Skip to content

Commit

Permalink
Cleanup: use --tls=[cert,key] for all mc-programs
Browse files Browse the repository at this point in the history 
Make sure they all accept the same set of command line options
with the same format and deprecate all of the old --ssl* options

Change-Id: I8b9d147e6d1e330fc2f99fcf68f1845022d69f4b
Reviewed-on: http://review.couchbase.org/c/kv_engine/+/158280
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
  • Loading branch information
@trondn
trondn committed Jul 28, 2021
1 parent a0f9dfb commit e3da22e
Show file tree
Hide file tree
Showing 4 changed files with 144 additions and 50 deletions.
55 changes: 42 additions & 13 deletions programs/mcctl/mcctl.cc
View file
@@ -1,4 +1,3 @@
/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2017-Present Couchbase, Inc.
*
Expand All @@ -13,16 +12,14 @@
* process.
*/
#include <getopt.h>
#include <memcached/openssl.h>
#include <memcached/protocol_binary.h>
#include <memcached/util.h>
#include <platform/cb_malloc.h>
#include <platform/dirutils.h>
#include <programs/getpass.h>
#include <programs/hostname_utils.h>
#include <protocol/connection/client_connection.h>
#include <protocol/connection/client_mcbp_commands.h>
#include <utilities/string_utilities.h>
#include <utilities/terminate_handler.h>

#include <cstdio>
#include <cstdlib>
#include <iostream>
Expand Down Expand Up @@ -124,10 +121,13 @@ static void usage() {
-b or --bucket bucketname The name of the bucket to operate on
-u or --user username The name of the user to authenticate as
-P or --password password The passord to use for authentication
(use '-' to read from standard input)
-s or --ssl Connect to the server over SSL
-C or --ssl-cert filename Read the SSL certificate from the specified file
-K or --ssl-key filename Read the SSL private key from the specified file
(use '-' to read from standard input, or
set the environment variable CB_PASSWORD)
--tls[=cert,key] Use TLS and optionally try to authenticate
by using the provided certificate and
private key.
-s or --ssl Deprecated. Use --tls
-C or --ssl-cert filename Deprecated. Use --tls=[cert,key]
-4 or --ipv4 Connect over IPv4
-6 or --ipv6 Connect over IPv6
--help This help text
Expand Down Expand Up @@ -160,23 +160,28 @@ int main(int argc, char** argv) {

cb::net::initialize();

struct option long_options[] = {
// we could have used an array, but then we need to keep track of the
// size. easier to just use a vector
const std::vector<option> options{
{"ipv4", no_argument, nullptr, '4'},
{"ipv6", no_argument, nullptr, '6'},
{"host", required_argument, nullptr, 'h'},
{"port", required_argument, nullptr, 'p'},
{"bucket", required_argument, nullptr, 'b'},
{"password", required_argument, nullptr, 'P'},
{"user", required_argument, nullptr, 'u'},
{"tls=", optional_argument, nullptr, 't'},
{"ssl", no_argument, nullptr, 's'},
{"ssl-cert", required_argument, nullptr, 'C'},
{"ssl-key", required_argument, nullptr, 'K'},
{"help", no_argument, nullptr, 0},
{nullptr, 0, nullptr, 0}};

while ((cmd = getopt_long(
argc, argv, "46h:p:u:b:P:sC:K:", long_options, nullptr)) !=
EOF) {
while ((cmd = getopt_long(argc,
argv,
"46h:p:u:b:P:sC:K:t",
options.data(),
nullptr)) != EOF) {
switch (cmd) {
case '6' :
family = AF_INET6;
Expand Down Expand Up @@ -208,7 +213,31 @@ int main(int argc, char** argv) {
case 'K':
ssl_key.assign(optarg);
break;
case 't':
secure = true;
if (optarg) {
auto parts = split_string(optarg, ",");
if (parts.size() != 2) {
std::cerr << "Incorrect format for --tls=certificate,key"
<< std::endl;
exit(EXIT_FAILURE);
}
ssl_cert = std::move(parts.front());
ssl_key = std::move(parts.back());

if (!cb::io::isFile(ssl_cert)) {
std::cerr << "Certificate file " << ssl_cert
<< " does not exists\n";
exit(EXIT_FAILURE);
}

if (!cb::io::isFile(ssl_key)) {
std::cerr << "Private key file " << ssl_key
<< " does not exists\n";
exit(EXIT_FAILURE);
}
}
break;
default:
usage();
}
Expand Down
53 changes: 41 additions & 12 deletions programs/mcstat/mcstat.cc
View file
@@ -1,4 +1,3 @@
/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2017-Present Couchbase, Inc.
*
Expand All @@ -10,13 +9,13 @@
*/

