-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.go
78 lines (64 loc) · 2.49 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package main
import (
"context"
"flag"
"fmt"
"net/http"
"os"
"github.com/sirupsen/logrus"
"github.com/spiffe/spire/pkg/common/log"
"github.com/zeebo/errs"
)
var (
rootCAPath = flag.String("rootCAPath", "/etc/server/root-cert.pem", "File containing this trust domain's root certificates")
leafCertPath = flag.String("leafCertPath", "/etc/server/cert-chain.pem", "The leaf certificate to use for serving TLS")
leafKeyPath = flag.String("leafKeyPath", "/etc/server/key.pem", "The private key of the leaf certificate to serve TLS with")
peerTrustDomainName = flag.String("peerTrustDomain", "cluster-2", "The trust domain name to federate with")
peerEndpointAddress = flag.String("peerEndpointAddress", "240.0.0.10", "The address of the remote trust domain's bundle endpoint")
peerSpiffeID = flag.String("peerSpiffeID", "spiffe://cluster-2/spire/server", "The SPIFFE ID of the remote trust domain's bundle endpoint")
namespace = flag.String("namespace", "istio-system", "The namespace of the config map to keep updated with the peer's CA certificates")
configMapName = flag.String("configMapName", "spiffe-tb-1", "The name of the config map to keep updated with the peer's CA certificates")
logLevel = flag.String("logLevel", "DEBUG", "The level to log at")
)
func main() {
flag.Parse()
if err := run(context.Background()); err != nil {
fmt.Fprintf(os.Stderr, "%+v\n", err)
os.Exit(1)
}
}
func run(ctx context.Context) error {
log, err := log.NewLogger(*logLevel, "", "")
if err != nil {
return errs.Wrap(err)
}
defer log.Close()
var handler http.Handler = NewHandler(*rootCAPath, log)
handler = logHandler(log, handler)
clientConfig := &BundleEndpointClientConfig{
TrustDomain: *peerTrustDomainName,
EndpointAddress: *peerEndpointAddress,
EndpointSpiffeID: *peerSpiffeID,
Namespace: *namespace,
ConfigMapName: *configMapName,
Log: log,
}
log.Info("Starting SPIFFE bundle endpoint client")
err = StartBundleEndpointClient(ctx, clientConfig)
if err != nil {
return err
}
log.Info("Starting SPIFFE bundle endpoint server")
return http.ListenAndServeTLS("0.0.0.0:443", *leafCertPath, *leafKeyPath, handler)
}
func logHandler(log logrus.FieldLogger, handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
log.WithFields(logrus.Fields{
"remote-addr": r.RemoteAddr,
"method": r.Method,
"url": r.URL,
"user-agent": r.UserAgent,
}).Info("Incoming request")
handler.ServeHTTP(w, r)
})
}