resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

state/remote/atlas: Use go-rootcerts for certificate loading 

Allows CA certs to be configured via `ATLAS_CAFILE` and `ATLAS_CAPATH`
env vars, and works around https://github.com/golang/go/issues/14514 on
OS X.
This commit is contained in:
Paul Hinze 2016-05-03 08:44:35 -05:00
parent 1690a65231
commit 4ac6dda633
No known key found for this signature in database
GPG Key ID: B69DEDF2D55501C0
1 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
state/remote/atlas.go
View File

@ -3,6 +3,7 @@ package remote
import (
"bytes"
"crypto/md5"
"crypto/tls"
"encoding/base64"
"fmt"
"io"
@ -13,7 +14,9 @@ import (
"path"
"strings"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/terraform/terraform"
)
@ -90,7 +93,10 @@ func (c *AtlasClient) Get() (*Payload, error) {
}
// Request the url
client := c.http()
client, err := c.http()
if err != nil {
return nil, err
}
resp, err := client.Do(req)
if err != nil {
return nil, err
@ -169,7 +175,10 @@ func (c *AtlasClient) Put(state []byte) error {
req.ContentLength = int64(len(state))
// Make the request
client := c.http()
client, err := c.http()
if err != nil {
return err
}
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("Failed to upload state: %v", err)
@ -197,7 +206,10 @@ func (c *AtlasClient) Delete() error {
}
// Make the request
client := c.http()
client, err := c.http()
if err != nil {
return err
}
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("Failed to delete state: %v", err)
@ -247,11 +259,23 @@ func (c *AtlasClient) url() *url.URL {
}
}
func (c *AtlasClient) http() *retryablehttp.Client {
func (c *AtlasClient) http() (*retryablehttp.Client, error) {
if c.HTTPClient != nil {
return c.HTTPClient
return c.HTTPClient, nil
}
return retryablehttp.NewClient()
tlsConfig := &tls.Config{}
err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
CAFile: os.Getenv("ATLAS_CAFILE"),
CAPath: os.Getenv("ATLAS_CAPATH"),
})
if err != nil {
return nil, err
}
rc := retryablehttp.NewClient()
t := cleanhttp.DefaultTransport()
t.TLSClientConfig = tlsConfig
rc.HTTPClient.Transport = t
return rc, nil
}
// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same