Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Commit

Permalink
feat(nats): add an option for specifiying a path to a CA file
Browse files Browse the repository at this point in the history
Add an additional option to the NATS messaging provider to accept a path
to a TLS CA certificate in addition to being able to add the entire cert
to a linkdef.

Signed-off-by: Dan Norris <[email protected]>
  • Loading branch information
protochron committed Feb 23, 2024
1 parent 9687f4c commit f70cfca
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
2 changes: 1 addition & 1 deletion nats/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions nats/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "wasmcloud-provider-nats"
version = "0.18.0"
version = "0.18.1"
edition = "2021"

[dependencies]
Expand Down Expand Up @@ -43,4 +43,3 @@ path = "src/main.rs"
strip = true
opt-level = "z"
lto = true

14 changes: 14 additions & 0 deletions nats/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ const ENV_NATS_URI: &str = "URI";
const ENV_NATS_CLIENT_JWT: &str = "CLIENT_JWT";
const ENV_NATS_CLIENT_SEED: &str = "CLIENT_SEED";
const ENV_NATS_TLS_CA: &str = "TLS_CA";
const ENV_NATS_TLS_CA_FILE: &str = "TLS_CA_FILE";

fn main() -> Result<(), Box<dyn std::error::Error>> {
// handle lattice control messages and forward rpc to the provider dispatch
Expand Down Expand Up @@ -77,6 +78,8 @@ struct ConnectionConfig {
auth_seed: Option<String>,
#[serde(default)]
tls_ca: Option<String>,
#[serde(default)]
tls_ca_file: Option<String>,

/// ping interval in seconds
#[serde(default)]
Expand Down Expand Up @@ -107,6 +110,9 @@ impl ConnectionConfig {
if extra.tls_ca.is_some() {
out.tls_ca = extra.tls_ca.clone()
}
if extra.tls_ca_file.is_some() {
out.tls_ca_file = extra.tls_ca_file.clone()
}
out
}
}
Expand All @@ -120,6 +126,7 @@ impl Default for ConnectionConfig {
auth_seed: None,
ping_interval_sec: None,
tls_ca: None,
tls_ca_file: None,
}
}
}
Expand Down Expand Up @@ -164,6 +171,9 @@ impl ConnectionConfig {
if let Some(tls_ca) = values.get(ENV_NATS_TLS_CA) {
config.tls_ca = Some(tls_ca.clone());
}
if let Some(tls_ca_file) = values.get(ENV_NATS_TLS_CA_FILE) {
config.tls_ca_file = Some(tls_ca_file.clone());
}
Ok(config)
}
}
Expand Down Expand Up @@ -499,6 +509,10 @@ fn build_connect_options(cfg: &ConnectionConfig) -> Result<async_nats::ConnectOp

if let Some(tls_ca) = &cfg.tls_ca {
return add_tls_ca(tls_ca, opts);
} else if let Some(tls_ca_file) = &cfg.tls_ca_file {
let ca = std::fs::read_to_string(tls_ca_file)
.map_err(|e| RpcError::ProviderInit(format!("tls ca file: {}", e)))?;
return add_tls_ca(&ca, opts);
}

Ok(opts)
Expand Down

0 comments on commit f70cfca

Please sign in to comment.