|
|
@@ -85,10 +85,11 @@ type config struct {
|
|
|
|
|
|
// configFlags has the set of flags used for command line parsing a Config
|
|
|
type configFlags struct {
|
|
|
- flagSet *flag.FlagSet
|
|
|
- clusterState *flags.StringsFlag
|
|
|
- fallback *flags.StringsFlag
|
|
|
- proxy *flags.StringsFlag
|
|
|
+ flagSet *flag.FlagSet
|
|
|
+ hostWhitelist string
|
|
|
+ clusterState *flags.StringsFlag
|
|
|
+ fallback *flags.StringsFlag
|
|
|
+ proxy *flags.StringsFlag
|
|
|
}
|
|
|
|
|
|
func newConfig() *config {
|
|
|
@@ -189,6 +190,7 @@ func newConfig() *config {
|
|
|
fs.BoolVar(&cfg.ec.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
|
|
|
fs.StringVar(&cfg.ec.PeerTLSInfo.CRLFile, "peer-crl-file", "", "Path to the peer certificate revocation list file.")
|
|
|
fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.")
|
|
|
+ fs.StringVar(&cfg.cf.hostWhitelist, "host-whitelist", "", "Comma-separated acceptable hostnames from HTTP client requests, if server is not secure (empty means allow all).")
|
|
|
|
|
|
// logging
|
|
|
fs.BoolVar(&cfg.ec.Debug, "debug", false, "Enable debug-level logging for etcd.")
|
|
|
@@ -275,6 +277,12 @@ func (cfg *config) configFromCmdLine() error {
|
|
|
cfg.ec.ListenMetricsUrls = []url.URL(u)
|
|
|
}
|
|
|
|
|
|
+ hosts := strings.Split(cfg.cf.hostWhitelist, ",")
|
|
|
+ for i := range hosts {
|
|
|
+ hosts[i] = strings.TrimSpace(hosts[i])
|
|
|
+ }
|
|
|
+ cfg.ec.HostWhitelist = hosts
|
|
|
+
|
|
|
cfg.ec.ClusterState = cfg.cf.clusterState.String()
|
|
|
cfg.cp.Fallback = cfg.cf.fallback.String()
|
|
|
cfg.cp.Proxy = cfg.cf.proxy.String()
|
Gyuho Lee