tempCommit

Signed-off-by: rjs211 <srivatsa211@gmail.com>

cmd/query/app/flags.go

@@ -48,6 +48,7 @@ const (
 	queryMaxClockSkewAdjust = "query.max-clock-skew-adjustment"
 	queryHTTPTLSEnabled     = "query.http.tls.enabled"
 	queryGRPCTLSEnabled     = "query.gprc.tls.enabled"
+	queryServerClientCA     = "query.server.tls.client-ca"
 )
 
 var tlsFlagsConfig = tlscfg.ServerFlagsConfig{
@@ -68,14 +69,18 @@ type QueryOptions struct {
 	UIConfig string
 	// BearerTokenPropagation activate/deactivate bearer token propagation to storage
 	BearerTokenPropagation bool
-	// TLSGRPC configures secure transport (Consumer to Query service GRPC API)
-	TLSGRPC tlscfg.Options
-	// TLSHTTP configures secure transport (Consumer to Query service HTTP API)
-	TLSHTTP tlscfg.Options
+	// HTTPTLSEnabled Enable/Disable secure HTTP connection
+	HTTPTLSEnabled bool
+	// GRPCTLSEnabled Enable/Disable secure CRPC connection
+	GRPCTLSEnabled bool
+	// TLS configures secure transport
+	TLS tlscfg.Options
 	// AdditionalHeaders
 	AdditionalHeaders http.Header
 	// MaxClockSkewAdjust is the maximum duration by which jaeger-query will adjust a span
 	MaxClockSkewAdjust time.Duration
+
+	liststring []string
 }
 
 // AddFlags adds flags for QueryOptions
@@ -93,13 +98,6 @@ func AddFlags(flagSet *flag.FlagSet) {
 	tlsFlagsConfig.AddFlags(flagSet)
 }
 
-func getOptions(enabled bool, qTLSOptions tlscfg.Options) tlscfg.Options {
-	if enabled {
-		return tlscfg.Options{Enabled: enabled, CertPath: qTLSOptions.CertPath, KeyPath: qTLSOptions.KeyPath, ClientCAPath: qTLSOptions.ClientCAPath}
-	}
-	return tlscfg.Options{Enabled: enabled}
-}
-
 // InitFromViper initializes QueryOptions with properties from viper
 func (qOpts *QueryOptions) InitFromViper(v *viper.Viper, logger *zap.Logger) *QueryOptions {
 	qOpts.HostPort = ports.GetAddressFromCLIOptions(v.GetInt(queryPort), v.GetString(queryHostPort))
@@ -108,9 +106,13 @@ func (qOpts *QueryOptions) InitFromViper(v *viper.Viper, logger *zap.Logger) *Qu
 	qOpts.UIConfig = v.GetString(queryUIConfig)
 	qOpts.BearerTokenPropagation = v.GetBool(queryTokenPropagation)
 
-	qTLSOptions := tlsFlagsConfig.InitFromViper(v)
-	qOpts.TLSGRPC = getOptions(v.GetBool(queryGRPCTLSEnabled), qTLSOptions)
-	qOpts.TLSHTTP = getOptions(v.GetBool(queryHTTPTLSEnabled), qTLSOptions)
+	qOpts.TLS = tlsFlagsConfig.InitFromViper(v)
+	qOpts.TLS.Enabled = false
+	qOpts.GRPCTLSEnabled = v.GetBool(queryGRPCTLSEnabled)
+	qOpts.HTTPTLSEnabled = v.GetBool(queryHTTPTLSEnabled)
+	if qOpts.GRPCTLSEnabled || qOpts.HTTPTLSEnabled {
+		qOpts.TLS.Enabled = true
+	}
 
 	qOpts.MaxClockSkewAdjust = v.GetDuration(queryMaxClockSkewAdjust)
 	stringSlice := v.GetStringSlice(queryAdditionalHeaders)

cmd/query/app/server.go

@@ -82,8 +82,8 @@ func (s Server) HealthCheckStatus() chan healthcheck.Status {
 
 func createGRPCServer(querySvc *querysvc.QueryService, options *QueryOptions, logger *zap.Logger, tracer opentracing.Tracer) (*grpc.Server, error) {
 
