feat: add tls support to konnect client

Relies on Kong/go-database-reconciler#52

cmd/common.go

@@ -172,6 +172,7 @@ func syncMain(ctx context.Context, filenames []string, dry bool, parallelism,
 		if konnectRuntimeGroup != "" {
 			konnectControlPlane = konnectRuntimeGroup
 		}
+		konnectConfig.TLSConfig = rootConfig.TLSConfig
 		kongClient, err = GetKongClientForKonnectMode(ctx, &konnectConfig)
 		if err != nil {
 			return err

cmd/common_konnect.go

@@ -32,7 +32,10 @@ func authenticate(
 func GetKongClientForKonnectMode(
 	ctx context.Context, konnectConfig *utils.KonnectConfig,
 ) (*kong.Client, error) {
-	httpClient := utils.HTTPClient()
+	httpClient, err := utils.HTTPClientWithTLSConfig(konnectConfig.TLSConfig)
+	if err != nil {
+		return nil, err
+	}
 
 	if konnectConfig.Token != "" {
 		konnectConfig.Headers = append(
@@ -45,7 +48,6 @@ func GetKongClientForKonnectMode(
 	}
 
 	// authenticate with konnect
-	var err error
 	var konnectClient *konnect.Client
 	var konnectAddress string
 	// get Konnect client
@@ -75,6 +77,7 @@ func GetKongClientForKonnectMode(
 		Debug:      konnectConfig.Debug,
 		Headers:    konnectConfig.Headers,
 		Retryable:  true,
+		TLSConfig:  konnectConfig.TLSConfig,
 	})
 }
 
@@ -86,6 +89,7 @@ func resetKonnectV2(ctx context.Context) error {
 		konnectControlPlane = defaultControlPlaneName
 	}
 	dumpConfig.KonnectControlPlane = konnectControlPlane
+	konnectConfig.TLSConfig = rootConfig.TLSConfig
 	client, err := GetKongClientForKonnectMode(ctx, &konnectConfig)
 	if err != nil {
 		return err
@@ -113,6 +117,7 @@ func dumpKonnectV2(ctx context.Context) error {
 		konnectControlPlane = defaultControlPlaneName
 	}
 	dumpConfig.KonnectControlPlane = konnectControlPlane
+	konnectConfig.TLSConfig = rootConfig.TLSConfig
 	client, err := GetKongClientForKonnectMode(ctx, &konnectConfig)
 	if err != nil {
 		return err

cmd/gateway_ping.go

@@ -50,12 +50,16 @@ can connect to Kong's Admin API.`,
 }
 
 func pingKonnect(ctx context.Context) error {
-	// get Konnect client
-	httpClient := utils.HTTPClient()
+	konnectConfig.TLSConfig = rootConfig.TLSConfig
 	_, err := GetKongClientForKonnectMode(ctx, &konnectConfig)
 	if err != nil {
 		return err
 	}
+	// get Konnect client
+	httpClient, err := utils.HTTPClientWithTLSConfig(rootConfig.TLSConfig)
+	if err != nil {
+		return err
+	}
 	konnectClient, err := utils.GetKonnectClient(httpClient, konnectConfig)
 	if err != nil {
 		return err

cmd/root.go

@@ -312,9 +312,11 @@ func initConfig() {
 	}
 
 	rootConfig.Address = viper.GetString("kong-addr")
-	rootConfig.TLSServerName = viper.GetString("tls-server-name")
-	rootConfig.TLSSkipVerify = viper.GetBool("tls-skip-verify")
-	rootConfig.TLSCACert = caCertContent
+
+	tlsServerName := viper.GetString("tls-server-name")
+	tlsSkipVerify := viper.GetBool("tls-skip-verify")
+	tlsCACert := caCertContent
+
 	rootConfig.Headers = extendHeaders(viper.GetStringSlice("headers"))
 	rootConfig.SkipWorkspaceCrud = viper.GetBool("skip-workspace-crud")
 	rootConfig.Debug = (viper.GetInt("verbose") >= 1)
@@ -334,7 +336,7 @@ func initConfig() {
 			clientCertContent = strings.TrimRight(clientCertContent, "\n")
 		}
 	}
-	rootConfig.TLSClientCert = clientCertContent
+	tlsClientCert := clientCertContent
 
 	clientKeyContent := viper.GetString("tls-client-key")
 
