From 386221b1d81c6caf86df15a5e6ee10496dafa863 Mon Sep 17 00:00:00 2001 From: Michael Mraka Date: Tue, 10 Sep 2024 15:24:41 +0200 Subject: [PATCH] RHINENG-9505: use ca cert to access candlepin if needed --- base/utils/config.go | 2 ++ manager/config/config.go | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/base/utils/config.go b/base/utils/config.go index ba8d97bb6..95e416267 100644 --- a/base/utils/config.go +++ b/base/utils/config.go @@ -73,6 +73,7 @@ type coreConfig struct { CandlepinAddress string CandlepinCert string CandlepinKey string + CandlepinCA string ManagerPrivateAddress string ListenerPrivateAddress string EvaluatorUploadPrivateAddress string @@ -160,6 +161,7 @@ func initServicesFromEnv() { CoreCfg.CandlepinAddress = Getenv("CANDLEPIN_ADDRESS", CoreCfg.CandlepinAddress) CoreCfg.CandlepinCert = Getenv("CANDLEPIN_CERT", CoreCfg.CandlepinCert) CoreCfg.CandlepinKey = Getenv("CANDLEPIN_KEY", CoreCfg.CandlepinKey) + CoreCfg.CandlepinCA = Getenv("CANDLEPIN_CA", CoreCfg.CandlepinCA) } func initDBFromClowder() { diff --git a/manager/config/config.go b/manager/config/config.go index fb1fe4e39..0d6510fc9 100644 --- a/manager/config/config.go +++ b/manager/config/config.go @@ -5,6 +5,7 @@ import ( "app/base/utils" "crypto/tls" "crypto/x509" + "fmt" "net/http" log "github.com/sirupsen/logrus" @@ -61,6 +62,12 @@ func CreateCandlepinClient() api.Client { if err != nil { return nil, err } + if utils.CoreCfg.CandlepinCA != "" { + ok := certPool.AppendCertsFromPEM([]byte(utils.CoreCfg.CandlepinCA)) + if !ok { + return nil, fmt.Errorf("could not parse candlepin ca cert") + } + } tlsConfig = &tls.Config{ Certificates: []tls.Certificate{clientCert}, RootCAs: certPool,