新增 etcd 配置存储

2025-10-09 15:33:21 +08:00
parent 5fa7f683fd
commit 851ae52733
4 changed files with 249 additions and 7 deletions
--- a/pkg/middleware/config/config.go
+++ b/pkg/middleware/config/config.go
@@ -2,9 +2,12 @@ package config

 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io"
 	"net/url"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -49,6 +52,47 @@ func NewAutoConfig(src string) (KVConfig, error) {
 			return nil, err
 		}
 		return NewConfigRedis(parse.Host, pass, dbi)
+	case "etcd":
+		query := parse.Query()
+		endpoints := []string{parse.Host}
+
+		// 检查是否有多个端点
+		if endpointsStr := query.Get("endpoints"); endpointsStr != "" {
+			endpoints = strings.Split(endpointsStr, ",")
+		}
+
+		// 检查是否需要TLS认证
+		var tlsConfig *tls.Config
+		caFile := query.Get("ca-file")
+		certFile := query.Get("cert-file")
+		keyFile := query.Get("key-file")
+
+		if caFile != "" && certFile != "" && keyFile != "" {
+			caCert, err := os.ReadFile(caFile)
+			if err != nil {
+				return nil, fmt.Errorf("failed to read ca file: %v", err)
+			}
+
+			caCertPool := x509.NewCertPool()
+			if !caCertPool.AppendCertsFromPEM(caCert) {
+				return nil, fmt.Errorf("failed to add ca certificate")
+			}
+
+			cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+			if err != nil {
+				return nil, fmt.Errorf("failed to load client certificate: %v", err)
+			}
+
+			tlsConfig = &tls.Config{
+				Certificates: []tls.Certificate{cert},
+				RootCAs:      caCertPool,
+			}
+		} else if caFile != "" || certFile != "" || keyFile != "" {
+			// 部分TLS参数被提供，视为错误
+			return nil, fmt.Errorf("incomplete tls configuration, need ca-file, cert-file and key-file")
+		}
+
+		return NewConfigEtcd(endpoints, tlsConfig)
 	default:
 		return nil, fmt.Errorf("unsupported scheme: %s", parse.Scheme)
 	}