github.com/pingcap/tiup@v1.15.1/components/cluster/command/tls.go

github.com/pingcap/tiup@v1.15.1/components/cluster/command/tls.go (about)

     1  // Copyright 2021 PingCAP, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  package command
    15  
    16  import (
    17  	"strings"
    18  
    19  	perrs "github.com/pingcap/errors"
    20  	"github.com/spf13/cobra"
    21  )
    22  
    23  func newTLSCmd() *cobra.Command {
    24  	var (
    25  		reloadCertificate bool // reload certificate when the cluster enable encrypted communication
    26  		cleanCertificate  bool // cleanup certificate when the cluster disable encrypted communication
    27  		enableTLS         bool
    28  	)
    29  
    30  	cmd := &cobra.Command{
    31  		Use:   "tls <cluster-name> <enable/disable>",
    32  		Short: "Enable/Disable TLS between TiDB components",
    33  		RunE: func(cmd *cobra.Command, args []string) error {
    34  			if len(args) != 2 {
    35  				return cmd.Help()
    36  			}
    37  
    38  			if err := validRoles(gOpt.Roles); err != nil {
    39  				return err
    40  			}
    41  			clusterName := args[0]
    42  			clusterReport.ID = scrubClusterName(clusterName)
    43  			teleCommand = append(teleCommand, scrubClusterName(clusterName))
    44  
    45  			switch strings.ToLower(args[1]) {
    46  			case "enable":
    47  				enableTLS = true
    48  			case "disable":
    49  				enableTLS = false
    50  			default:
    51  				return perrs.New("enable or disable must be specified at least one")
    52  			}
    53  
    54  			if enableTLS && cleanCertificate {
    55  				return perrs.New("clean-certificate only works when tls disable")
    56  			}
    57  
    58  			if !enableTLS && reloadCertificate {
    59  				return perrs.New("reload-certificate only works when tls enable")
    60  			}
    61  
    62  			return cm.TLS(clusterName, gOpt, enableTLS, cleanCertificate, reloadCertificate, skipConfirm)
    63  		},
    64  	}
    65  
    66  	cmd.Flags().BoolVar(&cleanCertificate, "clean-certificate", false, "Cleanup the certificate file if it already exists when tls disable")
    67  	cmd.Flags().BoolVar(&reloadCertificate, "reload-certificate", false, "Load the certificate file whether it exists or not when tls enable")
    68  	cmd.Flags().BoolVar(&gOpt.Force, "force", false, "Force enable/disable tls regardless of the current state")
    69  
    70  	return cmd
    71  }