-
Notifications
You must be signed in to change notification settings - Fork 2.5k
/
Copy pathoptions.go
72 lines (62 loc) · 1.82 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
// Copyright (c) 2019 The Jaeger Authors.
// SPDX-License-Identifier: Apache-2.0
package tlscfg
import (
"time"
"go.opentelemetry.io/collector/config/configtls"
)
// options describes the configuration properties for TLS Connections.
type options struct {
Enabled bool
CAPath string
CertPath string
KeyPath string
ServerName string // only for client-side TLS config
ClientCAPath string // only for server-side TLS config for client auth
CipherSuites []string
MinVersion string
MaxVersion string
SkipHostVerify bool
ReloadInterval time.Duration
}
func (o *options) ToOtelClientConfig() configtls.ClientConfig {
return configtls.ClientConfig{
Insecure: !o.Enabled,
InsecureSkipVerify: o.SkipHostVerify,
ServerName: o.ServerName,
Config: configtls.Config{
CAFile: o.CAPath,
CertFile: o.CertPath,
KeyFile: o.KeyPath,
CipherSuites: o.CipherSuites,
MinVersion: o.MinVersion,
MaxVersion: o.MaxVersion,
ReloadInterval: o.ReloadInterval,
// when no truststore given, use SystemCertPool
// https://github.com/jaegertracing/jaeger/issues/6334
IncludeSystemCACertsPool: o.Enabled && (len(o.CAPath) == 0),
},
}
}
// ToOtelServerConfig provides a mapping between from Options to OTEL's TLS Server Configuration.
func (o *options) ToOtelServerConfig() *configtls.ServerConfig {
if !o.Enabled {
return nil
}
cfg := &configtls.ServerConfig{
ClientCAFile: o.ClientCAPath,
Config: configtls.Config{
CAFile: o.CAPath,
CertFile: o.CertPath,
KeyFile: o.KeyPath,
CipherSuites: o.CipherSuites,
MinVersion: o.MinVersion,
MaxVersion: o.MaxVersion,
ReloadInterval: o.ReloadInterval,
},
}
if o.ReloadInterval > 0 {
cfg.ReloadClientCAFile = true
}
return cfg
}