Use more structured frontend mode configuration

PiperOrigin-RevId: 574125373
google · Oct 17, 2023 · 75ecbd7 · 75ecbd7
1 parent fbb0e85
commit 75ecbd7
Show file tree

Hide file tree

Showing 9 changed files with 479 additions and 298 deletions.
diff --git a/fleetspeak/src/server/components/components.go b/fleetspeak/src/server/components/components.go
@@ -28,7 +28,6 @@ import (
 
 	"google.golang.org/grpc"
 
-	log "github.com/golang/glog"
 	"github.com/google/fleetspeak/fleetspeak/src/server"
 	"github.com/google/fleetspeak/fleetspeak/src/server/admin"
 	"github.com/google/fleetspeak/fleetspeak/src/server/authorizer"
@@ -96,29 +95,15 @@ func MakeComponents(cfg *cpb.Config) (*server.Components, error) {
 			l = &chttps.ProxyListener{l}
 		}
 		comm, err = https.NewCommunicator(https.Params{
-			Listener:         l,
-			Cert:             []byte(hcfg.Certificates),
-			ClientCertHeader: hcfg.ClientCertificateHeader,
-			FrontendMode:     hcfg.FrontendMode,
-			Key:              []byte(hcfg.Key),
-			Streaming:        !hcfg.DisableStreaming,
+			Listener:       l,
+			Cert:           []byte(hcfg.Certificates),
+			FrontendConfig: hcfg.GetFrontendConfig(),
+			Key:            []byte(hcfg.Key),
+			Streaming:      !hcfg.DisableStreaming,
 		})
 		if err != nil {
 			return nil, fmt.Errorf("failed to create communicator: %v", err)
 		}
-		if hcfg.FrontendMode != cpb.FrontendMode_MTLS {
-			log.Warningln("####################################################################")
-			log.Warningln("# Note:                                                            #")
-			log.Warningln("#  Your are running Fleetspeak in a frontend mode other than mTLS. #")
-			log.Warningln("#  This only makes sense if you run Fleetspeak frontends behind a  #")
-			log.Warningln("#  TLS-terminating load balancer.                                  #")
-			log.Warningln("####################################################################")
-		}
-		if (hcfg.FrontendMode == cpb.FrontendMode_MTLS && hcfg.ClientCertificateHeader != "") ||
-			(hcfg.FrontendMode == cpb.FrontendMode_HEADER_TLS && hcfg.ClientCertificateHeader == "") {
-			return nil, fmt.Errorf("Invalid frontend mode combination for running Fleetspeak: frontendMode=%s, clientCertificateHeader=%s",
-				hcfg.FrontendMode, hcfg.ClientCertificateHeader)
-		}
 	}
 	// Notification setup.
 	var nn notifications.Notifier