Support NonTLS option for testing purpose only. (#67)

* server changes * remove opts declaration * working server with noTLS * add proper spaceing * fix build failure
sonic-net · Feb 3, 2021 · c9a0cb2 · c9a0cb2
1 parent 915c71f
commit c9a0cb2
Showing 1 changed file with 31 additions and 26 deletions.
diff --git a/telemetry/telemetry.go b/telemetry/telemetry.go
@@ -21,6 +21,7 @@ var (
  serverCert = flag.String("server_crt", "", "TLS server certificate")
  serverKey = flag.String("server_key", "", "TLS server private key")
  insecure = flag.Bool("insecure", false, "Skip providing TLS cert and key, for testing only!")
+ noTLS = flag.Bool("noTLS", false, "disable TLS, for testing only!")
  allowNoClientCert = flag.Bool("allow_no_client_auth", false, "When set, telemetry server will request but not require a client certificate.")
 )
 
@@ -32,46 +33,50 @@ func main() {
  log.Errorf("port must be > 0.")
  return
  }
- var certificate tls.Certificate
- var err error
 
- if *insecure {
- certificate, err = testcert.NewCert()
- if err != nil {
- log.Exitf("could not load server key pair: %s", err)
- }
- } else {
- switch {
- case *serverCert == "":
- log.Errorf("serverCert must be set.")
- return
- case *serverKey == "":
- log.Errorf("serverKey must be set.")
- return
- }
- certificate, err = tls.LoadX509KeyPair(*serverCert, *serverKey)
- if err != nil {
- log.Exitf("could not load server key pair: %s", err)
+ cfg := &gnmi.Config{}
+ cfg.Port = int64(*port)
+ var opts []grpc.ServerOption
+
+ if !*noTLS {
+ var certificate tls.Certificate
+ var err error
+ if *insecure {
+ certificate, err = testcert.NewCert()
+ if err != nil {
+ log.Exitf("could not load server key pair: %s", err)
+ }
+ } else {
+ switch {
+ case *serverCert == "":
+ log.Errorf("serverCert must be set.")
+ return
+ case *serverKey == "":
+ log.Errorf("serverKey must be set.")
+ return
+ }
+ certificate, err = tls.LoadX509KeyPair(*serverCert, *serverKey)
+ if err != nil {
+ log.Exitf("could not load server key pair: %s", err)
+ }
  }
- }
 
- tlsCfg := &tls.Config{
+  tlsCfg := &tls.Config{
  ClientAuth: tls.RequireAndVerifyClientCert,
  Certificates: []tls.Certificate{certificate},
  MinVersion: tls.VersionTLS12,
  CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
  PreferServerCipherSuites: true,
  CipherSuites: []uint16{
-
  tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
  tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
  tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
  tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  },
-
  }
+
  if *allowNoClientCert {
  // RequestClientCert will ask client for a certificate but won't
  // require it to proceed. If certificate is provided, it will be
@@ -91,9 +96,9 @@ func main() {
  tlsCfg.ClientCAs = certPool
  }
 
- opts := []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))}
- cfg := &gnmi.Config{}
- cfg.Port = int64(*port)
+ opts = []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))}
+}
+
  s, err := gnmi.NewServer(cfg, opts)
  if err != nil {
  log.Errorf("Failed to create gNMI server: %v", err)