@@ -350,15 +352,23 @@ func initConfig() {
 			clientKeyContent = strings.TrimRight(clientKeyContent, "\n")
 		}
 	}
-	rootConfig.TLSClientKey = clientKeyContent
+	tlsClientKey := clientKeyContent
 
-	if (rootConfig.TLSClientKey == "" && rootConfig.TLSClientCert != "") ||
-		(rootConfig.TLSClientKey != "" && rootConfig.TLSClientCert == "") {
+	if (tlsClientKey == "" && tlsClientCert != "") ||
+		(tlsClientKey != "" && tlsClientCert == "") {
 		fmt.Printf("tls-client-cert and tls-client-key / tls-client-cert-file and tls-client-key-file " +
 			"must be used in conjunction but only one was provided")
 		os.Exit(1)
 	}
 
+	rootConfig.TLSConfig = utils.TLSConfig{
+		ServerName: tlsServerName,
+		SkipVerify: tlsSkipVerify,
+		CACert:     tlsCACert,
+		ClientCert: tlsClientCert,
+		ClientKey:  tlsClientKey,
+	}
+
 	// cookie-jar support
 	rootConfig.CookieJarPath = viper.GetString("kong-cookie-jar-path")
 

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/fatih/color v1.15.0
 	github.com/google/go-cmp v0.6.0
 	github.com/kong/go-apiops v0.1.29
-	github.com/kong/go-database-reconciler v1.4.0
+	github.com/kong/go-database-reconciler v1.5.0
 	github.com/kong/go-kong v0.51.1-0.20240125175037-0c077f5b9ac7
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/spf13/cobra v1.8.0
@@ -92,7 +92,7 @@ require (
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
-	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
+	github.com/shirou/gopsutil/v3 v3.24.1 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect

go.sum

@@ -182,8 +182,8 @@ github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y7
 github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/kong/go-apiops v0.1.29 h1:c+AB8MmGIr+K01Afm4GB2xaOmJnD/8KWMJQkr9qssnc=
 github.com/kong/go-apiops v0.1.29/go.mod h1:ZNdiTZyVrAssB4wjEYWV7BfpcV9UME9LxnDDZhMPuNU=
-github.com/kong/go-database-reconciler v1.4.0 h1:JlKLXUTqdq2vYABJMTiq5h3RJsn7J4EeW+wTA2ojYYk=
-github.com/kong/go-database-reconciler v1.4.0/go.mod h1:Q4WgHd6b9oDid+EG8sXhArmL7R/wpA0A/8tI9w37BxU=
+github.com/kong/go-database-reconciler v1.5.0 h1:OHUmFFse5nUqcO7FvChITBK9PoXEhZdw95dE4arlhxs=
+github.com/kong/go-database-reconciler v1.5.0/go.mod h1:KtstdZjxNI7+jZJRT896iDsS0Yte1x1sX4B2TaaASgk=
 github.com/kong/go-kong v0.51.1-0.20240125175037-0c077f5b9ac7 h1:/iV93Gwv410lIeJx8VCfCA4fpuvSuTw2LqZpDXsIE9Q=
 github.com/kong/go-kong v0.51.1-0.20240125175037-0c077f5b9ac7/go.mod h1:YNkLvjxfOqS+BZ1J2YWOy/83wc26JM5QJbAukoeg1sY=
 github.com/kong/go-slugify v1.0.0 h1:vCFAyf2sdoSlBtLcrmDWUFn0ohlpKiKvQfXZkO5vSKY=
@@ -285,8 +285,8 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPO
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shirou/gopsutil/v3 v3.23.12 h1:z90NtUkp3bMtmICZKpC4+WaknU1eXtp5vtbQ11DgpE4=
-github.com/shirou/gopsutil/v3 v3.23.12/go.mod h1:1FrWgea594Jp7qmjHUUPlJDTPgcsb9mGnXDxavtikzM=
+github.com/shirou/gopsutil/v3 v3.24.1 h1:R3t6ondCEvmARp3wxODhXMTLC/klMa87h2PHUw5m7QI=
+github.com/shirou/gopsutil/v3 v3.24.1/go.mod h1:UU7a2MSBQa+kW1uuDq8DeEBS8kmrnQwsv2b5O513rwU=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
 github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
 github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
@@ -420,7 +420,6 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=