added support for pki auth (#94)

* add support for pki auth

README.md

@@ -223,7 +223,7 @@ make release-docker-multi-arch
     # database password
     password=""
 
-    # authentication mode: internal (for server), external (LDAP, etc.)
+    # authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
     auth_mode=""
     ```
 

ape.toml

@@ -96,7 +96,7 @@ user = ""
 # database password
 password = ""
 
-# authentication mode: internal (for server), external (LDAP, etc.)
+# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
 auth_mode = ""
 
 # timeout for sending commands to the server node in seconds

ape.toml.template

@@ -96,7 +96,7 @@ user = "${AS_AUTH_USER}"
 # database password
 password = "${AS_AUTH_PASSWORD}"
 
-# authentication mode: internal (for server), external (LDAP, etc.)
+# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
 auth_mode = "${AS_AUTH_MODE}"
 
 # timeout for sending commands to the server node in seconds

observer.go

@@ -80,12 +80,6 @@ func newObserver(server *aero.Host, user, pass string) (o *Observer, err error)
 		config.AeroProm.MetricLabels,
 	)
 
-	// use all cpus in the system for concurrency
-	authMode := strings.ToLower(strings.TrimSpace(config.Aerospike.AuthMode))
-	if authMode != "internal" && authMode != "external" {
-		log.Fatalln("Invalid auth mode: only `internal` and `external` values are accepted.")
-	}
-
 	// Get aerospike auth username
 	username, err := getSecret(user)
 	if err != nil {
@@ -101,8 +95,21 @@ func newObserver(server *aero.Host, user, pass string) (o *Observer, err error)
 	clientPolicy := aero.NewClientPolicy()
 	clientPolicy.User = string(username)
 	clientPolicy.Password = string(password)
-	if authMode == "external" {
+
+	authMode := strings.ToLower(strings.TrimSpace(config.Aerospike.AuthMode))
+
+	switch authMode {
+	case "internal", "":
+		clientPolicy.AuthMode = aero.AuthModeInternal
+	case "external":
 		clientPolicy.AuthMode = aero.AuthModeExternal
+	case "pki":
+		if len(config.Aerospike.CertFile) == 0 || len(config.Aerospike.KeyFile) == 0 {
+			log.Fatalln("Invalid certificate configuration when using auth mode PKI: cert_file and key_file must be set")
+		}
+		clientPolicy.AuthMode = aero.AuthModePKI
+	default:
+		log.Fatalln("Invalid auth mode: only `internal`, `external`, `pki` values are accepted.")
 	}
 
 	// allow only ONE connection

tests/default_ape.toml

@@ -96,7 +96,7 @@ user = ""
 # database password
 password = ""
 
-# authentication mode: internal (for server), external (LDAP, etc.)
+# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
 auth_mode = ""
 
 # timeout for sending commands to the server node in seconds

tests/labels_ape.toml

@@ -96,7 +96,7 @@ user = ""
 # database password
 password = ""
 
-# authentication mode: internal (for server), external (LDAP, etc.)
+# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
 auth_mode = ""
 
 # timeout for sending commands to the server node in seconds

tests/ns_allowlist_ape.toml

@@ -96,7 +96,7 @@ user = ""
 # database password
 password = ""
 
-# authentication mode: internal (for server), external (LDAP, etc.)
+# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
 auth_mode = ""
 
 # timeout for sending commands to the server node in seconds

tests/ns_blocklist_ape.toml

@@ -96,7 +96,7 @@ user = ""
 # database password
 password = ""
 
-# authentication mode: internal (for server), external (LDAP, etc.)
+# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. 
 auth_mode = ""
 
 # timeout for sending commands to the server node in seconds