Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 9dc4b68f246c58da966474eefe08bf36a2cfaeba^! / . / go / pki
commit9dc4b68f246c58da966474eefe08bf36a2cfaeba[log] [tgz]
authorSergiusz Bazanski <q3k@q3k.org>Fri Apr 05 23:51:49 2019 +0200
committerSergiusz Bazanski <q3k@q3k.org>Fri Apr 05 23:53:25 2019 +0200
tree72435388aba470ef10b3f832b1520ae379844585
parentefc7928a7393f4437071e61ff85a006c3fadf5ce [diff]
go: add bazel buildfiles, implement leasifier

diff --git a/go/pki/BUILD.bazel b/go/pki/BUILD.bazel
new file mode 100644
index 0000000..0d3544f
--- /dev/null
+++ b/go/pki/BUILD.bazel

@@ -0,0 +1,17 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["grpc.go"],
+    importpath = "code.hackerspace.pl/hscloud/go/pki",
+    visibility = ["//visibility:public"],
+    deps = [
+        "@com_github_golang_glog//:go_default_library",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//codes:go_default_library",
+        "@org_golang_google_grpc//credentials:go_default_library",
+        "@org_golang_google_grpc//peer:go_default_library",
+        "@org_golang_google_grpc//status:go_default_library",
+        "@org_golang_x_net//trace:go_default_library",
+    ],
+)

diff --git a/go/pki/grpc.go b/go/pki/grpc.go
index f014a34..6d8f173 100644
--- a/go/pki/grpc.go
+++ b/go/pki/grpc.go

@@ -37,6 +37,7 @@
 	flagCertificatePath string
 	flagKeyPath         string
 	flagPKIRealm        string
+	flagPKIDisable      bool
 
 	// Enable logging HSPKI info into traces
 	Trace = true
@@ -53,6 +54,7 @@
 	flag.StringVar(&flagCertificatePath, "hspki_tls_certificate_path", "pki/service.pem", "Path to PKI service certificate")
 	flag.StringVar(&flagKeyPath, "hspki_tls_key_path", "pki/service-key.pem", "Path to PKI service private key")
 	flag.StringVar(&flagPKIRealm, "hspki_realm", "svc.cluster.local", "PKI realm")
+	flag.BoolVar(&flagPKIDisable, "hspki_disable", false, "Disable PKI entirely (insecure!)")
 }
 
 func maybeTrace(ctx context.Context, f string, args ...interface{}) {
@@ -168,6 +170,10 @@
 	if !flag.Parsed() {
 		glog.Exitf("WithServerHSPKI called before flag.Parse!")
 	}
+	if flagPKIDisable {
+		return []grpc.ServerOption{}
+	}
+
 	serverCert, err := tls.LoadX509KeyPair(flagCertificatePath, flagKeyPath)
 	if err != nil {
 		glog.Exitf("WithServerHSPKI: cannot load service certificate/key: %v", err)
@@ -194,6 +200,13 @@
 }
 
 func WithClientHSPKI() grpc.DialOption {
+	if !flag.Parsed() {
+		glog.Exitf("WithServerHSPKI called before flag.Parse!")
+	}
+	if flagPKIDisable {
+		return grpc.WithInsecure()
+	}
+
 	certPool := x509.NewCertPool()
 	ca, err := ioutil.ReadFile(flagCAPath)
 	if err != nil {