lncfg+etcd: add TLS config

This commit extends lncfg with etcd TLS config and passes these parameters to the etcd client upon construction.
2020-05-08 18:38:46 +02:00 · 2020-05-08 18:38:46 +02:00 · 3ef331e016
commit 3ef331e016
parent b54f8a1b97
3 changed files with 37 additions and 3 deletions
--- a/channeldb/kvdb/etcd/db.go
+++ b/channeldb/kvdb/etcd/db.go
@ -10,6 +10,7 @@ import (

 	"github.com/btcsuite/btcwallet/walletdb"
 	"github.com/coreos/etcd/clientv3"
+	"github.com/coreos/etcd/pkg/transport"
 )

 const (
@ -130,6 +131,16 @@ type BackendConfig struct {
 	// Pass is the password for the etcd peer.
 	Pass string

+	// CertFile holds the path to the TLS certificate for etcd RPC.
+	CertFile string
+
+	// KeyFile holds the path to the TLS private key for etcd RPC.
+	KeyFile string
+
+	// InsecureSkipVerify should be set to true if we intend to
+	// skip TLS verification.
+	InsecureSkipVerify bool
+
 	// CollectCommitStats indicates wheter to commit commit stats.
 	CollectCommitStats bool
 }
@ -137,12 +148,25 @@ type BackendConfig struct {
 // newEtcdBackend returns a db object initialized with the passed backend
 // config. If etcd connection cannot be estabished, then returns error.
 func newEtcdBackend(config BackendConfig) (*db, error) {
+	tlsInfo := transport.TLSInfo{
+		CertFile:           config.CertFile,
+		KeyFile:            config.KeyFile,
+		InsecureSkipVerify: config.InsecureSkipVerify,
+	}
+
+	tlsConfig, err := tlsInfo.ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+
 	cli, err := clientv3.New(clientv3.Config{
 		Endpoints:   []string{config.Host},
 		DialTimeout: etcdConnectionTimeout,
 		Username:    config.User,
 		Password:    config.Pass,
+		TLS:         tlsConfig,
 	})
+
 	if err != nil {
 		return nil, err
 	}
--- a/channeldb/kvdb/etcd/embed.go
+++ b/channeldb/kvdb/etcd/embed.go
@ -61,9 +61,10 @@ func NewEmbeddedEtcdInstance(path string) (*BackendConfig, func(), error) {
 	}

 	connConfig := &BackendConfig{
-		Host: "http://" + peerURL,
-		User: "user",
-		Pass: "pass",
+		Host:               "http://" + peerURL,
+		User:               "user",
+		Pass:               "pass",
+		InsecureSkipVerify: true,
 	}

 	return connConfig, func() {
--- a/lncfg/db.go
+++ b/lncfg/db.go
@ -26,6 +26,12 @@ type EtcdDB struct {

 	Pass string `long:"pass" description:"Password for the database user."`

+	CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
+
+	KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
+
+	InsecureSkipVerify bool `long:"insecure_skip_verify" description:"Whether we intend to skip TLS verification"`
+
 	CollectStats bool `long:"collect_stats" description:"Wheter to collect etcd commit stats."`
 }

@ -73,6 +79,9 @@ func (db *DB) GetBackend(path string) (kvdb.Backend, error) {
 			Host:               db.Etcd.Host,
 			User:               db.Etcd.User,
 			Pass:               db.Etcd.Pass,
+			CertFile:           db.Etcd.CertFile,
+			KeyFile:            db.Etcd.KeyFile,
+			InsecureSkipVerify: db.Etcd.InsecureSkipVerify,
 			CollectCommitStats: db.Etcd.CollectStats,
 		}
 		return kvdb.Open(kvdb.EtcdBackendName, backendConfig)