-	if options.TLSGRPC.Enabled {
-		_, err := options.TLSGRPC.Config()
+	if options.GRPCTLSEnabled {
+		_, err := options.TLS.Config()
 		if err != nil {
 			return nil, err
 		}
@@ -102,8 +102,8 @@ func createHTTPServer(querySvc *querysvc.QueryService, queryOpts *QueryOptions,
 		HandlerOptions.Tracer(tracer),
 	}
 
-	if queryOpts.TLSHTTP.Enabled {
-		_, err := queryOpts.TLSHTTP.Config() // This checks if the certificates are correctly provided
+	if queryOpts.HTTPTLSEnabled {
+		_, err := queryOpts.TLS.Config() // This checks if the certificates are correctly provided
 		if err != nil {
 			return nil, err
 		}
@@ -156,44 +156,41 @@ func (s *Server) getCmux() (cmux.CMux, net.Listener, net.Listener, error) {
 	var grpcListener net.Listener
 	var cmux1 cmux.CMux
 	// var cmux2 cmux.CMux
-	var tlsOptions tlscfg.Options
 	conn, err := net.Listen("tcp", s.queryOptions.HostPort)
 	s.conn = conn
 
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
-	if s.queryOptions.TLSHTTP.Enabled != s.queryOptions.TLSGRPC.Enabled {
+	if s.queryOptions.HTTPTLSEnabled != s.queryOptions.GRPCTLSEnabled {
 		cmux1 = cmux.New(conn)
 
-		if !s.queryOptions.TLSHTTP.Enabled {
+		if !s.queryOptions.HTTPTLSEnabled {
 			httpListener = cmux1.Match(cmux.HTTP1Fast())
-			tlsOptions = s.queryOptions.TLSGRPC
 		} else {
 			grpcListener = cmux1.MatchWithWriters(
 				cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc"),
 				cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc+proto"),
 			)
-			tlsOptions = s.queryOptions.TLSHTTP
 		}
 		tlsListener := cmux1.Match(cmux.Any())
-		tlsListener, err = getTLSListener(tlsListener, tlsOptions, "")
+		tlsListener, err = getTLSListener(tlsListener, s.queryOptions.TLS, "")
 		if err != nil {
 			return nil, nil, nil, err
 		}
 
 		// cmux2 = cmux.New(tlsListener)
-		if s.queryOptions.TLSHTTP.Enabled {
+		if s.queryOptions.HTTPTLSEnabled {
 			httpListener = tlsListener
 		} else {
 			grpcListener = tlsListener
 		}
 
 	} else {
 		var muxListener net.Listener
-		if s.queryOptions.TLSHTTP.Enabled {
-			muxListener, err = getTLSListener(conn, s.queryOptions.TLSHTTP, s.queryOptions.TLSGRPC.ClientCAPath)
+		if s.queryOptions.HTTPTLSEnabled {
+			muxListener, err = getTLSListener(conn, s.queryOptions.TLS, s.queryOptions.TLSGRPC.ClientCAPath)
 			if err != nil {
 				return nil, nil, nil, err
 			}

pkg/config/tlscfg/flags.go

@@ -70,8 +70,10 @@ func (c ServerFlagsConfig) AddFlags(flags *flag.FlagSet) {
 	}
 	flags.String(c.Prefix+tlsCert, "", "Path to a TLS Certificate file, used to identify this server to clients")
 	flags.String(c.Prefix+tlsKey, "", "Path to a TLS Private Key file, used to identify this server to clients")
-	flags.String(c.Prefix+tlsClientCA, "", "Path to a TLS CA (Certification Authority) file used to verify certificates presented by clients (if unset, all clients are permitted)")
-	flags.String(c.Prefix+tlsClientCAOld, "", "(deprecated) see --"+c.Prefix+tlsClientCA)
+	if c.ShowClientCA {
+		flags.String(c.Prefix+tlsClientCA, "", "Path to a TLS CA (Certification Authority) file used to verify certificates presented by clients (if unset, all clients are permitted)")
+		flags.String(c.Prefix+tlsClientCAOld, "", "(deprecated) see --"+c.Prefix+tlsClientCA)
+	}
 }
 
 // InitFromViper creates tls.Config populated with values retrieved from Viper.