trying certificates

config/config.go

@@ -67,6 +67,10 @@ type ServerConfig struct {
 	ClientSecret          string `yaml:"clientsecret"`
 	FrontendURL           string `yaml:"frontendurl"`
 	EtcdAddresses         string `yaml:"etcdaddresses"`
+	EtcdCertPath          string `yaml:"etcdcertpath"`
+	EtcdCACertPath        string `yaml:"etcdcacertpath"`
+	EtcdKeyPath           string `yaml:"etcdkeypath"`
+	EtcdSSL               string `yaml:"etcdssl"`
 }
 
 // Generic SQL Config

database/etcd.go

@@ -9,6 +9,7 @@ import (
 	"time"
 	"context"
 	"go.etcd.io/etcd/client/v3"
+	"go.etcd.io/etcd/client/pkg/v3/transport"
 	"github.com/gravitl/netmaker/servercfg"
 )
 
@@ -49,12 +50,30 @@ func parseEtcdAddresses(addresses string) string {
 }
 
 func initEtcdDatabase() error {
+
 	addresses := parseEtcdAddresses(servercfg.GetEtcdAddresses())
 	var err error
 	EtcdDatabase, err = clientv3.New(clientv3.Config{
 		Endpoints:   []string{addresses},
 		DialTimeout: 5 * time.Second,
 	})
+	if servercfg.IsEtcdSSL() {
+		tlsInfo := transport.TLSInfo{
+			KeyFile:        servercfg.GetEtcdKeyPath(),
+			CertFile:       servercfg.GetEtcdCertPath(),
+			TrustedCAFile:  servercfg.GetEtcdCACertPath(),
+			ClientCertAuth: true,
+		}
+		tlsConfig, errN := tlsInfo.ClientConfig()
+		if errN != nil {
+			return errN
+		}
+		EtcdDatabase, err = clientv3.New(clientv3.Config{
+			Endpoints:   []string{addresses},
+			DialTimeout: 5 * time.Second,
+			TLS: tlsConfig,
+		})	
+	}
 	if err != nil {
 		return err
 	} else if EtcdDatabase == nil {

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	github.com/txn2/txeh v1.3.0
 	github.com/urfave/cli/v2 v2.3.0
+	go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.1 // indirect
 	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
 	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect

servercfg/serverconf.go

@@ -494,6 +494,51 @@ func GetEtcdAddresses() string {
 	return addresses
 }
 
+func GetEtcdCertPath() string {
+	path := "/root/server.crt"
+	if os.Getenv("ETCD_CERT_PATH") != "" {
+		path = os.Getenv("ETCD_CERT_PATH")
+	} else if config.Config.Server.EtcdAddresses != "" {
+		path = config.Config.Server.EtcdCertPath
+	}
+	return path
+}
+
+func GetEtcdKeyPath() string {
+	path := "/root/server.key"
+	if os.Getenv("ETCD_KEY_PATH") != "" {
+		path = os.Getenv("ETCD_KEY_PATH")
+	} else if config.Config.Server.EtcdKeyPath != "" {
+		path = config.Config.Server.EtcdKeyPath
+	}
+	return path
+}
+
+func GetEtcdCACertPath() string {
+	path := "/root/ca.crt"
+	if os.Getenv("ETCD_CA_CERT_PATH") != "" {
+		path = os.Getenv("ETCD_CA_CERT_PATH")
+	} else if config.Config.Server.EtcdCACertPath != "" {
+		path = config.Config.Server.EtcdCACertPath
+	}
+	return path
+}
+
+// IsGRPCSSL - ssl grpc on or off
+func IsEtcdSSL() bool {
+	isssl := true
+	if os.Getenv("ETCD_SSL") != "" {
+		if os.Getenv("ETCD_SSL") == "off" {
+			isssl = false
+		}
+	} else if config.Config.Server.EtcdSSL != "" {
+		if config.Config.Server.EtcdSSL == "off" {
+			isssl = false
+		}
+	}
+	return isssl
+}
+
 // GetMacAddr - get's mac address
 func getMacAddr() string {
 	ifas, err := net.Interfaces()