Skip to content

Commit ed58c90

Browse files
1gtm1gtm
authored
[cherry-pick] Add Support for TLS enabled Redis client (#31) (#36)
Signed-off-by: Emon46 <emon@appscode.com>
1 parent 11a3fb3 commit ed58c90

25 files changed

+22467
-44
lines changed

go.mod

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,13 +9,15 @@ require (
99
gomodules.xyz/go-sh v0.1.0
1010
gomodules.xyz/logs v0.0.4
1111
gomodules.xyz/x v0.0.8
12+
k8s.io/api v0.21.1
1213
k8s.io/apimachinery v0.21.1
1314
k8s.io/client-go v0.21.1
1415
k8s.io/klog/v2 v2.8.0
1516
kmodules.xyz/client-go v0.0.0-20210921150324-f005c6dfcb32
1617
kmodules.xyz/custom-resources v0.0.0-20210829135624-c63be82e13c0
1718
kmodules.xyz/objectstore-api v0.0.0-20210829122106-d39859fc2d56 // indirect
1819
kmodules.xyz/offshoot-api v0.0.0-20210804100837-d0388be3e60d
20+
kubedb.dev/apimachinery v0.21.1-0.20210915153024-84659c4a8fca
1921
stash.appscode.dev/apimachinery v0.15.0
2022
)
2123

go.sum

Lines changed: 136 additions & 3 deletions
Large diffs are not rendered by default.

pkg/backup.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,12 @@ func (opt *redisOptions) backupRedis(targetRef api_v1beta1.TargetRef) (*restic.B
206206
for _, arg := range strings.Fields(opt.redisArgs) {
207207
backupCmd.Args = append(backupCmd.Args, arg)
208208
}
209+
if appBinding.Spec.ClientConfig.CABundle != nil {
210+
backupCmd.Args, err = opt.setTlsArgsForRedisClient(appBinding, backupCmd.Args)
211+
if err != nil {
212+
return nil, err
213+
}
214+
}
209215

210216
// if port is specified, append port in the arguments
211217
if appBinding.Spec.ClientConfig.Service.Port != 0 {
@@ -220,7 +226,6 @@ func (opt *redisOptions) backupRedis(targetRef api_v1beta1.TargetRef) (*restic.B
220226

221227
// add backup command in the pipeline
222228
opt.backupOptions.StdinPipeCommands = append(opt.backupOptions.StdinPipeCommands, backupCmd)
223-
224229
// Run backup
225230
return resticWrapper.RunBackup(opt.backupOptions, targetRef)
226231
}

pkg/restore.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,12 @@ func (opt *redisOptions) restoreRedis(targetRef api_v1beta1.TargetRef) (*restic.
178178
for _, arg := range strings.Fields(opt.redisArgs) {
179179
restoreCmd.Args = append(restoreCmd.Args, arg)
180180
}
181+
if appBinding.Spec.ClientConfig.CABundle != nil {
182+
restoreCmd.Args, err = opt.setTlsArgsForRedisClient(appBinding, restoreCmd.Args)
183+
if err != nil {
184+
return nil, err
185+
}
186+
}
181187
// if port is specified, append port in the arguments
182188
if appBinding.Spec.ClientConfig.Service.Port != 0 {
183189
restoreCmd.Args = append(restoreCmd.Args, "-p", strconv.Itoa(int(appBinding.Spec.ClientConfig.Service.Port)))

pkg/util.go

Lines changed: 65 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,24 @@ package pkg
1818

1919
import (
2020
"context"
21+
"encoding/json"
22+
"fmt"
23+
"io/ioutil"
24+
"path/filepath"
2125
"time"
2226

2327
stash "stash.appscode.dev/apimachinery/client/clientset/versioned"
2428
"stash.appscode.dev/apimachinery/pkg/restic"
2529

2630
shell "gomodules.xyz/go-sh"
31+
core "k8s.io/api/core/v1"
2732
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2833
"k8s.io/apimachinery/pkg/util/wait"
2934
"k8s.io/client-go/kubernetes"
3035
"k8s.io/klog/v2"
3136
appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1"
3237
appcatalog_cs "kmodules.xyz/custom-resources/client/clientset/versioned"
38+
"kubedb.dev/apimachinery/apis/config/v1alpha1"
3339
)
3440

3541
const (
@@ -78,19 +84,26 @@ func (wrapper *SessionWrapper) SetEnv(key, value string) {
7884

