Read client key file.

internal/bmc/bmc.go

@@ -9,40 +9,33 @@ import (
 	"github.com/metal-stack/go-hal"
 	"github.com/metal-stack/go-hal/connect"
 	halzap "github.com/metal-stack/go-hal/pkg/logger/zap"
+	"github.com/metal-stack/metal-bmc/pkg/config"
 
 	"go.uber.org/zap"
 )
 
 type BMCService struct {
 	log *zap.SugaredLogger
 	// NSQ related config options
-	mqAddress        string
-	mqCACertFile     string
-	mqClientCertFile string
-	mqLogLevel       string
-	machineTopic     string
-	machineTopicTTL  time.Duration
+	mqAddress           string
+	mqCACertFile        string
+	mqClientCertFile    string
+	mqClientCertKeyFile string
+	mqLogLevel          string
+	machineTopic        string
+	machineTopicTTL     time.Duration
 }
 
-type Config struct {
-	Log              *zap.SugaredLogger
-	MQAddress        string
-	MQCACertFile     string
-	MQClientCertFile string
-	MQLogLevel       string
-	MachineTopic     string
-	MachineTopicTTL  time.Duration
-}
-
-func New(c Config) *BMCService {
+func New(log *zap.SugaredLogger, c *config.Config) *BMCService {
 	b := &BMCService{
-		log:              c.Log,
-		mqAddress:        c.MQAddress,
-		mqCACertFile:     c.MQCACertFile,
-		mqClientCertFile: c.MQClientCertFile,
-		mqLogLevel:       c.MQLogLevel,
-		machineTopic:     c.MachineTopic,
-		machineTopicTTL:  c.MachineTopicTTL,
+		log:                 log,
+		mqAddress:           c.MQAddress,
+		mqCACertFile:        c.MQCACertFile,
+		mqClientCertFile:    c.MQClientCertFile,
+		mqClientCertKeyFile: c.MQClientCertKeyFile,
+		mqLogLevel:          c.MQLogLevel,
+		machineTopic:        c.MachineTopic,
+		machineTopicTTL:     c.MachineTopicTTL,
 	}
 	return b
 }

internal/bmc/nsq.go

@@ -18,13 +18,13 @@ const (
 func (b *BMCService) InitConsumer() error {
 	caCert, err := os.ReadFile(b.mqCACertFile)
 	if err != nil {
-		return fmt.Errorf("failed to load cert: %w", err)
+		return fmt.Errorf("failed to read cert: %w", err)
 	}
 
 	caCertPool := x509.NewCertPool()
 	caCertPool.AppendCertsFromPEM(caCert)
 
-	cert, err := tls.LoadX509KeyPair(b.mqClientCertFile, b.mqClientCertFile) // FIXME: where is the key?
+	cert, err := tls.LoadX509KeyPair(b.mqClientCertFile, b.mqClientCertKeyFile)
 	if err != nil {
 		return err
 	}
@@ -45,7 +45,7 @@ func (b *BMCService) InitConsumer() error {
 
 	consumer.AddHandler(b)
 
-	err = consumer.ConnectToNSQD(b.mqAddress) // FIXME: must point to NSQd, not lookupd
+	err = consumer.ConnectToNSQD(b.mqAddress)
 	if err != nil {
 		return err
 	}

main.go

@@ -50,15 +50,7 @@ func main() {
 	}
 
 	// BMC Events via NSQ
-	b := bmc.New(bmc.Config{
-		Log:              log,
-		MQAddress:        cfg.MQAddress,
-		MQCACertFile:     cfg.MQCACertFile,
-		MQClientCertFile: cfg.MQClientCertFile,
-		MQLogLevel:       cfg.MQLogLevel,
-		MachineTopic:     cfg.MachineTopic,
-		MachineTopicTTL:  cfg.MachineTopicTTL,
-	})
+	b := bmc.New(log, &cfg)
 
 	err = b.InitConsumer()
 	if err != nil {

pkg/config/config.go

@@ -23,12 +23,13 @@ type Config struct {
 	AllowedCidrs    []string      `required:"false" default:"0.0.0.0/0" desc:"filters dhcp leases" split_words:"true"`
 
 	// NSQ connection parameters
-	MQAddress        string        `required:"false" default:"localhost:4161" desc:"set the MQ server address" envconfig:"mq_address"`
-	MQCACertFile     string        `required:"false" default:"" desc:"the CA certificate file for verifying MQ certificate" envconfig:"mq_ca_cert_file"`
-	MQClientCertFile string        `required:"false" default:"" desc:"the client certificate file for accessing MQ" envconfig:"mq_client_cert_file"`
-	MQLogLevel       string        `required:"false" default:"warn" desc:"sets the MQ loglevel (debug, info, warn, error)" envconfig:"mq_loglevel"`
-	MachineTopic     string        `required:"false" default:"machine" desc:"set the machine topic name" split_words:"true"`
-	MachineTopicTTL  time.Duration `required:"false" default:"30s" desc:"sets the TTL for MachineTopic" envconfig:"machine_topic_ttl"`
+	MQAddress           string        `required:"false" default:"localhost:4161" desc:"set the MQ server address" envconfig:"mq_address"`
+	MQCACertFile        string        `required:"false" default:"" desc:"the CA certificate file for verifying MQ certificate" envconfig:"mq_ca_cert_file"`
+	MQClientCertFile    string        `required:"false" default:"" desc:"the client certificate file for accessing MQ" envconfig:"mq_client_cert_file"`
+	MQClientCertKeyFile string        `required:"false" default:"" desc:"the client certificate key file for accessing MQ" envconfig:"mq_client_cert_key_file"`
+	MQLogLevel          string        `required:"false" default:"warn" desc:"sets the MQ loglevel (debug, info, warn, error)" envconfig:"mq_loglevel"`
+	MachineTopic        string        `required:"false" default:"machine" desc:"set the machine topic name" split_words:"true"`
+	MachineTopicTTL     time.Duration `required:"false" default:"30s" desc:"sets the TTL for MachineTopic" envconfig:"machine_topic_ttl"`
 
 	// Console Proxy parameters
 	ConsolePort       int    `required:"false" default:"3333" desc:"defines the port where to listen for incoming console connections from metal-console" envconfig:"console_port"`