0 deletions broker/network/ipauth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ func (a *IPAuth) setClientPermissions(user *server.User, caller string) {
replys := "*.reply.>"
if caller != "" {
replys = fmt.Sprintf("*.reply.%x.>", md5.Sum([]byte(caller)))
a.log.Debugf("Creating ACLs for a private reply subject on %s", replys)
}

user.Permissions.Subscribe = &server.SubjectPermission{
Expand Down
14 changes: 9 additions & 5 deletions broker/network/network_cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,21 @@ import (
)

func (s *Server) setupCluster() (err error) {
peers, err := s.choria.NetworkBrokerPeers()
if err != nil {
return fmt.Errorf("could not determine network broker peers: %s", err)
}

if s.config.Choria.NetworkClientTLSAnon && (s.config.Choria.NetworkPeerPort > 0 || peers.Count() > 0) {
return fmt.Errorf("clustering is disabled when anonymous TLS is configured")
}

s.opts.Cluster.Host = s.config.Choria.NetworkListenAddress
s.opts.Cluster.NoAdvertise = true
s.opts.Cluster.Port = s.config.Choria.NetworkPeerPort
s.opts.Cluster.Username = s.config.Choria.NetworkPeerUser
s.opts.Cluster.Password = s.config.Choria.NetworkPeerPassword

peers, err := s.choria.NetworkBrokerPeers()
if err != nil {
return fmt.Errorf("could not determine network broker peers: %s", err)
}

for _, p := range peers.Servers() {
u, err := p.URL()
if err != nil {
Expand Down
4 changes: 4 additions & 0 deletions broker/network/network_gateways.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ func (s *Server) setupGateways() (err error) {
return nil
}

if s.config.Choria.NetworkClientTLSAnon && len(s.config.Choria.NetworkGatewayRemotes) > 0 {
return fmt.Errorf("super clusters are disabled when anonymous TLS is configured")
}

if s.config.Choria.NetworkGatewayName == "" {
return fmt.Errorf("network Gateways require a name")
}
Expand Down
3 changes: 0 additions & 3 deletions broker/network/network_leafnodes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,6 @@ func (s *Server) setupLeafNodes() (err error) {
s.log.Infof("Using custom TLS config for leafnode remote %s", r)
remote.TLSConfig = tlsc
remote.TLS = true

case tlsc == nil && s.config.Choria.NetworkClientTLSAnon:
return fmt.Errorf("leafnodes require specific TLS configuration when using Anonymous client connections")
}

s.opts.LeafNode.Remotes = append(s.opts.LeafNode.Remotes, remote)
Expand Down
2 changes: 1 addition & 1 deletion config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ func (c *Config) normalize() error {
}

if c.Choria.ClientAnonTLS {
if c.Choria.RemoteSignerURL == "" {
if c.Choria.RemoteSignerURL == "" && c.Choria.RemoteSignerSigningCert == "" {
return fmt.Errorf("anonymous TLS can only be enabled when a remote signer is configured")
}

Expand Down

0 comments on commit 05ed876

Please sign in to comment.