From 6637ad479cfdab8e9576bc13d7b07311b4429ff7 Mon Sep 17 00:00:00 2001
From: Ismail KABOUBI <ikaboubi@gmail.com>
Date: Tue, 24 Sep 2024 11:31:50 +0200
Subject: [PATCH 1/2] add essTLSCertsPath to create ESSOptions to protect
 against panic segmentation faults

Signed-off-by: Ismail KABOUBI <ikaboubi@gmail.com>
---
 cmd/provider/main.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cmd/provider/main.go b/cmd/provider/main.go
index cc949a6..64ac296 100644
--- a/cmd/provider/main.go
+++ b/cmd/provider/main.go
@@ -6,6 +6,7 @@ package main
 
 import (
 	"context"
+	"github.com/crossplane/crossplane-runtime/pkg/certificates"
 	"os"
 	"path/filepath"
 	"time"
@@ -54,6 +55,7 @@ func main() {
 		namespace                  = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
 		enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
 		enableManagementPolicies   = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool()
+		essTLSCertsPath            = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String()
 	)
 
 	kingpin.MustParse(app.Parse(os.Args[1:]))
@@ -111,6 +113,15 @@ func main() {
 		SetupFn:        clients.TerraformSetupBuilder(*terraformVersion, *providerSource, *providerVersion),
 	}
 
+	o.ESSOptions = &tjcontroller.ESSOptions{}
+	if *essTLSCertsPath != "" {
+		log.Info("ESS TLS certificates path is set. Loading mTLS configuration.")
+		tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false)
+		kingpin.FatalIfError(err, "Cannot load ESS TLS config.")
+
+		o.ESSOptions.TLSConfig = tCfg
+	}
+
 	if *enableExternalSecretStores {
 		o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind
 		log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores)

From a79aa4b7280228d8bd8041e628e21a335e87c4ec Mon Sep 17 00:00:00 2001
From: Ismail KABOUBI <ikaboubi@gmail.com>
Date: Tue, 24 Sep 2024 19:09:54 +0200
Subject: [PATCH 2/2] goimports

Signed-off-by: Ismail KABOUBI <ikaboubi@gmail.com>
---
 cmd/provider/main.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/provider/main.go b/cmd/provider/main.go
index 64ac296..e76ddc3 100644
--- a/cmd/provider/main.go
+++ b/cmd/provider/main.go
@@ -6,11 +6,12 @@ package main
 
 import (
 	"context"
-	"github.com/crossplane/crossplane-runtime/pkg/certificates"
 	"os"
 	"path/filepath"
 	"time"
 
+	"github.com/crossplane/crossplane-runtime/pkg/certificates"
+
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/feature"