7985
func (opt *redisOptions) waitForDBReady(appBinding *appcatalog.AppBinding) error {
8086
klog.Infoln("Waiting for the database to be ready.....")
87+
var err error
8188
sh := NewSessionWrapper()
89+
sh.ShowCMD = true
8290
args := []interface{}{
8391
"-h", appBinding.Spec.ClientConfig.Service.Name,
84-
"ping",
8592
}
86-
93+
if appBinding.Spec.ClientConfig.CABundle != nil {
94+
args, err = opt.setTlsArgsForRedisClient(appBinding, args)
95+
if err != nil {
96+
return err
97+
}
98+
}
8799
//if port is specified, append port in the arguments
88100
if appBinding.Spec.ClientConfig.Service.Port != 0 {
89-
args = append(args, "-p", appBinding.Spec.ClientConfig.Service.Port)
101+
args = append(args, "-p", fmt.Sprintf("%d", appBinding.Spec.ClientConfig.Service.Port))
90102
}
103+
args = append(args, "ping")
91104

92105
// set access credentials
93-
err := opt.setCredentials(sh, appBinding)
106+
err = opt.setCredentials(sh, appBinding)
94107
if err != nil {
95108
return err
96109
}
@@ -129,3 +142,51 @@ func (opt *redisOptions) setCredentials(sh Shell, appBinding *appcatalog.AppBind
129142
sh.SetEnv(EnvRedisDumpGoAuth, string(secret.Data[RedisPassword]))
130143
return nil
131144
}
145+
146+
func (opt *redisOptions) setTlsArgsForRedisClient(appBinding *appcatalog.AppBinding, args []interface{}) ([]interface{}, error) {
147+
148+
parameters := v1alpha1.RedisConfiguration{}
149+
if appBinding.Spec.Parameters != nil {
150+
if err := json.Unmarshal(appBinding.Spec.Parameters.Raw, &parameters); err != nil {
151+
klog.Errorf("unable to unmarshal appBinding.Spec.Parameters.Raw. Reason: %v", err)
152+
}
153+
}
154+
if appBinding.Spec.ClientConfig.CABundle != nil {
155+
if err := ioutil.WriteFile(filepath.Join(opt.setupOptions.ScratchDir, core.ServiceAccountRootCAKey), appBinding.Spec.ClientConfig.CABundle, 0600); err != nil {
156+
return nil, err
157+
}
158+
caPath := filepath.Join(opt.setupOptions.ScratchDir, core.ServiceAccountRootCAKey)
159+
args = append(args, "--tls")
160+
args = append(args, "--cacert", caPath)
161+
}
162+
163+
if parameters.ClientCertSecret != nil {
164+
clientSecret, err := opt.kubeClient.CoreV1().Secrets(opt.namespace).Get(context.TODO(), parameters.ClientCertSecret.Name, metav1.GetOptions{})
165+
if err != nil {
166+
return nil, err
167+
}
168+
169+
certByte, ok := clientSecret.Data[core.TLSCertKey]
170+
if !ok {
171+
return nil, fmt.Errorf("can't find client cert")
172+
}
173+
if err := ioutil.WriteFile(filepath.Join(opt.setupOptions.ScratchDir, core.TLSCertKey), certByte, 0600); err != nil {
174+
return nil, err
175+
}
176+
certPath := filepath.Join(opt.setupOptions.ScratchDir, core.TLSCertKey)
177+
178+
keyByte, ok := clientSecret.Data[core.TLSPrivateKeyKey]
179+
if !ok {
180+
return nil, fmt.Errorf("can't find client private key")
181+
}
182+
183+
if err := ioutil.WriteFile(filepath.Join(opt.setupOptions.ScratchDir, core.TLSPrivateKeyKey), keyByte, 0600); err != nil {
184+
return nil, err
185+
}
186+
keyPath := filepath.Join(opt.setupOptions.ScratchDir, core.TLSPrivateKeyKey)
187+
188+
args = append(args, "--cert", certPath, "--key", keyPath)
189+
}
190+
191+
return args, nil
192+
}

vendor/github.com/google/go-cmp/cmp/report_compare.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/google/go-cmp/cmp/report_slices.go

Lines changed: 21 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/google/gofuzz/.travis.yml

Lines changed: 4 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/google/gofuzz/CONTRIBUTING.md

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/google/gofuzz/README.md

Lines changed: 18 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)