feat(evpn): enable tls on godpu

Signed-off-by: Atul Patel <Atul.Patel@intel.com>
opiproject · May 12, 2024 · 8993f64 · 8993f64
1 parent e4af793
commit 8993f64
Show file tree

Hide file tree

Showing 25 changed files with 301 additions and 86 deletions.
diff --git a/cmd/inventory/inventory-get.go b/cmd/inventory/inventory-get.go
@@ -16,15 +16,16 @@ import (
 // NewGetCommand returns the inventory get command
 func NewGetCommand() *cobra.Command {
 	var (
-		addr string
+		addr     string
+		tlsFiles string
 	)
 	cmd := &cobra.Command{
 		Use:     "get",
 		Aliases: []string{"g"},
 		Short:   "Gets DPU inventory information",
 		Args:    cobra.NoArgs,
 		Run: func(_ *cobra.Command, _ []string) {
-			invClient, err := inventory.New(addr)
+			invClient, err := inventory.New(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could create gRPC client: %v", err)
 			}
@@ -41,6 +42,7 @@ func NewGetCommand() *cobra.Command {
 	}
 	flags := cmd.Flags()
 	flags.StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	flags.StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 	return cmd
 }
 

diff --git a/cmd/ipsec/ipsec-stats.go b/cmd/ipsec/ipsec-stats.go
@@ -15,7 +15,8 @@ import (
 // NewStatsCommand returns the ipsec stats command
 func NewStatsCommand() *cobra.Command {
 	var (
-		addr string
+		addr     string
+		tlsFiles string
 	)
 	cmd := &cobra.Command{
 		Use:     "stats",
@@ -29,6 +30,7 @@ func NewStatsCommand() *cobra.Command {
 	}
 	flags := cmd.Flags()
 	flags.StringVar(&addr, "addr", "localhost:50151", "address or OPI gRPC server")
+	flags.StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 	return cmd
 }
 

diff --git a/cmd/ipsec/ipsec-test.go b/cmd/ipsec/ipsec-test.go
@@ -16,6 +16,7 @@ func NewTestCommand() *cobra.Command {
 	var (
 		addr     string
 		pingaddr string
+		tlsFiles string
 	)
 	cmd := &cobra.Command{
 		Use:     "test",
@@ -30,5 +31,6 @@ func NewTestCommand() *cobra.Command {
 	flags := cmd.Flags()
 	flags.StringVar(&addr, "addr", "localhost:50151", "address or OPI gRPC server")
 	flags.StringVar(&pingaddr, "pingaddr", "localhost", "address of other tunnel end to Ping")
+	flags.StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 	return cmd
 }
diff --git a/cmd/network/evpn-bridge-port.go b/cmd/network/evpn-bridge-port.go
@@ -22,14 +22,15 @@ func CreateBridgePort() *cobra.Command {
 	var mac string
 	var bridgePortType string
 	var logicalBridges []string
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "create-bp",
 		Short: "Create a bridge port",
 		Long:  "Create a BridgePort with the specified name, MAC address, type, and VLAN IDs",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewBridgePort(addr)
+			evpnClient, err := network.NewBridgePort(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -50,6 +51,7 @@ func CreateBridgePort() *cobra.Command {
 	cmd.Flags().StringVarP(&bridgePortType, "type", "t", "", "Specify the type (access or trunk)")
 	cmd.Flags().StringSliceVar(&logicalBridges, "logicalBridges", []string{}, "Specify VLAN IDs (multiple values supported)")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 
 	if err := cmd.MarkFlagRequired("mac"); err != nil {
 		log.Fatalf("Error marking flag as required: %v", err)
@@ -73,14 +75,15 @@ func DeleteBridgePort() *cobra.Command {
 	var addr string
 	var name string
 	var allowMissing bool
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "delete-bp",
 		Short: "Delete a bridge port",
 		Long:  "Delete a BridgePort with the specified name",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewBridgePort(addr)
+			evpnClient, err := network.NewBridgePort(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -98,6 +101,7 @@ func DeleteBridgePort() *cobra.Command {
 	cmd.Flags().StringVarP(&name, "name", "n", "", "Specify the name of the BridgePort")
 	cmd.Flags().BoolVarP(&allowMissing, "allowMissing", "a", false, "Specify if missing allowed")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 
 	return cmd
 }
@@ -106,14 +110,15 @@ func DeleteBridgePort() *cobra.Command {
 func GetBridgePort() *cobra.Command {
 	var addr string
 	var name string
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "get-bp",
 		Short: "Show details of a bridge port",
 		Long:  "Show details of a BridgePort with the specified name",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewBridgePort(addr)
+			evpnClient, err := network.NewBridgePort(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -131,6 +136,7 @@ func GetBridgePort() *cobra.Command {
 
 	cmd.Flags().StringVarP(&name, "name", "n", "", "Specify the name of the BridgePort")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 
 	if err := cmd.MarkFlagRequired("name"); err != nil {
 		log.Fatalf("Error marking flag as required: %v", err)
@@ -143,13 +149,14 @@ func ListBridgePorts() *cobra.Command {
 	var addr string
 	var pageSize int32
 	var pageToken string
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "list-bps",
 		Short: "Show details of all bridge ports",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewBridgePort(addr)
+			evpnClient, err := network.NewBridgePort(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -179,6 +186,8 @@ func ListBridgePorts() *cobra.Command {
 	cmd.Flags().Int32VarP(&pageSize, "pagesize", "s", 0, "Specify page size")
 	cmd.Flags().StringVarP(&pageToken, "pagetoken", "t", "", "Specify the token")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
+
 	return cmd
 }
 
