Merge pull request #5167 from rabbitmq/mergify/bp/v3.9.x/pr-5165

Add client-side TLS options support to Consul peer discovery (backport #5155) (backport #5165)

(cherry picked from commit 61f2bca)

Conflicts:
	deps/rabbitmq_peer_discovery_common/src/rabbit_peer_discovery_httpc.erl
	deps/rabbitmq_peer_discovery_consul/src/rabbit_peer_discovery_consul.erl

Author: michaelklishin

deps/rabbitmq_peer_discovery_common/src/rabbit_peer_discovery_httpc.erl

@@ -19,12 +19,14 @@
          build_uri/5,
          build_path/1,
          delete/6,
+         delete/7,
          get/5,
          get/7,
          post/6,
          post/8,
          put/6,
          put/7,
+         put/8,
          maybe_configure_proxy/0,
          maybe_configure_inet6/0]).
 
@@ -233,14 +235,38 @@ put(Scheme, Host, Port, Path, Args, Body) ->
   Headers :: list(),
   Body :: string() | binary() | tuple().
 put(Scheme, Host, Port, Path, Args, Headers, Body) ->
+  put(Scheme, Host, Port, Path, Args, Headers, [], Body).
+
+%% @spec put(Scheme, Host, Port, Path, Args, Headers, HttpOptions, Body) -> Result
+%% @where Scheme  = string(),
+%%        Host    = string(),
+%%        Port    = integer(),
+%%        Path    = string(),
+%%        Args    = proplist(),
+%%        Headers = proplist(),
+%%        HttpOpts = proplist(),
+%%        Body    = string(),
+%%        Result  = {ok, mixed}|{error, Reason::string()}
+%% @doc Perform a HTTP PUT request
+%% @end
+%%
+-spec put(Scheme, Host, Port, Path, Args, Headers, HttpOpts, Body) -> {ok, string()} | {error, any()} when
+  Scheme :: atom() | string(),
+  Host :: string() | binary(),
+  Port :: integer(),
+  Path :: string() | binary(),
+  Args :: list(),
+  Headers :: list(),
+  HttpOpts :: list(),
+  Body :: string() | binary() | tuple().
+put(Scheme, Host, Port, Path, Args, Headers, HttpOpts, Body) ->
   URL = build_uri(Scheme, Host, Port, Path, Args),
   _ = rabbit_log:debug("PUT ~s [~p] [~p]", [URL, Headers, Body]),
-  HttpOpts = ensure_timeout(),
-  Response = httpc:request(put, {URL, Headers, ?CONTENT_URLENCODED, Body}, HttpOpts, []),
+  HttpOpts1 = ensure_timeout(HttpOpts),
+  Response = httpc:request(put, {URL, Headers, ?CONTENT_URLENCODED, Body}, HttpOpts1, []),
   _ = rabbit_log:debug("Response: [~p]", [Response]),
   parse_response(Response).
 
-
 %% @public
 %% @spec delete(Scheme, Host, Port, Path, Args, Body) -> Result
 %% @where Scheme = string(),
@@ -257,10 +283,29 @@ delete(Scheme, Host, Port, PathSegments, Args, Body) when is_list(PathSegments)
   Path = uri_string:recompose(#{path => lists:join("/", [rabbit_data_coercion:to_list(PS) || PS <- PathSegments])}),
   delete(Scheme, Host, Port, Path, Args, Body);
 delete(Scheme, Host, Port, Path, Args, Body) ->
+  delete(Scheme, Host, Port, Path, Args, [], Body).
+
+%% @public
+%% @spec delete(Scheme, Host, Port, Path, Args, Body) -> Result
+%% @where Scheme = string(),
+%%        Host   = string(),
+%%        Port   = integer(),
+%%        Path   = string(),
+%%        Args   = proplist(),
+%%        HttpOpts = proplist(),
+%%        Body   = string(),
+%%        Result = {ok, mixed}|{error, Reason::string()}
+%% @doc Perform a HTTP DELETE request
+%% @end
+%%
+delete(Scheme, Host, Port, PathSegments, Args, HttpOpts, Body) when is_list(PathSegments) ->
+  Path = uri_string:recompose(#{path => lists:join("/", [rabbit_data_coercion:to_list(PS) || PS <- PathSegments])}),
+  delete(Scheme, Host, Port, Path, Args, HttpOpts, Body);
+delete(Scheme, Host, Port, Path, Args, HttpOpts, Body) ->
   URL = build_uri(Scheme, Host, Port, Path, Args),
   _ = rabbit_log:debug("DELETE ~s [~p]", [URL, Body]),
-  HttpOpts = ensure_timeout(),
-  Response = httpc:request(delete, {URL, [], ?CONTENT_URLENCODED, Body}, HttpOpts, []),
+  HttpOpts1 = ensure_timeout(HttpOpts),
+  Response = httpc:request(delete, {URL, [], ?CONTENT_URLENCODED, Body}, HttpOpts1, []),
   _ = rabbit_log:debug("Response: [~p]", [Response]),
   parse_response(Response).
 

