Merge pull request #1 from yandex-cloud/custom-trusted-ca

Add parameter 'ca_file'
yandex-cloud · Oct 18, 2021 · b1117d9 · b1117d9
2 parents 8ddc51e + a3e17dd
commit b1117d9
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 4 deletions.
diff --git a/config.go b/config.go
@@ -132,10 +132,16 @@ func getIngestionClient(plugin unsafe.Pointer) (*ingest.LogIngestionServiceClien
 		endpoint = defaultEndpoint
 	}
 
+	tlsConfig, err := makeTLSConfig(plugin)
+	if err != nil {
+		return nil, fmt.Errorf("error creating tls config: %s", err.Error())
+	}
+
 	sdk, err := ycsdk.Build(context.Background(),
 		ycsdk.Config{
 			Credentials: credentials,
 			Endpoint:    endpoint,
+			TLSConfig:   tlsConfig,
 		},
 		grpc.WithUserAgent(`fluent-bit-plugin-yandex/`+PluginVersion+`; fluent-bit/`+FluentBitVersion),
 	)

diff --git a/processor.go b/processor.go
@@ -1,8 +1,12 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"strings"
 	"time"
@@ -85,3 +89,37 @@ func makeCredentials(authorization string) (ycsdk.Credentials, error) {
 		return ycsdk.ServiceAccountKey(key)
 	}
 }
+
+func makeTLSConfig(plugin unsafe.Pointer) (*tls.Config, error) {
+	CAFileName := output.FLBPluginConfigKey(plugin, "ca_file")
+	fmt.Println("yc-logging: make TLS config")
+
+	if CAFileName != "" {
+		fmt.Println("yc-logging: create tls config")
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			return nil, fmt.Errorf("failed to load system certs pool %w", err)
+		}
+
+		r, err := ioutil.ReadFile(CAFileName)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get ca_file = %s details: %w", CAFileName, err)
+		}
+		block, _ := pem.Decode(r)
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse ca_file = %s details: %w", CAFileName, err)
+		}
+		caCertPool.AddCert(cert)
+
+		config := &tls.Config{
+			RootCAs: caCertPool,
+		}
+
+		fmt.Println("yc-logging: tls config successful created")
+
+		return config, nil
+	}
+
+	return &tls.Config{}, nil
+}
diff --git a/yclogging.go b/yclogging.go
@@ -52,10 +52,6 @@ func FLBPluginFlushCtx(ctx, data unsafe.Pointer, length C.int, tag *C.char) int
 	}
 
 	err := plugin.write(context.Background(), entries)
-	if err == nil {
-		fmt.Printf("yc-logging: written %d messages\n", len(entries))
-		return output.FLB_OK
-	}
 
 	code := status.Code(err)
 	switch code {