Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

etcdmain: add "--cipher-suites" flag

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
Gyuho Lee 7 years ago
parent
6fa95eb497
commit
3e0cc1e717
3 changed files with 43 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      etcdmain/config.go
  2. 2 0
      etcdmain/help.go
  3. 37 1
      pkg/flags/strings.go

+ 4 - 0
etcdmain/config.go
View File 

@@ -191,6 +191,8 @@ func newConfig() *config {
 
 	fs.StringVar(&cfg.PeerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
 
 	fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
 
 
+	fs.Var(flags.NewStringsValueV2(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).")
 
+
 
 	// logging
 
 	fs.BoolVar(&cfg.Debug, "debug", false, "Enable debug-level logging for etcd.")
 
 	fs.StringVar(&cfg.LogPkgLevels, "log-package-levels", "", "Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG').")
 
@@ -266,6 +268,8 @@ func (cfg *config) configFromCmdLine() error {
 
 	cfg.Fallback = cfg.fallback.String()
 
 	cfg.Proxy = cfg.proxy.String()
 
 
+	cfg.CipherSuites = flags.StringsFromFlagV2(cfg.FlagSet, "cipher-suites")
 
+
 
 	// disable default advertise-client-urls if lcurls is set
 
 	missingAC := flags.IsSet(cfg.FlagSet, "listen-client-urls") && !flags.IsSet(cfg.FlagSet, "advertise-client-urls")
 
 	if !cfg.mayBeProxy() && missingAC {

+ 2 - 0
etcdmain/help.go
View File 

@@ -150,6 +150,8 @@ security flags:
 
 		path to the peer server TLS trusted CA file.
 
 	--peer-auto-tls 'false'
 
 		peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided.
 
+	--cipher-suites ''
 
+		comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).
 
 
 logging flags

+ 37 - 1
pkg/flags/strings.go
View File 

@@ -14,7 +14,12 @@
 
 
 package flags
 
 
-import "errors"
 
+import (
 
+	"errors"
 
+	"flag"
 
+	"sort"
 
+	"strings"
 
+)
 
 
 // NewStringsFlag creates a new string flag for which any one of the given
 
 // strings is a valid value, and any other value is an error.
 
@@ -44,3 +49,34 @@ func (ss *StringsFlag) Set(s string) error {
 
 func (ss *StringsFlag) String() string {
 
 	return ss.val
 
 }
 
+
 
+// StringsValueV2 wraps "sort.StringSlice".
 
+type StringsValueV2 sort.StringSlice
 
+
 
+// Set parses a command line set of strings, separated by comma.
 
+// Implements "flag.Value" interface.
 
+func (ss *StringsValueV2) Set(s string) error {
 
+	*ss = strings.Split(s, ",")
 
+	return nil
 
+}
 
+
 
+// String implements "flag.Value" interface.
 
+func (ss *StringsValueV2) String() string { return strings.Join(*ss, ",") }
 
+
 
+// NewStringsValueV2 implements string slice as "flag.Value" interface.
 
+// Given value is to be separated by comma.
 
+func NewStringsValueV2(s string) (ss *StringsValueV2) {
 
+	if s == "" {
 
+		return &StringsValueV2{}
 
+	}
 
+	ss = new(StringsValueV2)
 
+	if err := ss.Set(s); err != nil {
 
+		plog.Panicf("new StringsValueV2 should never fail: %v", err)
 
+	}
 
+	return ss
 
+}
 
+
 
+// StringsFromFlagV2 returns a string slice from the flag.
 
+func StringsFromFlagV2(fs *flag.FlagSet, flagName string) []string {
 
+	return []string(*fs.Lookup(flagName).Value.(*StringsValueV2))
 
+}