From c093f4caf56d4e34f512a4892a8cac5627931035 Mon Sep 17 00:00:00 2001 From: Sean Chittenden Date: Thu, 16 Jun 2016 22:51:06 -0700 Subject: [PATCH] Teach config.ConsulConfig how to construct a consulapi TLS client. Said differently, centralize the creation of consul's client config in one place and use it everywhere. --- command/agent/consul/syncer.go | 63 ++++------------------------------ nomad/structs/config/consul.go | 44 +++++++++++++++++++++++- 2 files changed, 50 insertions(+), 57 deletions(-) diff --git a/command/agent/consul/syncer.go b/command/agent/consul/syncer.go index d811e54a3..4c000b1e9 100644 --- a/command/agent/consul/syncer.go +++ b/command/agent/consul/syncer.go @@ -25,10 +25,8 @@ package consul import ( - "crypto/tls" "fmt" "log" - "net/http" "net/url" "strings" "sync" @@ -152,66 +150,19 @@ type Syncer struct { // NewSyncer returns a new consul.Syncer func NewSyncer(consulConfig *config.ConsulConfig, shutdownCh chan struct{}, logger *log.Logger) (*Syncer, error) { + var consulClientConfig *consul.Config var err error - var c *consul.Client - - cfg := consul.DefaultConfig() - - // If a nil consulConfig was provided, fall back to the default config - if consulConfig == nil { - consulConfig = config.DefaultConsulConfig() + consulClientConfig, err = consulConfig.ApiConfig() + if err != nil { + return nil, err } - if consulConfig.Addr != "" { - cfg.Address = consulConfig.Addr - } - if consulConfig.Token != "" { - cfg.Token = consulConfig.Token - } - if consulConfig.Auth != "" { - var username, password string - if strings.Contains(consulConfig.Auth, ":") { - split := strings.SplitN(consulConfig.Auth, ":", 2) - username = split[0] - password = split[1] - } else { - username = consulConfig.Auth - } - - cfg.HttpAuth = &consul.HttpBasicAuth{ - Username: username, - Password: password, - } - } - if consulConfig.EnableSSL { - cfg.Scheme = "https" - tlsCfg := consul.TLSConfig{ - Address: cfg.Address, - CAFile: consulConfig.CAFile, - CertFile: consulConfig.CertFile, - KeyFile: consulConfig.KeyFile, - InsecureSkipVerify: !consulConfig.VerifySSL, - } - tlsClientCfg, err := consul.SetupTLSConfig(&tlsCfg) - if err != nil { - return nil, fmt.Errorf("error creating tls client config for consul: %v", err) - } - cfg.HttpClient.Transport = &http.Transport{ - TLSClientConfig: tlsClientCfg, - } - } - if consulConfig.EnableSSL && !consulConfig.VerifySSL { - cfg.HttpClient.Transport = &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, - }, - } - } - if c, err = consul.NewClient(cfg); err != nil { + var consulClient *consul.Client + if consulClient, err = consul.NewClient(consulClientConfig); err != nil { return nil, err } consulSyncer := Syncer{ - client: c, + client: consulClient, logger: logger, consulAvailable: true, shutdownCh: shutdownCh, diff --git a/nomad/structs/config/consul.go b/nomad/structs/config/consul.go index 37ef6c4fa..7f673a5c4 100644 --- a/nomad/structs/config/consul.go +++ b/nomad/structs/config/consul.go @@ -1,6 +1,10 @@ package config import ( + "crypto/tls" + "fmt" + "net/http" + "strings" "time" consul "github.com/hashicorp/consul/api" @@ -139,10 +143,48 @@ func (c *ConsulConfig) ApiConfig() (*consul.Config, error) { if c.Token != "" { config.Token = c.Token } - if c.Timeout != 0 { config.HttpClient.Timeout = c.Timeout } + if c.Auth != "" { + var username, password string + if strings.Contains(c.Auth, ":") { + split := strings.SplitN(c.Auth, ":", 2) + username = split[0] + password = split[1] + } else { + username = c.Auth + } + + config.HttpAuth = &consul.HttpBasicAuth{ + Username: username, + Password: password, + } + } + if c.EnableSSL { + config.Scheme = "https" + tlsConfig := consul.TLSConfig{ + Address: config.Address, + CAFile: c.CAFile, + CertFile: c.CertFile, + KeyFile: c.KeyFile, + InsecureSkipVerify: !c.VerifySSL, + } + tlsClientCfg, err := consul.SetupTLSConfig(&tlsConfig) + if err != nil { + return nil, fmt.Errorf("error creating tls client config for consul: %v", err) + } + config.HttpClient.Transport = &http.Transport{ + TLSClientConfig: tlsClientCfg, + } + } + if c.EnableSSL && !c.VerifySSL { + config.HttpClient.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + } + } return config, nil }