Initial version

Author: everesio

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: https://paypal.me/grepplabs?locale.x=en_GB

.github/workflows/tests.yaml

@@ -0,0 +1,35 @@
+name: tests
+
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+          check-latest: true
+      - run: go version
+      - name: Vendor
+        run: go mod vendor
+      - name: Build
+        run: go build -v ./...
+      - name: Vet
+        run: go vet ./...
+      - name: Test
+        run: go test -count=1 -v ./...
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: v1.56.2
+          skip-pkg-cache: true
+          skip-build-cache: true

.golangci.yml

@@ -0,0 +1,34 @@
+# options for analysis running
+run:
+  # exit code when at least one issue was found, default is 1
+  issues-exit-code: 1
+
+  # which dirs to skip: they won't be analyzed;
+  # can use regexp here: generated.*, regexp is applied on full path;
+  # default value is empty list, but next dirs are always skipped independently
+  # from this option's value:
+  #     vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  skip-dirs:
+    - vendor
+
+linters:
+  enable:
+    - errcheck
+    - goconst
+    - godot
+    - gofmt
+    - goimports
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unparam
+    - unused
+    - exportloopref
+
+issues:
+  exclude-rules:
+    - path: _test\.go
+      linters:
+      - unparam

Makefile

@@ -0,0 +1,38 @@
+.DEFAULT_GOAL := help
+
+ROOT_DIR      := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+default: help
+
+.PHONY: help
+help:
+	@grep -E '^[a-zA-Z%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: test
+test: ## Test
+	GO111MODULE=on go test -count=1 -mod=vendor -v ./...
+
+.PHONY: fmt
+fmt: ## Go format
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Go vet
+	go vet ./...
+
+.PHONY: lint
+lint: ## Lint
+	@golangci-lint run
+
+.PHONY: deps
+deps: ## Get dependencies
+	GO111MODULE=on go get ./...
+
+.PHONY: vendor
+vendor: ## Go vendor
+	GO111MODULE=on go mod vendor
+
+.PHONY: tidy
+tidy: ## Go tidy
+	GO111MODULE=on go mod tidy
+

README.md

@@ -0,0 +1,9 @@
+# cert-source
+
+[![Release](https://img.shields.io/github/v/release/grepplabs/cert-source?sort=semver)](https://github.com/grepplabs/cert-source/releases)
+![Build](https://github.com/grepplabs/cert-source/workflows/tests/badge.svg)
+
+## Overview
+
+The cert-source is a library designed to help with loading of TLS certificates and to streamline the process of
+certificate rotation.

config/config.go

@@ -0,0 +1,31 @@
+package config
+
+import (
+	"time"
+)
+
+type TLSServerConfig struct {
+	Enable  bool           `help:"Enable server-side TLS."`
+	Refresh time.Duration  `default:"0s" help:"Interval for refreshing server TLS certificates."`
+	File    TLSServerFiles `embed:"" prefix:"file."`
+}
+
+type TLSServerFiles struct {
+	Key       string `placeholder:"FILE" help:"Path to the server TLS key file."`
+	Cert      string `placeholder:"FILE" help:"Path to the server TLS certificate file."`
+	ClientCAs string `placeholder:"FILE" name:"client-ca" help:"Optional path to server client CA file for client verification."`
+	ClientCLR string `placeholder:"FILE" name:"client-clr" help:"TLS X509 CLR signed be the client CA. If no revocation list is specified, only client CA is verified."`
+}
+
+type TLSClientConfig struct {
+	Enable             bool           `help:"Enable client-side TLS."`
+	Refresh            time.Duration  `default:"0s" help:"Interval for refreshing client TLS certificates."`
+	InsecureSkipVerify bool           `help:"Skip TLS verification on client side."`
+	File               TLSClientFiles `embed:"" prefix:"file."`
+}
+
+type TLSClientFiles struct {
+	Key     string `placeholder:"FILE" help:"Optional path to client TLS key file."`
+	Cert    string `placeholder:"FILE" help:"Optional path to client TLS certificate file."`
+	RootCAs string `placeholder:"FILE" name:"root-ca" help:"Optional path to client root CAs for server verification."`
+}

go.mod

@@ -1,3 +1,11 @@
 module github.com/grepplabs/cert-source
 
 go 1.21
+
+require github.com/stretchr/testify v1.8.4
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -0,0 +1,10 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=