gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S3 TLS credentials Refreshing (#4506)

Browse Source 
* S3 TLS credentials Refreshing

* fix: logging

---------

Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
This commit is contained in:
Konstantin Lebedev
2023-06-05 02:27:56 +05:00
committed by GitHub
parent 5aec6da8a3
commit a0931be0c0
2 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
weed/security/tls.go
View File

@@ -16,7 +16,7 @@ import (
"google.golang.org/grpc"
)
const credRefreshingInterval = time.Duration(5) * time.Hour
const CredRefreshingInterval = time.Duration(5) * time.Hour
type Authenticator struct {
AllowedWildcardDomain string
@@ -31,7 +31,10 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
serverOptions := pemfile.Options{
CertFile: config.GetString(component + ".cert"),
KeyFile: config.GetString(component + ".key"),
RefreshDuration: credRefreshingInterval,
RefreshDuration: CredRefreshingInterval,
}
if serverOptions.CertFile == "" || serverOptions.KeyFile == "" {
return nil, nil
}
serverIdentityProvider, err := pemfile.NewProvider(serverOptions)
@@ -42,7 +45,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
serverRootOptions := pemfile.Options{
RootFile: config.GetString("grpc.ca"),
RefreshDuration: credRefreshingInterval,
RefreshDuration: CredRefreshingInterval,
}
serverRootProvider, err := pemfile.NewProvider(serverRootOptions)
if err != nil {
@@ -99,7 +102,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
clientOptions := pemfile.Options{
CertFile: certFileName,
KeyFile: keyFileName,
RefreshDuration: credRefreshingInterval,
RefreshDuration: CredRefreshingInterval,
}
clientProvider, err := pemfile.NewProvider(clientOptions)
if err != nil {
@@ -108,7 +111,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
}
clientRootOptions := pemfile.Options{
RootFile: config.GetString("grpc.ca"),
RefreshDuration: credRefreshingInterval,
RefreshDuration: CredRefreshingInterval,
}
clientRootProvider, err := pemfile.NewProvider(clientRootOptions)
if err != nil {