diff --git a/README.md b/README.md index f87d829e..87b9d730 100644 --- a/README.md +++ b/README.md @@ -223,7 +223,7 @@ make release-docker-multi-arch # database password password="" - # authentication mode: internal (for server), external (LDAP, etc.) + # authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode="" ``` diff --git a/ape.toml b/ape.toml index 1a66ddd7..a6951bdc 100644 --- a/ape.toml +++ b/ape.toml @@ -96,7 +96,7 @@ user = "" # database password password = "" -# authentication mode: internal (for server), external (LDAP, etc.) +# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode = "" # timeout for sending commands to the server node in seconds diff --git a/ape.toml.template b/ape.toml.template index 86885e78..ad7b02d6 100644 --- a/ape.toml.template +++ b/ape.toml.template @@ -96,7 +96,7 @@ user = "${AS_AUTH_USER}" # database password password = "${AS_AUTH_PASSWORD}" -# authentication mode: internal (for server), external (LDAP, etc.) +# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode = "${AS_AUTH_MODE}" # timeout for sending commands to the server node in seconds diff --git a/observer.go b/observer.go index 1a4dff06..50d8609f 100644 --- a/observer.go +++ b/observer.go @@ -80,12 +80,6 @@ func newObserver(server *aero.Host, user, pass string) (o *Observer, err error) config.AeroProm.MetricLabels, ) - // use all cpus in the system for concurrency - authMode := strings.ToLower(strings.TrimSpace(config.Aerospike.AuthMode)) - if authMode != "internal" && authMode != "external" { - log.Fatalln("Invalid auth mode: only `internal` and `external` values are accepted.") - } - // Get aerospike auth username username, err := getSecret(user) if err != nil { @@ -101,8 +95,21 @@ func newObserver(server *aero.Host, user, pass string) (o *Observer, err error) clientPolicy := aero.NewClientPolicy() clientPolicy.User = string(username) clientPolicy.Password = string(password) - if authMode == "external" { + + authMode := strings.ToLower(strings.TrimSpace(config.Aerospike.AuthMode)) + + switch authMode { + case "internal", "": + clientPolicy.AuthMode = aero.AuthModeInternal + case "external": clientPolicy.AuthMode = aero.AuthModeExternal + case "pki": + if len(config.Aerospike.CertFile) == 0 || len(config.Aerospike.KeyFile) == 0 { + log.Fatalln("Invalid certificate configuration when using auth mode PKI: cert_file and key_file must be set") + } + clientPolicy.AuthMode = aero.AuthModePKI + default: + log.Fatalln("Invalid auth mode: only `internal`, `external`, `pki` values are accepted.") } // allow only ONE connection diff --git a/tests/default_ape.toml b/tests/default_ape.toml index 4f95d520..9f66e4cc 100644 --- a/tests/default_ape.toml +++ b/tests/default_ape.toml @@ -96,7 +96,7 @@ user = "" # database password password = "" -# authentication mode: internal (for server), external (LDAP, etc.) +# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode = "" # timeout for sending commands to the server node in seconds diff --git a/tests/labels_ape.toml b/tests/labels_ape.toml index 980e0b9d..0c05497b 100644 --- a/tests/labels_ape.toml +++ b/tests/labels_ape.toml @@ -96,7 +96,7 @@ user = "" # database password password = "" -# authentication mode: internal (for server), external (LDAP, etc.) +# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode = "" # timeout for sending commands to the server node in seconds diff --git a/tests/ns_allowlist_ape.toml b/tests/ns_allowlist_ape.toml index abd93e60..67188596 100644 --- a/tests/ns_allowlist_ape.toml +++ b/tests/ns_allowlist_ape.toml @@ -96,7 +96,7 @@ user = "" # database password password = "" -# authentication mode: internal (for server), external (LDAP, etc.) +# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode = "" # timeout for sending commands to the server node in seconds diff --git a/tests/ns_blocklist_ape.toml b/tests/ns_blocklist_ape.toml index 3bcbee22..7cc4cf07 100644 --- a/tests/ns_blocklist_ape.toml +++ b/tests/ns_blocklist_ape.toml @@ -96,7 +96,7 @@ user = "" # database password password = "" -# authentication mode: internal (for server), external (LDAP, etc.) +# authentication mode: internal (server authentication) [default], external (e.g., LDAP), pki. auth_mode = "" # timeout for sending commands to the server node in seconds