1
package otelcol
2

3
import (
4
	"fmt"
5
	"time"
6

7
	"github.com/grafana/agent/pkg/river/rivertypes"
8
	otelconfigtls "go.opentelemetry.io/collector/config/configtls"
9
)
10

11
// TLSServerArguments holds shared TLS settings for components which launch
12
// servers with TLS.
13
type TLSServerArguments struct {
14
	TLSSetting TLSSetting `river:",squash"`
15

16
	ClientCAFile string `river:"client_ca_file,attr,optional"`
17
}
18

19
// Convert converts args into the upstream type.
20
func (args *TLSServerArguments) Convert() *otelconfigtls.TLSServerSetting {
21
	if args == nil {
22
		return nil
23
	}
24

25
	return &otelconfigtls.TLSServerSetting{
26
		TLSSetting:   *args.TLSSetting.Convert(),
27
		ClientCAFile: args.ClientCAFile,
28
	}
29
}
30

31
// TLSClientArguments holds shared TLS settings for components which launch
32
// TLS clients.
33
type TLSClientArguments struct {
34
	TLSSetting TLSSetting `river:",squash"`
35

36
	Insecure           bool   `river:"insecure,attr,optional"`
37
	InsecureSkipVerify bool   `river:"insecure_skip_verify,attr,optional"`
38
	ServerName         string `river:"server_name,attr,optional"`
39
}
40

41
// Convert converts args into the upstream type.
42
func (args *TLSClientArguments) Convert() *otelconfigtls.TLSClientSetting {
43
	if args == nil {
44
		return nil
45
	}
46

47
	return &otelconfigtls.TLSClientSetting{
48
		TLSSetting:         *args.TLSSetting.Convert(),
49
		Insecure:           args.Insecure,
50
		InsecureSkipVerify: args.InsecureSkipVerify,
51
		ServerName:         args.ServerName,
52
	}
53
}
54

55
type TLSSetting struct {
56
	CA             string            `river:"ca_pem,attr,optional"`
57
	CAFile         string            `river:"ca_file,attr,optional"`
58
	Cert           string            `river:"cert_pem,attr,optional"`
59
	CertFile       string            `river:"cert_file,attr,optional"`
60
	Key            rivertypes.Secret `river:"key_pem,attr,optional"`
61
	KeyFile        string            `river:"key_file,attr,optional"`
62
	MinVersion     string            `river:"min_version,attr,optional"`
63
	MaxVersion     string            `river:"max_version,attr,optional"`
64
	ReloadInterval time.Duration     `river:"reload_interval,attr,optional"`
65
}
66

67
// UnmarshalRiver implements river.Unmarshaler and reports whether the
68
// unmarshaled TLSConfig is valid.
69
func (t *TLSSetting) UnmarshalRiver(f func(interface{}) error) error {
70
	type tlsSetting TLSSetting
71
	if err := f((*tlsSetting)(t)); err != nil {
72
		return err
73
	}
74

75
	return t.Validate()
76
}
77

78
func (args *TLSSetting) Convert() *otelconfigtls.TLSSetting {
79
	if args == nil {
80
		return nil
81
	}
82

83
	return &otelconfigtls.TLSSetting{
84
		CAPem:          []byte(args.CA),
85
		CAFile:         args.CAFile,
86
		CertPem:        []byte(args.Cert),
87
		CertFile:       args.CertFile,
88
		KeyPem:         []byte(string(args.Key)),
89
		KeyFile:        args.KeyFile,
90
		MinVersion:     args.MinVersion,
91
		MaxVersion:     args.MaxVersion,
92
		ReloadInterval: args.ReloadInterval,
93
	}
94
}
95

96
// Validate reports whether t is valid.
97
func (t *TLSSetting) Validate() error {
98
	if len(t.CA) > 0 && len(t.CAFile) > 0 {
99
		return fmt.Errorf("at most one of ca_pem and ca_file must be configured")
100
	}
101
	if len(t.Cert) > 0 && len(t.CertFile) > 0 {
102
		return fmt.Errorf("at most one of cert_pem and cert_file must be configured")
103
	}
104
	if len(t.Key) > 0 && len(t.KeyFile) > 0 {
105
		return fmt.Errorf("at most one of key_pem and key_file must be configured")
106
	}
107

108
	var (
109
		usingClientCert = len(t.Cert) > 0 || len(t.CertFile) > 0
110
		usingClientKey  = len(t.Key) > 0 || len(t.KeyFile) > 0
111
	)
112

113
	if usingClientCert && !usingClientKey {
114
		return fmt.Errorf("exactly one of key_pem or key_file must be configured when a client certificate is configured")
115
	} else if usingClientKey && !usingClientCert {
116
		return fmt.Errorf("exactly one of cert_pem or cert_file must be configured when a client key is configured")
117
	}
118

119
	return nil
120
}
121

122