fix: ESS Certs (#3)

* initialize provider Signed-off-by: Jordan Levin <[email protected]> * go1.21 Signed-off-by: Jordan Levin <[email protected]> * init repo Signed-off-by: Jordan Levin <[email protected]> * skip golang install in lint step Signed-off-by: Jordan Levin <[email protected]> * skip cache Signed-off-by: Jordan Levin <[email protected]> * upgrade golangci-linter Signed-off-by: Jordan Levin <[email protected]> * fix: ESS Certs (#2) * initialize provider (#1) * initialize provider Signed-off-by: Jordan Levin <[email protected]> * go1.21 Signed-off-by: Jordan Levin <[email protected]> * init repo Signed-off-by: Jordan Levin <[email protected]> * skip golang install in lint step Signed-off-by: Jordan Levin <[email protected]> * skip cache Signed-off-by: Jordan Levin <[email protected]> * upgrade golangci-linter Signed-off-by: Jordan Levin <[email protected]> --------- Signed-off-by: Jordan Levin <[email protected]> * fix ess certs Signed-off-by: Jordan Levin <[email protected]> --------- Signed-off-by: Jordan Levin <[email protected]> --------- Signed-off-by: Jordan Levin <[email protected]>
crossplane-contrib · Mar 18, 2024 · a94bdfc · a94bdfc
1 parent aa4fcc1
commit a94bdfc
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/cmd/provider/main.go b/cmd/provider/main.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
+	"github.com/crossplane/crossplane-runtime/pkg/certificates"
 	xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/feature"
 	"github.com/crossplane/crossplane-runtime/pkg/logging"
@@ -47,6 +48,7 @@ func main() {
 		providerSource   = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
 		providerVersion  = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
 
+		essTLSCertsPath            = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String()
 		namespace                  = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
 		enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
 		enableManagementPolicies   = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool()
@@ -79,7 +81,7 @@ func main() {
 		RenewDeadline:              func() *time.Duration { d := 50 * time.Second; return &d }(),
 	})
 	kingpin.FatalIfError(err, "Cannot create controller manager")
-	kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add Upjet-EC APIs to scheme")
+	kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add Elastic Cloud APIs to scheme")
 	o := tjcontroller.Options{
 		Options: xpcontroller.Options{
 			Logger:                  log,
@@ -97,8 +99,17 @@ func main() {
 
 	if *enableExternalSecretStores {
 		o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind
+		o.ESSOptions = &tjcontroller.ESSOptions{}
 		log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores)
 
+		if *essTLSCertsPath != "" {
+			log.Info("ESS TLS certificates path is set. Loading mTLS configuration.")
+			tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false)
+			kingpin.FatalIfError(err, "Cannot load ESS TLS config.")
+
+			o.ESSOptions.TLSConfig = tCfg
+		}
+
 		// Ensure default store config exists.
 		kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{
 			ObjectMeta: metav1.ObjectMeta{