play: add TLS options

first approach: pass ssl params as env to the play.lua, and apply them into the URI parameters. Closes #1067
tarantool · Dec 31, 2024 · e0f5fe9 · e0f5fe9
1 parent 035ea0a
commit e0f5fe9
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   * `-e (--executable)`: specify Tarantool executable path.
   * `-p (--pid)`: specify PID of the dumped process.
   * `-t (--time)`: specify time of dump (seconds since the Epoch).
+- `tt play`: support TLS options.
 
 ### Changed
 

diff --git a/cli/checkpoint/lua/play.lua b/cli/checkpoint/lua/play.lua
@@ -54,7 +54,22 @@ local function play(positional_arguments, keyword_arguments, opts)
         log.error('Internal error: empty URI is provided')
         os.exit(1)
     end
-    local remote = netbox.new(uri, opts)
+    -- https://www.tarantool.io/en/doc/latest/platform/configuration/configuration_code/#configuration
+    -- looks like we should pass ssl options to the URI
+    ---[[
+    local remote = netbox.connect({
+        uri = uri,
+        params = {
+            transport = opts.transport,
+            ssl_cert_file = opts.ssl_cert_file,
+            ssl_key_file = opts.ssl_key_file,
+            ssl_ca_file = opts.ssl_ca_file,
+            ssl_ciphers = opts.ssl_ciphers}
+        },
+        opts
+    )
+    --]]
+    -- local remote = netbox.new(uri, opts)
     if not remote:wait_connected() then
         log.error('Fatal error: no connection to the host "%s"', uri)
         os.exit(1)
@@ -149,6 +164,11 @@ local function main()
     local opts = {
         user = os.getenv('TT_CLI_PLAY_USERNAME'),
         password = os.getenv('TT_CLI_PLAY_PASSWORD'),
+        transport = os.getenv('TT_CLI_PLAY_TRANSPORT'), -- should be 'ssl' or not set
+        ssl_cert_file = os.getenv('TT_CLI_PLAY_SSL_CERT_FILE'),
+        ssl_key_file = os.getenv('TT_CLI_PLAY_SSL_KEY_FILE'),
+        ssl_ca_file = os.getenv('TT_CLI_PLAY_SSL_CA_FILE'),
+        ssl_ciphers = os.getenv('TT_CLI_PLAY_SSL_CIPHERS'),
     }
     play(positional_arguments, keyword_arguments, opts)
 end

diff --git a/cli/cmd/play.go b/cli/cmd/play.go
@@ -35,6 +35,15 @@ var (
 	playUsername string
 	// playPassword contains password flag.
 	playPassword string
+	// playSslKeyFile is a path to a private SSL key file.
+	playSslKeyFile string
+	// playSslCertFile is a path to an SSL certificate file.
+	playSslCertFile string
+	// playSslCaFile is a path to a trusted certificate authorities (CA) file.
+	playSslCaFile string
+	// playSslCiphers is a colon-separated (:) list of SSL cipher suites the
+	// connection can use.
+	playSslCiphers string
 )
 
 // NewPlayCmd creates a new play command.
@@ -56,6 +65,14 @@ func NewPlayCmd() *cobra.Command {
 
 	playCmd.Flags().StringVarP(&playUsername, "username", "u", "", "username")
 	playCmd.Flags().StringVarP(&playPassword, "password", "p", "", "password")
+	playCmd.Flags().StringVar(&playSslKeyFile, "sslkeyfile", "",
+		`path to a private SSL key file`)
+	playCmd.Flags().StringVar(&playSslCertFile, "sslcertfile", "",
+		`path to an SSL certificate file`)
+	playCmd.Flags().StringVar(&playSslCaFile, "sslcafile", "",
+		`path to a trusted certificate authorities (CA) file`)
+	playCmd.Flags().StringVar(&playSslCiphers, "sslciphers", "",
+		`colon-separated (:) list of SSL cipher suites the connection`)
 	playCmd.Flags().Uint64Var(&playFlags.To, "to", playFlags.To,
 		"Show operations ending with the given lsn")
 	playCmd.Flags().StringVar(&playFlags.Timestamp, "timestamp", playFlags.Timestamp,
@@ -143,6 +160,24 @@ func internalPlayModule(cmdCtx *cmdcontext.CmdCtx, args []string) error {
 	if playPassword != "" {
 		os.Setenv("TT_CLI_PLAY_PASSWORD", playPassword)
 	}
+
+	if playSslCertFile != "" {
+		os.Setenv("TT_CLI_PLAY_SSL_CERT_FILE", playSslCertFile)
+	}
+	if playSslKeyFile != "" {
+		os.Setenv("TT_CLI_PLAY_SSL_KEY_FILE", playSslKeyFile)
+	}
+	if playSslCaFile != "" {
+		os.Setenv("TT_CLI_PLAY_SSL_CA_FILE", playSslCaFile)
+	}
+	if playSslCiphers != "" {
+		os.Setenv("TT_CLI_PLAY_SSL_CIPHERS", playSslCiphers)
+	}
+	if playSslCertFile != "" || playSslKeyFile != "" ||
+		playSslCaFile != "" || playSslCiphers != "" {
+		os.Setenv("TT_CLI_PLAY_TRANSPORT", "ssl")
+	}
+
 	os.Setenv("TT_CLI_PLAY_SHOW_SYS", strconv.FormatBool(playFlags.ShowSystem))
 
 	// List of spaces is passed to lua play script via environment variable in json format.