#include <getopt.h>
#include <nlohmann/json.hpp>
#include <platform/dirutils.h>
#include <programs/getpass.h>
#include <programs/hostname_utils.h>
#include <protocol/connection/client_connection.h>
#include <utilities/terminate_handler.h>

#include <protocol/connection/frameinfo.h>
#include <utilities/string_utilities.h>
#include <utilities/terminate_handler.h>
#include <iostream>

/**
Expand Down Expand Up @@ -68,11 +67,16 @@ static void usage() {
-p or --port port The port number to connect to
-b or --bucket bucketname The name of the bucket to operate on
-u or --user username The name of the user to authenticate as
-P or --password password The passord to use for authentication
(use '-' to read from standard input)
-s or --ssl Connect to the server over SSL
-C or --ssl-cert filename Read the SSL certificate from the specified file
-K or --ssl-key filename Read the SSL private key from the specified file
(use '-' to read from standard input, or
set the environment variable CB_PASSWORD)
--tls[=cert,key] Use TLS and optionally try to authenticate
by using the provided certificate and
private key.
-s or --ssl Deprecated. Use --tls
-C or --ssl-cert filename Deprecated. Use --tls=[cert,key]
-C or --ssl-cert filename Deprecated. Use --tls=[cert,key]
-4 or --ipv4 Connect over IPv4
-6 or --ipv6 Connect over IPv6
-j or --json Print result as JSON (unformatted)
Expand Down Expand Up @@ -107,14 +111,15 @@ int main(int argc, char** argv) {

cb::net::initialize();

struct option long_options[] = {
const std::vector<option> options = {
{"ipv4", no_argument, nullptr, '4'},
{"ipv6", no_argument, nullptr, '6'},
{"host", required_argument, nullptr, 'h'},
{"port", required_argument, nullptr, 'p'},
{"bucket", required_argument, nullptr, 'b'},
{"password", required_argument, nullptr, 'P'},
{"user", required_argument, nullptr, 'u'},
{"tls=", optional_argument, nullptr, 't'},
{"ssl", no_argument, nullptr, 's'},
{"ssl-cert", required_argument, nullptr, 'C'},
{"ssl-key", required_argument, nullptr, 'K'},
Expand All @@ -126,8 +131,8 @@ int main(int argc, char** argv) {

while ((cmd = getopt_long(argc,
argv,
"46h:p:u:b:P:SsjJC:K:I:a",
long_options,
"46h:p:u:b:P:SsjJC:K:I:at",
options.data(),
nullptr)) != EOF) {
switch (cmd) {
case '6' :
Expand Down Expand Up @@ -181,6 +186,31 @@ int main(int argc, char** argv) {
case 'a':
allBuckets = true;
break;
case 't':
secure = true;
if (optarg) {
auto parts = split_string(optarg, ",");
if (parts.size() != 2) {
std::cerr << "Incorrect format for --tls=certificate,key"
<< std::endl;
exit(EXIT_FAILURE);
}
ssl_cert = std::move(parts.front());
ssl_key = std::move(parts.back());

if (!cb::io::isFile(ssl_cert)) {
std::cerr << "Certificate file " << ssl_cert
<< " does not exists\n";
exit(EXIT_FAILURE);
}

if (!cb::io::isFile(ssl_key)) {
std::cerr << "Private key file " << ssl_key
<< " does not exists\n";
exit(EXIT_FAILURE);
}
}
break;
default:
usage();
return EXIT_FAILURE;
Expand Down Expand Up @@ -241,7 +271,6 @@ int main(int argc, char** argv) {
static std::string bucketSeparator(78, '*');
std::cout << bucketSeparator << std::endl;
std::cout << *bucketItr << std::endl << std::endl;
;
}
connection.selectBucket(*bucketItr);
bucketItr++;
Expand Down
51 changes: 42 additions & 9 deletions programs/mctimings/mctimings.cc
View file
@@ -1,4 +1,3 @@
/* -*- Mode: C++; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2017-Present Couchbase, Inc.
*
Expand All @@ -13,19 +12,20 @@