deps/rabbitmq_peer_discovery_consul/priv/schema/rabbitmq_peer_discovery_consul.schema

@@ -315,3 +315,119 @@ fun(Conf) ->
         Value -> Value
     end
 end}.
+
+
+%%
+%% TLS client options
+%%
+
+{mapping, "cluster_formation.consul.ssl_options", "rabbit.cluster_formation.peer_discovery_consul.ssl_options", [
+    {datatype, {enum, [none]}}
+]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options",
+fun(Conf) ->
+case cuttlefish:conf_get("cluster_formation.consul.ssl_options", Conf, undefined) of
+    none -> [];
+    _    -> cuttlefish:invalid("Invalid cluster_formation.consul.ssl_options")
+end
+end}.
+
+{mapping, "cluster_formation.consul.ssl_options.verify", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.verify", [
+{datatype, {enum, [verify_peer, verify_none]}}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.fail_if_no_peer_cert", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.fail_if_no_peer_cert", [
+{datatype, {enum, [true, false]}}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.cacertfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cacertfile",
+[{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.certfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.certfile",
+[{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.cacerts.$name", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cacerts",
+[{datatype, string}]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cacerts",
+fun(Conf) ->
+Settings = cuttlefish_variable:filter_by_prefix("cluster_formation.consul.ssl_options.cacerts", Conf),
+[ list_to_binary(V) || {_, V} <- Settings ]
+end}.
+
+{mapping, "cluster_formation.consul.ssl_options.cert", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cert",
+[{datatype, string}]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cert",
+fun(Conf) ->
+list_to_binary(cuttlefish:conf_get("cluster_formation.consul.ssl_options.cert", Conf))
+end}.
+
+{mapping, "cluster_formation.consul.ssl_options.crl_check", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.crl_check",
+[{datatype, [{enum, [true, false, peer, best_effort]}]}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.depth", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.depth",
+[{datatype, integer}, {validators, ["byte"]}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.dh", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.dh",
+[{datatype, string}]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options.dh",
+fun(Conf) ->
+list_to_binary(cuttlefish:conf_get("cluster_formation.consul.ssl_options.dh", Conf))
+end}.
+
+{mapping, "cluster_formation.consul.ssl_options.dhfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.dhfile",
+[{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.key.RSAPrivateKey", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.key",
+[{datatype, string}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.key.DSAPrivateKey", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.key",
+[{datatype, string}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.key.PrivateKeyInfo", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.key",
+[{datatype, string}]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options.key",
+fun(Conf) ->
+case cuttlefish_variable:filter_by_prefix("cluster_formation.consul.ssl_options.key", Conf) of
+    [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)};
+    _ -> undefined
+end
+end}.
+
+{mapping, "cluster_formation.consul.ssl_options.keyfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.keyfile",
+[{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.log_alert", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.log_alert",
+[{datatype, {enum, [true, false]}}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.password", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.password",
+[{datatype, string}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.psk_identity", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.psk_identity",
+[{datatype, string}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.reuse_sessions", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.reuse_sessions",
+[{datatype, {enum, [true, false]}}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.secure_renegotiate", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.secure_renegotiate",
+[{datatype, {enum, [true, false]}}]}.
+
+{mapping, "cluster_formation.consul.ssl_options.versions.$version", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.versions",
+[{datatype, atom}]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options.versions",
+fun(Conf) ->
+Settings = cuttlefish_variable:filter_by_prefix("cluster_formation.consul.ssl_options.versions", Conf),
+[V || {_, V} <- Settings]
+end}.
+
+{mapping, "cluster_formation.consul.ssl_options.ciphers.$cipher", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.ciphers",
+[{datatype, string}]}.
+
+{translation, "rabbit.cluster_formation.peer_discovery_consul.ssl_options.ciphers",
+fun(Conf) ->
+Settings = cuttlefish_variable:filter_by_prefix("cluster_formation.consul.ssl_options.ciphers", Conf),
+lists:reverse([V || {_, V} <- Settings])
+end}.