From 13715724b8a59406e2d732853df20ec13c526458 Mon Sep 17 00:00:00 2001 From: Gyuho Lee Date: Tue, 5 Jun 2018 18:25:20 -0700 Subject: [PATCH] etcdmain: add "--cipher-suites" flag Signed-off-by: Gyuho Lee --- etcdmain/config.go | 4 ++++ etcdmain/help.go | 2 ++ pkg/flags/strings.go | 38 +++++++++++++++++++++++++++++++++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/etcdmain/config.go b/etcdmain/config.go index 3028c6581..2a5faa746 100644 --- a/etcdmain/config.go +++ b/etcdmain/config.go @@ -190,6 +190,8 @@ func newConfig() *config { fs.StringVar(&cfg.ec.PeerTLSInfo.CRLFile, "peer-crl-file", "", "Path to the peer certificate revocation list file.") fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.") + fs.Var(flags.NewStringsValueV2(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).") + // logging fs.BoolVar(&cfg.ec.Debug, "debug", false, "Enable debug-level logging for etcd.") fs.StringVar(&cfg.ec.LogPkgLevels, "log-package-levels", "", "Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG').") @@ -275,6 +277,8 @@ func (cfg *config) configFromCmdLine() error { cfg.ec.ListenMetricsUrls = []url.URL(u) } + cfg.ec.CipherSuites = flags.StringsFromFlagV2(cfg.cf.flagSet, "cipher-suites") + cfg.ec.ClusterState = cfg.cf.clusterState.String() cfg.cp.Fallback = cfg.cf.fallback.String() cfg.cp.Proxy = cfg.cf.proxy.String() diff --git a/etcdmain/help.go b/etcdmain/help.go index 82d270460..c64dab3bc 100644 --- a/etcdmain/help.go +++ b/etcdmain/help.go @@ -160,6 +160,8 @@ security flags: peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided. --peer-crl-file '' path to the peer certificate revocation list file. + --cipher-suites '' + comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go). logging flags diff --git a/pkg/flags/strings.go b/pkg/flags/strings.go index 40ee43253..89bdf9506 100644 --- a/pkg/flags/strings.go +++ b/pkg/flags/strings.go @@ -14,7 +14,12 @@ package flags -import "errors" +import ( + "errors" + "flag" + "sort" + "strings" +) // NewStringsFlag creates a new string flag for which any one of the given // strings is a valid value, and any other value is an error. @@ -47,3 +52,34 @@ func (ss *StringsFlag) Set(s string) error { func (ss *StringsFlag) String() string { return ss.val } + +// StringsValueV2 wraps "sort.StringSlice". +type StringsValueV2 sort.StringSlice + +// Set parses a command line set of strings, separated by comma. +// Implements "flag.Value" interface. +func (ss *StringsValueV2) Set(s string) error { + *ss = strings.Split(s, ",") + return nil +} + +// String implements "flag.Value" interface. +func (ss *StringsValueV2) String() string { return strings.Join(*ss, ",") } + +// NewStringsValueV2 implements string slice as "flag.Value" interface. +// Given value is to be separated by comma. +func NewStringsValueV2(s string) (ss *StringsValueV2) { + if s == "" { + return &StringsValueV2{} + } + ss = new(StringsValueV2) + if err := ss.Set(s); err != nil { + plog.Panicf("new StringsValueV2 should never fail: %v", err) + } + return ss +} + +// StringsFromFlagV2 returns a string slice from the flag. +func StringsFromFlagV2(fs *flag.FlagSet, flagName string) []string { + return []string(*fs.Lookup(flagName).Value.(*StringsValueV2)) +}