From 3e0cc1e717dd80913d4cfde95ef266e32de39550 Mon Sep 17 00:00:00 2001 From: Gyuho Lee Date: Tue, 5 Jun 2018 18:25:20 -0700 Subject: [PATCH] etcdmain: add "--cipher-suites" flag Signed-off-by: Gyuho Lee --- etcdmain/config.go | 4 ++++ etcdmain/help.go | 2 ++ pkg/flags/strings.go | 38 +++++++++++++++++++++++++++++++++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/etcdmain/config.go b/etcdmain/config.go index 50eeffc54..c4a7d409d 100644 --- a/etcdmain/config.go +++ b/etcdmain/config.go @@ -191,6 +191,8 @@ func newConfig() *config { fs.StringVar(&cfg.PeerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.") fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates") + fs.Var(flags.NewStringsValueV2(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).") + // logging fs.BoolVar(&cfg.Debug, "debug", false, "Enable debug-level logging for etcd.") fs.StringVar(&cfg.LogPkgLevels, "log-package-levels", "", "Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG').") @@ -266,6 +268,8 @@ func (cfg *config) configFromCmdLine() error { cfg.Fallback = cfg.fallback.String() cfg.Proxy = cfg.proxy.String() + cfg.CipherSuites = flags.StringsFromFlagV2(cfg.FlagSet, "cipher-suites") + // disable default advertise-client-urls if lcurls is set missingAC := flags.IsSet(cfg.FlagSet, "listen-client-urls") && !flags.IsSet(cfg.FlagSet, "advertise-client-urls") if !cfg.mayBeProxy() && missingAC { diff --git a/etcdmain/help.go b/etcdmain/help.go index 0812197fe..b40231112 100644 --- a/etcdmain/help.go +++ b/etcdmain/help.go @@ -150,6 +150,8 @@ security flags: path to the peer server TLS trusted CA file. --peer-auto-tls 'false' peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided. + --cipher-suites '' + comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go). logging flags diff --git a/pkg/flags/strings.go b/pkg/flags/strings.go index 21ff916a6..b72d4b4da 100644 --- a/pkg/flags/strings.go +++ b/pkg/flags/strings.go @@ -14,7 +14,12 @@ package flags -import "errors" +import ( + "errors" + "flag" + "sort" + "strings" +) // NewStringsFlag creates a new string flag for which any one of the given // strings is a valid value, and any other value is an error. @@ -44,3 +49,34 @@ func (ss *StringsFlag) Set(s string) error { func (ss *StringsFlag) String() string { return ss.val } + +// StringsValueV2 wraps "sort.StringSlice". +type StringsValueV2 sort.StringSlice + +// Set parses a command line set of strings, separated by comma. +// Implements "flag.Value" interface. +func (ss *StringsValueV2) Set(s string) error { + *ss = strings.Split(s, ",") + return nil +} + +// String implements "flag.Value" interface. +func (ss *StringsValueV2) String() string { return strings.Join(*ss, ",") } + +// NewStringsValueV2 implements string slice as "flag.Value" interface. +// Given value is to be separated by comma. +func NewStringsValueV2(s string) (ss *StringsValueV2) { + if s == "" { + return &StringsValueV2{} + } + ss = new(StringsValueV2) + if err := ss.Set(s); err != nil { + plog.Panicf("new StringsValueV2 should never fail: %v", err) + } + return ss +} + +// StringsFromFlagV2 returns a string slice from the flag. +func StringsFromFlagV2(fs *flag.FlagSet, flagName string) []string { + return []string(*fs.Lookup(flagName).Value.(*StringsValueV2)) +}