From 16a893eb0878e40838a6c13bd9ad54e96da2d471 Mon Sep 17 00:00:00 2001 From: David Barroso Date: Wed, 28 Aug 2024 08:47:14 +0200 Subject: [PATCH] feat: added option to override CA certificates --- cmd/dev/up.go | 25 +++++++++++++++++++++++-- dockercompose/compose.go | 21 ++++++++++++++++++++- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/cmd/dev/up.go b/cmd/dev/up.go index 7fe5d452..10ca59a2 100644 --- a/cmd/dev/up.go +++ b/cmd/dev/up.go @@ -43,6 +43,7 @@ const ( flagConfigserverImage = "configserver-image" flagRunService = "run-service" flagDownOnError = "down-on-error" + flagCACertificates = "ca-certificates" ) const ( @@ -128,6 +129,11 @@ func CommandUp() *cli.Command { //nolint:funlen Usage: "Skip confirmation", EnvVars: []string{"NHOST_YES"}, }, + &cli.StringFlag{ //nolint:exhaustruct + Name: flagCACertificates, + Usage: "Mounts and everrides path to CA certificates in the containers", + EnvVars: []string{"NHOST_CA_CERTIFICATES"}, + }, }, } } @@ -171,6 +177,7 @@ func commandUp(cCtx *cli.Context) error { }, cCtx.String(flagDashboardVersion), configserverImage, + cCtx.String(flagCACertificates), cCtx.StringSlice(flagRunService), cCtx.Bool(flagDownOnError), ) @@ -311,6 +318,7 @@ func up( //nolint:funlen,cyclop ports dockercompose.ExposePorts, dashboardVersion string, configserverImage string, + caCertificatesPath string, runServices []string, ) error { ctx, cancel := context.WithCancel(ctx) @@ -364,6 +372,7 @@ func up( //nolint:funlen,cyclop dashboardVersion, configserverImage, clienv.PathExists(ce.Path.Functions()), + caCertificatesPath, runServicesCfg..., ) if err != nil { @@ -513,14 +522,26 @@ func Up( ports dockercompose.ExposePorts, dashboardVersion string, configserverImage string, + caCertificatesPath string, runServices []string, downOnError bool, ) error { dc := dockercompose.New(ce.Path.WorkingDir(), ce.Path.DockerCompose(), ce.ProjectName()) if err := up( - ctx, ce, appVersion, dc, httpPort, useTLS, postgresPort, - applySeeds, ports, dashboardVersion, configserverImage, runServices, + ctx, + ce, + appVersion, + dc, + httpPort, + useTLS, + postgresPort, + applySeeds, + ports, + dashboardVersion, + configserverImage, + caCertificatesPath, + runServices, ); err != nil { return upErr(ce, dc, downOnError, err) //nolint:contextcheck } diff --git a/dockercompose/compose.go b/dockercompose/compose.go index 055a9ba1..43244c50 100644 --- a/dockercompose/compose.go +++ b/dockercompose/compose.go @@ -602,7 +602,21 @@ type RunService struct { Path string } -func ComposeFileFromConfig( +func mountCACertificates( + path string, + services map[string]*Service, +) { + for _, service := range services { + service.Volumes = append(service.Volumes, Volume{ + Type: "bind", + Source: path, + Target: "/etc/ssl/certs/ca-certificates.crt", + ReadOnly: ptr(true), + }) + } +} + +func ComposeFileFromConfig( //nolint:funlen cfg *model.ConfigConfig, subdomain string, projectName string, @@ -618,6 +632,7 @@ func ComposeFileFromConfig( dashboardVersion string, configserverImage string, startFunctions bool, + caCertificatesPath string, runServices ...*RunService, ) (*ComposeFile, error) { services, err := getServices( @@ -658,6 +673,10 @@ func ComposeFileFromConfig( } } + if caCertificatesPath != "" { + mountCACertificates(caCertificatesPath, services) + } + return &ComposeFile{ Services: services, Volumes: volumes,