Merge pull request #432 from intelligentfu8/cg-rename

[Feature]dorisctl support tls access

Author: smiletan

Makefile

@@ -111,7 +111,7 @@ else
 endif
 
 .PHONY: build
-build: manifests generate fmt vet helm ## Build manager binary.
+build: manifests generate vet helm ## Build manager binary.
 	go build -ldflags=$(LDFLAGS) -o bin/dorisoperator cmd/operator/main.go
 	go build -ldflags=$(LDFLAGS) -o bin/dorisctl cmd/dorisctl/main.go
 	go build -o bin/doris-debug cmd/doris-debug/main.go

cmd/dorisctl/root_command/cmd.go

@@ -17,11 +17,12 @@
 package root_command
 
 import (
+	"io"
+
 	"github.com/apache/doris-operator/pkg/common/cmd/get"
 	"github.com/apache/doris-operator/pkg/common/cmd/templates"
 	cmdutil "github.com/apache/doris-operator/pkg/common/cmd/util"
 	"github.com/spf13/cobra"
-	"io"
 )
 
 func NewDorisctlCommand(out io.Writer) (*cobra.Command, error) {
@@ -40,6 +41,9 @@ func NewDorisctlCommand(out io.Writer) (*cobra.Command, error) {
 	flags.StringVar(&dc.User, "user", "", "The name of user to access doris.")
 	flags.StringVar(&dc.Password, "password", "", "The password of login in doris.")
 	flags.IntVar(&dc.QueryPort, "query-port", 9030, "The FE mysql protocol listen port")
+	flags.StringVar(&dc.SSLCaPath, "ssl-ca", "", "the root certificate path.")
+	flags.StringVar(&dc.SSLCrtPath, "ssl-cert", "", "the client certificate path.")
+	flags.StringVar(&dc.SSLKeyPath, "ssl-key", "", "the client private key path")
 	groups := templates.CommandGroups{
 		{
 			Message: "Basic Commands (Beginner):",

pkg/common/cmd/get/get.go

@@ -25,7 +25,6 @@ import (
     "github.com/spf13/cobra"
     "github.com/tidwall/gjson"
     "io"
-    "strconv"
     "strings"
 )
 
@@ -73,7 +72,7 @@ func (o *GetOptions) getComputeGroup(computeGroupName string) {
 
 //getNode get the node details information.
 func (o *GetOptions) getNode(node string) {
-    c, err := cmdutil.NewDorisClient(o.dc.User, o.dc.Password, o.dc.FeHost, strconv.Itoa(o.dc.QueryPort))
+    c, err := cmdutil.NewDorisClient(o.dc)
     if err != nil {
         fmt.Fprintf(o.out, "%s\n", err.Error())
         return

pkg/common/cmd/util/client.go

@@ -17,11 +17,17 @@
 package cmdutil
 
 import (
-    "errors"
-    "fmt"
-    "github.com/apache/doris-operator/pkg/common/cmd/types"
-    _ "github.com/go-sql-driver/mysql"
-    "github.com/jmoiron/sqlx"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/apache/doris-operator/pkg/common/cmd/types"
+	"github.com/go-sql-driver/mysql"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/jmoiron/sqlx"
 )
 
 //Client provides abstractions that access doris cluster methods.
@@ -31,16 +37,47 @@ type Client interface {
 }
 
 var _ Client = &DorisClient{}
+
 type DorisClient struct {
     db *sqlx.DB
 }
 
-func NewDorisClient(user, password, host, queryPort string) (*DorisClient, error) {
+func  NewDorisClient(dc *DorisConfig) (*DorisClient, error) {
+	user := dc.User
+	password := dc.Password
+	host := dc.FeHost
+	queryPort := strconv.Itoa(dc.QueryPort)
     dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s", user, password, host, queryPort, "mysql")
-    db, err := sqlx.Open("mysql", dsn)
-    if err != nil {
-        return nil, errors.New("NewDorisSqlDB sqlx.Open failed open doris sql client connection, err: "+ err.Error())
+	rootCertPool := x509.NewCertPool()
+    if dc.SSLCaPath != "" {
+        pem, err := os.ReadFile(dc.SSLCaPath)
+        if err != nil {
+            return nil, errors.New("read root ca cert failed," + err.Error())
+        }
+
+        if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+            return nil, errors.New("Failed to append ca cert or pem failed.")
+        }
+
+        clientCerts := make([]tls.Certificate, 0, 1)
+        cCert, err := tls.LoadX509KeyPair(dc.SSLCrtPath, dc.SSLKeyPath)
+        if err != nil {
+            return nil, errors.New("load x509 key pair failed," + err.Error())
+        }
+
+        clientCerts = append(clientCerts, cCert)
+        if err = mysql.RegisterTLSConfig("doris", &tls.Config{
+            RootCAs:      rootCertPool,
+            Certificates: clientCerts,
+        }); err != nil {
+            return nil, errors.New("register tls config failed," + err.Error())
+        }
+        dsn = dsn + "?tls=doris"
     }
+	db, err := sqlx.Open("mysql", dsn)
+	if err != nil {
+		return nil, errors.New("NewDorisSqlDB sqlx.Open failed open doris sql client connection, err: " + err.Error())
+	}
 
     return &DorisClient{
         db:db,

pkg/common/cmd/util/doris_conf.go

@@ -17,8 +17,11 @@
 package cmdutil
 
 type DorisConfig struct {
-    FeHost string
-    QueryPort int
-    User string
-    Password string
+	FeHost     string
+	QueryPort  int
+	User       string
+	Password   string
+	SSLCrtPath string
+	SSLCaPath  string
+	SSLKeyPath string
 }