#include <boost/algorithm/string/predicate.hpp>
#include <fmt/core.h>
#include <getopt.h>
#include <memcached/protocol_binary.h>
#include <nlohmann/json.hpp>
#include <platform/dirutils.h>
#include <platform/string_hex.h>
#include <protocol/connection/client_connection.h>
#include <protocol/connection/client_mcbp_commands.h>
#include <utilities/json_utilities.h>
#include <utilities/string_utilities.h>
#include <utilities/terminate_handler.h>

#include <getopt.h>
#include <array>
#include <cinttypes>
#include <cstdlib>
#include <iostream>
#include <stdexcept>
#include <string>

Expand Down Expand Up @@ -382,8 +382,12 @@ void usage() {
-b or --bucket bucketname The name of the bucket to operate on
-u or --user username The name of the user to authenticate as
-P or --password password The passord to use for authentication
(use '-' to read from standard input)
-s or --ssl Connect to the server over SSL
(use '-' to read from standard input, or
set the environment variable CB_PASSWORD)
--tls[=cert,key] Use TLS and optionally try to authenticate
by using the provided certificate and
private key.
-s or --ssl Deprecated. Use --tls
-4 or --ipv4 Connect over IPv4
-6 or --ipv6 Connect over IPv6
-v or --verbose Use verbose output
Expand Down Expand Up @@ -412,6 +416,8 @@ int main(int argc, char** argv) {
std::string host{"localhost"};
std::string user{};
std::string password{};
std::string ssl_cert;
std::string ssl_key;
std::vector<std::string> buckets{{"/all/"}};
std::string file;
sa_family_t family = AF_UNSPEC;
Expand All @@ -422,7 +428,7 @@ int main(int argc, char** argv) {

cb::net::initialize();

std::vector<option> long_options{
const std::vector<option> options{
{{"ipv4", no_argument, nullptr, '4'},
{"ipv6", no_argument, nullptr, '6'},
{"host", required_argument, nullptr, 'h'},
Expand All @@ -431,6 +437,7 @@ int main(int argc, char** argv) {
{"password", required_argument, nullptr, 'P'},
{"user", required_argument, nullptr, 'u'},
{"ssl", no_argument, nullptr, 's'},
{"tls=", optional_argument, nullptr, 't'},
{"verbose", no_argument, nullptr, 'v'},
{"json", optional_argument, nullptr, 'j'},
{"file", required_argument, nullptr, 'f'},
Expand All @@ -440,8 +447,8 @@ int main(int argc, char** argv) {

while ((cmd = getopt_long(argc,
argv,
"46h:p:u:b:P:sSvjf:a",
long_options.data(),
"46h:p:u:b:P:st:Svjf:at",
options.data(),
nullptr)) != EOF) {
switch (cmd) {
case '6':
Expand Down Expand Up @@ -475,6 +482,31 @@ int main(int argc, char** argv) {
case 's':
secure = true;
break;
case 't':
secure = true;
if (optarg) {
auto parts = split_string(optarg, ",");
if (parts.size() != 2) {
std::cerr << "Incorrect format for --tls=certificate,key"
<< std::endl;
exit(EXIT_FAILURE);
}
ssl_cert = std::move(parts.front());
ssl_key = std::move(parts.back());

if (!cb::io::isFile(ssl_cert)) {
std::cerr << "Certificate file " << ssl_cert
<< " does not exists\n";
exit(EXIT_FAILURE);
}

if (!cb::io::isFile(ssl_key)) {
std::cerr << "Private key file " << ssl_key
<< " does not exists\n";
exit(EXIT_FAILURE);
}
}
break;
case 'v':
verbose = true;
break;
Expand Down Expand Up @@ -538,7 +570,8 @@ int main(int argc, char** argv) {
family = fam;
}
MemcachedConnection connection(host, in_port, family, secure);

connection.setSslCertFile(ssl_cert);
connection.setSslKeyFile(ssl_key);
connection.connect();

// MEMCACHED_VERSION contains the git sha
Expand Down

0 comments on commit e3da22e

Please sign in to comment.