From 722433b4f9fa653564e4a867e4841606c92798c3 Mon Sep 17 00:00:00 2001 From: Diptanu Choudhury Date: Wed, 26 Oct 2016 11:13:53 -0700 Subject: [PATCH] Making the cli use TLS if the client has enabled TLS --- api/allocations.go | 7 +------ api/api.go | 18 ++++++++++++++++++ api/fs.go | 22 +++++++++------------- api/nodes.go | 1 + client/driver/raw_exec.go | 2 +- command/agent/agent.go | 1 + nomad/structs/structs.go | 3 +++ 7 files changed, 34 insertions(+), 20 deletions(-) diff --git a/api/allocations.go b/api/allocations.go index 92baad908..6c0dffaab 100644 --- a/api/allocations.go +++ b/api/allocations.go @@ -4,8 +4,6 @@ import ( "fmt" "sort" "time" - - "github.com/hashicorp/go-cleanhttp" ) var ( @@ -60,10 +58,7 @@ func (a *Allocations) Stats(alloc *Allocation, q *QueryOptions) (*AllocResourceU if node.HTTPAddr == "" { return nil, fmt.Errorf("http addr of the node where alloc %q is running is not advertised", alloc.ID) } - client, err := NewClient(&Config{ - Address: fmt.Sprintf("http://%s", node.HTTPAddr), - HttpClient: cleanhttp.DefaultClient(), - }) + client, err := NewClient(a.client.config.CopyConfig(node.HTTPAddr, node.TLSEnabled)) if err != nil { return nil, err } diff --git a/api/api.go b/api/api.go index 15044a7b8..07c8a5104 100644 --- a/api/api.go +++ b/api/api.go @@ -110,6 +110,24 @@ type Config struct { TLSConfig *TLSConfig } +// CopyConfig copies the configuration with a new address +func (c *Config) CopyConfig(address string, tlsEnabled bool) *Config { + scheme := "http" + if tlsEnabled { + scheme = "https" + } + config := &Config{ + Address: fmt.Sprintf("%s://%s", scheme, address), + Region: c.Region, + HttpClient: c.HttpClient, + HttpAuth: c.HttpAuth, + WaitTime: c.WaitTime, + TLSConfig: c.TLSConfig, + } + + return config +} + // TLSConfig contains the parameters needed to configure TLS on the HTTP client // used to communicate with Nomad. type TLSConfig struct { diff --git a/api/fs.go b/api/fs.go index 76648c360..c52a9329b 100644 --- a/api/fs.go +++ b/api/fs.go @@ -52,17 +52,13 @@ func (c *Client) AllocFS() *AllocFS { // getNodeClient returns a Client that will dial the node. If the QueryOptions // is set, the function will ensure that it is initalized and that the Params // field is valid. -func (a *AllocFS) getNodeClient(nodeHTTPAddr, allocID string, q **QueryOptions) (*Client, error) { - if nodeHTTPAddr == "" { +func (a *AllocFS) getNodeClient(node *Node, allocID string, q **QueryOptions) (*Client, error) { + if node.HTTPAddr == "" { return nil, fmt.Errorf("http addr of the node where alloc %q is running is not advertised", allocID) } // Get an API client for the node - nodeClientConfig := &Config{ - Address: fmt.Sprintf("http://%s", nodeHTTPAddr), - Region: a.client.config.Region, - } - nodeClient, err := NewClient(nodeClientConfig) + nodeClient, err := NewClient(a.client.config.CopyConfig(node.HTTPAddr, node.TLSEnabled)) if err != nil { return nil, err } @@ -87,7 +83,7 @@ func (a *AllocFS) List(alloc *Allocation, path string, q *QueryOptions) ([]*Allo if err != nil { return nil, nil, err } - nodeClient, err := a.getNodeClient(node.HTTPAddr, alloc.ID, &q) + nodeClient, err := a.getNodeClient(node, alloc.ID, &q) if err != nil { return nil, nil, err } @@ -108,7 +104,7 @@ func (a *AllocFS) Stat(alloc *Allocation, path string, q *QueryOptions) (*AllocF if err != nil { return nil, nil, err } - nodeClient, err := a.getNodeClient(node.HTTPAddr, alloc.ID, &q) + nodeClient, err := a.getNodeClient(node, alloc.ID, &q) if err != nil { return nil, nil, err } @@ -130,7 +126,7 @@ func (a *AllocFS) ReadAt(alloc *Allocation, path string, offset int64, limit int return nil, err } - nodeClient, err := a.getNodeClient(node.HTTPAddr, alloc.ID, &q) + nodeClient, err := a.getNodeClient(node, alloc.ID, &q) if err != nil { return nil, err } @@ -153,7 +149,7 @@ func (a *AllocFS) Cat(alloc *Allocation, path string, q *QueryOptions) (io.ReadC return nil, err } - nodeClient, err := a.getNodeClient(node.HTTPAddr, alloc.ID, &q) + nodeClient, err := a.getNodeClient(node, alloc.ID, &q) if err != nil { return nil, err } @@ -182,7 +178,7 @@ func (a *AllocFS) Stream(alloc *Allocation, path, origin string, offset int64, return nil, err } - nodeClient, err := a.getNodeClient(node.HTTPAddr, alloc.ID, &q) + nodeClient, err := a.getNodeClient(node, alloc.ID, &q) if err != nil { return nil, err } @@ -251,7 +247,7 @@ func (a *AllocFS) Logs(alloc *Allocation, follow bool, task, logType, origin str return nil, err } - nodeClient, err := a.getNodeClient(node.HTTPAddr, alloc.ID, &q) + nodeClient, err := a.getNodeClient(node, alloc.ID, &q) if err != nil { return nil, err } diff --git a/api/nodes.go b/api/nodes.go index 12b94a592..1b5b3c03b 100644 --- a/api/nodes.go +++ b/api/nodes.go @@ -102,6 +102,7 @@ type Node struct { Datacenter string Name string HTTPAddr string + TLSEnabled bool Attributes map[string]string Resources *Resources Reserved *Resources diff --git a/client/driver/raw_exec.go b/client/driver/raw_exec.go index 2834d8e35..cff793f82 100644 --- a/client/driver/raw_exec.go +++ b/client/driver/raw_exec.go @@ -95,7 +95,7 @@ func (d *RawExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (boo // Check that the user has explicitly enabled this executor. enabled := cfg.ReadBoolDefault(rawExecConfigOption, false) - if enabled { + if enabled || cfg.DevMode { if currentlyEnabled { d.logger.Printf("[WARN] driver.raw_exec: raw exec is enabled. Only enable if needed") } diff --git a/command/agent/agent.go b/command/agent/agent.go index 8a110119d..9ec74090b 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -363,6 +363,7 @@ func (a *Agent) clientConfig() (*clientconfig.Config, error) { // Set the TLS related configs conf.TLSConfig = a.config.TLSConfig + conf.Node.TLSEnabled = conf.TLSConfig.EnableHTTP return conf, nil } diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go index e0558e086..10c19fc6d 100644 --- a/nomad/structs/structs.go +++ b/nomad/structs/structs.go @@ -653,6 +653,9 @@ type Node struct { // requests HTTPAddr string + // TLSEnabled indicates if the Agent has TLS enabled for the HTTP API + TLSEnabled bool + // Attributes is an arbitrary set of key/value // data that can be used for constraints. Examples // include "kernel.name=linux", "arch=386", "driver.docker=1",