extend config with tls path field

celestiaorg · Nov 6, 2024 · 5cb7bbe · 5cb7bbe
1 parent e0f0fd3
commit 5cb7bbe
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 24 deletions.
diff --git a/nodebuilder/core/config.go b/nodebuilder/core/config.go
@@ -20,13 +20,13 @@ type Config struct {
 	RPCPort   string
 	GRPCPort  string
 	EnableTLS bool
+	TLSPath   string
 }
 
 // DefaultConfig returns default configuration for managing the
 // node's connection to a Celestia-Core endpoint.
 func DefaultConfig() Config {
 	return Config{
-		IP:       "",
 		RPCPort:  DefaultRPCPort,
 		GRPCPort: DefaultGRPCPort,
 	}

diff --git a/nodebuilder/core/flags.go b/nodebuilder/core/flags.go
@@ -12,6 +12,7 @@ var (
 	coreRPCFlag       = "core.rpc.port"
 	coreGRPCFlag      = "core.grpc.port"
 	coreEnableTLSFlag = "core.grpc.tls"
+	coreTLSPAthFlag   = "core.grpc.tls.path"
 )
 
 // Flags gives a set of hardcoded Core flags.
@@ -40,6 +41,11 @@ func Flags() *flag.FlagSet {
 		false,
 		"Enables grpc TLS. The --core.ip flag must also be provided.",
 	)
+	flags.String(
+		coreTLSPAthFlag,
+		"",
+		fmt.Sprintf("Set a path to the TLS certificates. The --%s must be set to true ", coreEnableTLSFlag),
+	)
 	return flags
 }
 
@@ -71,6 +77,11 @@ func ParseFlags(
 		cfg.EnableTLS = enabled
 	}
 
+	if cmd.Flag(coreTLSPAthFlag).Changed {
+		path := cmd.Flag(coreTLSPAthFlag).Value.String()
+		cfg.TLSPath = path
+	}
+
 	cfg.IP = coreIP
 	return cfg.Validate()
 }
diff --git a/nodebuilder/core/tls.go b/nodebuilder/core/tls.go
@@ -2,32 +2,32 @@ package core
 
 import (
 	"crypto/tls"
-	"github.com/celestiaorg/celestia-node/libs/utils"
-	"os"
+	"fmt"
 	"path/filepath"
+
+	"github.com/celestiaorg/celestia-node/libs/utils"
 )
 
 const (
 	cert = "cert.pem"
 	key  = "key.pem"
 )
 
-var tlsPath = "CELESTIA_GRPC_TLS_PATH"
-
-// TLS tries to read `CELESTIA_GRPC_TLS_PATH` to get the tls path and configure the config
-// with build certificate. In returns an empty config in case the path hasn't specified.
-func TLS() (*tls.Config, error) {
+// TLS parses the tls path and tries to configure the config with tls certificates.
+// In returns an empty config in case the path was not specified.
+func TLS(tlsPath string) (*tls.Config, error) {
 	cfg := &tls.Config{MinVersion: tls.VersionTLS12}
-	path := os.Getenv(tlsPath)
-	if path == "" {
+	if tlsPath == "" {
 		return cfg, nil
 	}
-
-	certPath := filepath.Join(path, cert)
-	keyPath := filepath.Join(path, key)
+	certPath := filepath.Join(tlsPath, cert)
+	keyPath := filepath.Join(tlsPath, key)
 	exist := utils.Exists(certPath) && utils.Exists(keyPath)
 	if !exist {
-		return cfg, nil
+		return nil, fmt.Errorf("can't find %s or %s under %s"+
+			"Please specify another path or disable tls in the config",
+			cert, key, tlsPath,
+		)
 	}
 
 	cert, err := tls.LoadX509KeyPair(certPath, keyPath)

diff --git a/nodebuilder/state/core.go b/nodebuilder/state/core.go
@@ -31,13 +31,14 @@ func coreAccessor(
 	error,
 ) {
 	if corecfg.EnableTLS {
-		tls, err := core.TLS()
+		tls, err := core.TLS(corecfg.TLSPath)
 		if err != nil {
 			return nil, nil, nil, err
 		}
 		opts = append(opts, state.WithTLSConfig(tls))
 	}
-	ca, err := state.NewCoreAccessor(keyring, string(keyname), sync, corecfg.IP, corecfg.GRPCPort, network.String(), opts...)
+	ca, err := state.NewCoreAccessor(keyring, string(keyname), sync,
+		corecfg.IP, corecfg.GRPCPort, network.String(), opts...)
 
 	sBreaker := &modfraud.ServiceBreaker[*state.CoreAccessor, *header.ExtendedHeader]{
 		Service:   ca,

diff --git a/state/core_access.go b/state/core_access.go
@@ -8,12 +8,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/celestiaorg/celestia-app/v3/app"
-	"github.com/celestiaorg/celestia-app/v3/app/encoding"
-	apperrors "github.com/celestiaorg/celestia-app/v3/app/errors"
-	"github.com/celestiaorg/celestia-app/v3/pkg/user"
-	libhead "github.com/celestiaorg/go-header"
-	libshare "github.com/celestiaorg/go-square/v2/share"
 	nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node"
 	"github.com/cosmos/cosmos-sdk/client/grpc/tmservice"
 	"github.com/cosmos/cosmos-sdk/crypto/keyring"
@@ -30,6 +24,13 @@ import (
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 
+	"github.com/celestiaorg/celestia-app/v3/app"
+	"github.com/celestiaorg/celestia-app/v3/app/encoding"
+	apperrors "github.com/celestiaorg/celestia-app/v3/app/errors"
+	"github.com/celestiaorg/celestia-app/v3/pkg/user"
+	libhead "github.com/celestiaorg/go-header"
+	libshare "github.com/celestiaorg/go-square/v2/share"
+
 	"github.com/celestiaorg/celestia-node/header"
 )
 
@@ -95,7 +96,13 @@ type CoreAccessor struct {
 // NewCoreAccessor dials the given celestia-core endpoint and
 // constructs and returns a new CoreAccessor (state service) with the active
 // connection.
-func NewCoreAccessor(keyring keyring.Keyring, keyname string, getter libhead.Head[*header.ExtendedHeader], coreIP, grpcPort string, network string, options ...Option) (*CoreAccessor, error) {
+func NewCoreAccessor(
+	keyring keyring.Keyring,
+	keyname string,
+	getter libhead.Head[*header.ExtendedHeader],
+	coreIP, grpcPort, network string,
+	options ...Option,
+) (*CoreAccessor, error) {
 	// create verifier
 	prt := merkle.DefaultProofRuntime()
 	prt.RegisterOpDecoder(storetypes.ProofOpIAVLCommitment, storetypes.CommitmentOpDecoder)
@@ -132,11 +139,11 @@ func (ca *CoreAccessor) Start(ctx context.Context) error {
 	} else {
 		creds = insecure.NewCredentials()
 	}
+
 	client, err := grpc.NewClient(
 		endpoint,
 		grpc.WithTransportCredentials(creds),
 	)
-
 	if err != nil {
 		return err
 	}