@@ -188,14 +197,15 @@ func UpdateBridgePort() *cobra.Command {
 	var name string
 	var updateMask []string
 	var allowMissing bool
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "update-bp",
 		Short: "Update the bridge port",
 		Long:  "updates the Bridge Port with updated mask",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewBridgePort(addr)
+			evpnClient, err := network.NewBridgePort(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -215,5 +225,7 @@ func UpdateBridgePort() *cobra.Command {
 	cmd.Flags().StringSliceVar(&updateMask, "update-mask", nil, "update mask")
 	cmd.Flags().BoolVarP(&allowMissing, "allowMissing", "a", false, "allow the missing")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
+
 	return cmd
 }
diff --git a/cmd/network/evpn-logical-brige.go b/cmd/network/evpn-logical-brige.go
@@ -22,6 +22,7 @@ func CreateLogicalBridge() *cobra.Command {
 	var vlanID uint32
 	var vni uint32
 	var vtep string
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "create-lb",
@@ -30,7 +31,7 @@ func CreateLogicalBridge() *cobra.Command {
 		Run: func(_ *cobra.Command, _ []string) {
 			var vniparam *uint32
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewLogicalBridge(addr)
+			evpnClient, err := network.NewLogicalBridge(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could create gRPC client: %v", err)
 			}
@@ -54,6 +55,7 @@ func CreateLogicalBridge() *cobra.Command {
 	cmd.Flags().Uint32VarP(&vlanID, "vlan-id", "v", 0, "Specify the VLAN ID")
 	cmd.Flags().Uint32VarP(&vni, "vni", "i", 0, "Specify the VNI")
 	cmd.Flags().StringVar(&vtep, "vtep", "", "VTEP IP address")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 
 	if err := cmd.MarkFlagRequired("addr"); err != nil {
 		log.Fatalf("Error marking flag as required: %v", err)
@@ -75,14 +77,15 @@ func DeleteLogicalBridge() *cobra.Command {
 	var addr string
 	var name string
 	var allowMissing bool
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "delete-lb",
 		Short: "Delete a logical bridge",
 		Long:  "Delete a logical bridge with the specified name",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewLogicalBridge(addr)
+			evpnClient, err := network.NewLogicalBridge(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -100,6 +103,7 @@ func DeleteLogicalBridge() *cobra.Command {
 	cmd.Flags().StringVarP(&name, "name", "n", "", "Specify the name of the BridgePort")
 	cmd.Flags().BoolVarP(&allowMissing, "allowMissing", "a", false, "Specify allow missing")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 
 	if err := cmd.MarkFlagRequired("name"); err != nil {
 		log.Fatalf("Error marking flag as required: %v", err)
@@ -111,14 +115,15 @@ func DeleteLogicalBridge() *cobra.Command {
 func GetLogicalBridge() *cobra.Command {
 	var addr string
 	var name string
+	var tlsFiles string
 
 	cmd := &cobra.Command{
 		Use:   "get-lb",
 		Short: "Show details of a logical bridge",
 		Long:  "Show details of a logical bridge with the specified name",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewLogicalBridge(addr)
+			evpnClient, err := network.NewLogicalBridge(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -136,6 +141,8 @@ func GetLogicalBridge() *cobra.Command {
 
 	cmd.Flags().StringVarP(&name, "name", "n", "", "Specify the name of the BridgePort")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
+
 	if err := cmd.MarkFlagRequired("name"); err != nil {
 		log.Fatalf("Error marking flag as required: %v", err)
 	}
@@ -148,12 +155,14 @@ func ListLogicalBridges() *cobra.Command {
 	var addr string
 	var pageSize int32
 	var pageToken string
+	var tlsFiles string
+
 	cmd := &cobra.Command{
 		Use:   "list-lbs",
 		Short: "Show details of all logical bridges",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewLogicalBridge(addr)
+			evpnClient, err := network.NewLogicalBridge(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -185,6 +194,8 @@ func ListLogicalBridges() *cobra.Command {
 	cmd.Flags().Int32VarP(&pageSize, "pagesize", "s", 0, "Specify page size")
 	cmd.Flags().StringVarP(&pageToken, "pagetoken", "t", "", "Specify the token")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
+
 	return cmd
 }
 
@@ -194,12 +205,14 @@ func UpdateLogicalBridge() *cobra.Command {
 	var name string
 	var allowMissing bool
 	var updateMask []string
+	var tlsFiles string
+
 	cmd := &cobra.Command{
 		Use:   "update-lb",
 		Short: "update the logical bridge",
 		Run: func(_ *cobra.Command, _ []string) {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-			evpnClient, err := network.NewLogicalBridge(addr)
+			evpnClient, err := network.NewLogicalBridge(addr, tlsFiles)
 			if err != nil {
 				log.Fatalf("could not create gRPC client: %v", err)
 			}
@@ -217,6 +230,7 @@ func UpdateLogicalBridge() *cobra.Command {
 	cmd.Flags().StringSliceVar(&updateMask, "update-mask", nil, "update mask")
 	cmd.Flags().StringVar(&addr, "addr", "localhost:50151", "address of OPI gRPC server")
 	cmd.Flags().BoolVarP(&allowMissing, "allowMissing", "a", false, "Specify allow missing")
+	cmd.Flags().StringVar(&tlsFiles, "tls", "", "TLS files in client_cert:client_key:ca_cert format.")
 
 	return cmd
 }